Unsafe Data Transmission¶
When a mobile application is designed, the data is exchanged in a client-server fashion. When this data is exchanged it can traverse both a carrier network and the internet. For sensitive data, if the application is coded poorly, threat agents can use techniques to view this sensitive data while it is in the mode of travel. Obviously, you would not want sensitive information like passwords, credit card numbers, or other sensitive data traveling without some sort of encryption, generally.
There are many attack patterns some are:
MITM with Burp Suite - Intercepting HTTP and SSL Traffic¶
-
Configure a mobile proxy to the Host IP address and PORT 8082, suitable and set Burp Suite listener to PORT 8082.
-
All the traffic intercept within the burp suit.
MITM with Burp Suite - Intercepting HTTP and SSL Traffic¶
-
Configure a mobile proxy to the host IP address and PORT 8082, and set the Burp Suite listener to PORT 8082.
-
All the traffic intercept within the burp suit.
MITM with TCPDump¶
-
Before executive tcpdump give it rwx permission by chmod 777 tcpdump
-
Now executive tcpdump by ./tcpdump -v -s 0 -w {file}.pcap
-
Once process is done stop capturing packet and open it with Wireshark