We will perform mobile penetration testing in this session. We have connected an IPhone and have a Windows 7 machine. We will use Fiddler for this which only runs on Windows which can be downloaded from the internet. First of all we will get our IP address by doing ipconfig. It is 192.168.1.111. Open fiddler, go to Tools->Telerik Fiddler->Options and then under Connections, tick ‘Allow remote computers to connect’ and set the port output 8888.
Go to the iPhone and go to Wi-Fi settings. We have to make sure that we are on the same network on iPhone and Windows. Set HTTP proxy server to 192.168.1.111 and port to 8888. Now we will proxy traffic from iPhone through to fiddler. For e.g. if we open CNN on iPhone, we can see a whole bunch of HTTP calls being made to CNN. If we click on any Get request and redirect request and look at the text view in the headers, etc. we can see what the app is actually doing in the background. CNN is using HTTP, but there are some apps which are protected. If we go to Instagram, we see that it does not want to refresh the feed because there is a tunnel trying to be created and as a result Instagram is protected.
We will first of all clear all the fiddler logs. Then go to the iPhone and open the vulnerable WordPress site made by us. Log in to the site with username test2 and password Password123. Here we are using a browser for the site but if we had a web app that had the credentials for HTTP then we will get all the traffic. Here if we go to the packet 302, and look at the web forms we can see in clear text the username and password we have entered for the site.
The purpose of this video was to show that by proxying the traffic of the services running in the background, we can see what exactly the apps are trying to do.
Go back to CNN and see all the web services that it is calling, we can copy the URL and paste it into WordPad. This is the actual call being made. If we paste it into a web browser, the actual XML or other script is loaded. This makes clear how cell phone actually connect back end services. The two are part of the same ecosystem.
Ethical Hacking Tutorial: Mobile Attacks Lab Session Video: