Android
OpenSSL, Certpinning and Memory patching. Sounds fun right?
This blogpost will cover the research I presented at BSides JoBurg. You can watch the talk on YouTube, and code can be found on our GitHub page. This journey started after having looked at some certificate-pinned apps. The majority of apps that appear to implement cert pinning, don’t actually have cert pinning but rather just use a custom trust manager or are not proxy aware (this also applies to things…
Intercepting HTTPS Communication in Flutter: Going Full Hardcore Mode with Frida
tl;dr In this blog post, I will share insights I learned while researching the Flutter framework and the reFlutter tool. It will dive deep into Flutter’s architecture, some of its inner workings and dependencies, and finally, drill down into the SSL verification logic. The post will end by exploring what the reFlutter tool actually does and my attempts at replicating the same behaviour with Frida. Note: If you are in…
Android Application Testing Using Windows 11 and Windows Subsystem for Android
With the release of windows 11, Microsoft announced the Windows Subsystem for Android or WSA. This following their previous release, Windows Subsystem for Linux or WSL. These enable you to run a virtual Linux or Android environment directly on your Windows Operating System, without the prerequisite compatibility layer provided by third-party software. In this post I’ll show you how to use WSA for Android mobile application pentesting, such that you…
Android Application Specific Proxies, Easy Mode
In this post I want to share two things. First, a quick primer on how you would you go about navigating the source code when contributing to objection, and secondly an application specific proxy feature I added to it. While on holiday I wanted to look into a certain mobile application that dealt with medical information. I was mostly interested in the data that was sent and received by the…
Multiple Android User Profiles
I was recently on a mobile assessment where you could only register one profile on the app, per device. To use another account you had to first deactivate the profile and then register a new one. I wasn’t sure whether that would invalidate the original token especially since my goal was to test authorisation issues against the backend. Sure, I could have tested whether the token was invalidated or not,…
tip toeing past android 7’s network security configuration
In late Jan, someone opened an Github issue in the objection repository about Android 7’s Network Security Configuration. The issue author included a blogpost from the NCC group about this very topic which included some very helpful bits of information (which you should totally read). Naturally, I wanted to enhance objection to be able to get past this new security feature, so the testing began. I installed a Burp CA…
Kwetza: Infecting Android Applications
This blog post describes a method for backdooring Android executables. After describing the manual step, I will show how to do the same with a new tool, Kwetza, that I’m releasing today. Infecting Android applications provides a great way to determine the impact and affect of the malicious activities we see in the wild, from ransomware to practical jokes. This not only provides you with an entry point onto user devices,…
PwnBank en route to Vegas
Everyone has a mobile phone (ok some have two) and the wealth of information people put into them is staggering. This single platform gives attackers an incredibly large attack surface area to target, so it’s no surprise we *love* owning mobile devices. With this in mind, the countdown to Blackhat USA has begun and we will be launching our latest iteration of the Mobile hacking course to the eager and…
Android hooking with Introspy
Here’s my first blog where I’ll try to write up how I’ve managed to set up the Introspy framework for the Android emulator. First things first, if you haven’t downloaded the Android SDK do it now from here. I am on Ubuntu 14.04 x64 machine but hopefully you will be able to follow this guide as long as you are on a modern linux system. Sidenote: Since you are gonna…
Page 1 of 1