Re: Security Assessment: Mobile Application on Windows Mobile 6

[Joshua Wright <jwright () hasborg com>]

On 1/12/2012 2:55 PM, Dimitrios Kapsalis wrote:
> I'm experimenting with different mobile devices and applications on each.
> For the WM6 I have an application whose traffic I'd like to capture
> using an HTTP Proxy. How can a proxy be configured for the connection? I
> saw one proxy setting in the connections menu but it does not seem to be
> working.
>
> Has anyone looked at any applications on the Windows Mobile 6 devices?

You can use Burp as a transparent proxy server.  Use Ettercap or 
arpspoof to establish a MitM connection between the WM6 device and your 
Linux box (Backtrack 5 R1 on a virtual machine is a good start), then 
use iptables to send all the HTTP traffic to Burp:

# ettercap -TqM arp:remote /172.16.0.102/ /172.16.0.1/

In this example, 172.16.0.102 is the WM6 device, and 172.16.0.1 is the 
default gateway:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Here, all traffic to port 80 is sent to the local system running Burp on 
port 8080.  This way, you don't have to rely on the crappy proxy 
implementation on WM6.

In Burp, make sure you disable proxy intercept (unless you want to 
manually forward traffic).  Then you'll be able to inspect all the HTTP 
activity, and match and replace content on the fly to perform 
client-side injection against the WM6 device.

This is something I've been writing up for the new SANS course I'm 
working on, SEC575: Mobile Phone and Tablet Security and Ethical 
Hacking.  The course is going to debut in May in San Diego, and I'm 
finishing up the section on exploiting HTTP and HTTPS rendering 
functionality on client systems today.  More information about the 
course is available at http://bit.ly/wCT86U (sans.org).

-Josh
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com