mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-23 20:43:03 +00:00
Create Android Appsec (Kotlin) HTTP & HTTPS Traffic.md
This commit is contained in:
parent
893ba7818a
commit
5d3904f0ed
1 changed files with 60 additions and 0 deletions
60
Android/Android Appsec (Kotlin) HTTP & HTTPS Traffic.md
Normal file
60
Android/Android Appsec (Kotlin) HTTP & HTTPS Traffic.md
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
# Android-Pentesting- Android Appsec (Kotlin) HTTP & HTTPS Traffic
|
||||||
|
|
||||||
|
Android Appsec is an intentionally made vulnerable application made by https://twitter.com/hpandro1337 for educating about securtiy in android applications for learning purposes so I will be taking a look into intercepting HTTP and HTTPS traffic which comes in SSL pinning and it's a security flaw that developers leave in their applications as if one could intercept the requests being made from the application he can read the secrets , plain text data if not encrypted
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/mU3VSFw.png"/>
|
||||||
|
|
||||||
|
|
||||||
|
To intercept the requets on burp suite we need to first install the certificate , this can be installed quite easilty.
|
||||||
|
|
||||||
|
You can follow this guide to install burp's certificate
|
||||||
|
|
||||||
|
https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-android-device
|
||||||
|
|
||||||
|
After installing the certificate , make sure that your burp's listener is running on all interfaces
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/TxlPb6K.png"/>
|
||||||
|
|
||||||
|
Add the IP address of your host machine in the network's proxy configuration
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/nUDU52U.png"/>
|
||||||
|
|
||||||
|
Now let's test this to see if we can intercept HTTP traffic
|
||||||
|
|
||||||
|
## Intercepting HTTP Traffic
|
||||||
|
|
||||||
|
As we click on Reload button while having the intercept turned on we can intercept the request
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/ID0GD5k.png"/>
|
||||||
|
|
||||||
|
Send the request to repeater to get the response
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/dEmXlGj.png"/>
|
||||||
|
|
||||||
|
|
||||||
|
## Intercepting HTTPS Traffic
|
||||||
|
|
||||||
|
Now intercepting https traffic may or maynot be easy as this is where ssl pinning comes in
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/snJxUaY.png"/>
|
||||||
|
|
||||||
|
As you can see this is not intercepting https traffic even tho we have added the burp certificate , so it will only allow the https traffic only through a trusted certificate so we need to bypass this , this can bypassed through `objection`
|
||||||
|
|
||||||
|
```
|
||||||
|
objection --gadget com.hpandro.androidsecurity explore
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
android sslpinning disable
|
||||||
|
```
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/mv8ol6j.png"/>
|
||||||
|
|
||||||
|
Now if we try to intercept it , it will work
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/eyExK2m.png"/>
|
||||||
|
|
||||||
|
<img src="https://i.imgur.com/jdZaWeR.png"/>
|
||||||
|
|
||||||
|
## References
|
||||||
|
- https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-android-device
|
Loading…
Reference in a new issue