Sunday, August 21, 2016

Combining power of Fiddler with Burp

Both are pretty powerful tools when it comes to intercept and modify http communications. But at some point of time, they become even more powerful combo if tied with each other. They complement each other. In a recent pentest I came across a similar situation where in Burp was not able to intercept a specific kind of traffic and Fiddler came to rescue.

The application was designed to upload video. The initial communication was straight forward, I mean logging into application, filling up the video details etc. And all these were easily captured by Burp except the point where you hit the Upload Video and it connects to a different server and surprisingly it was not captured by Burp, not sure why, even after repeated attempts. So, I fired Fiddler to see if the it sees this request. But it's a;ways to play with requests using Burp due to it's various functionalities like, Intruder, Repeaters etc. But it was necessary to capture this request in Burp.

So the below steps can be performed:

1, First start the Fiddler and let it run on it's default port (8888).

2. In outgoing stream settings inside Fddler, provide the following settings: https://; http://
3. Start the burp, specify the same port under proxy settings: 127.0.0.1:8080

Now run both in parallel, Fiddler will feed all the requests to Burp, which in turn will now capture the requests which it was not able to do earlier.

Now once, the request is captured, perform your needed activity in Burp- Scanner, Intruder, Repeater etc.!

Friday, July 1, 2016

Stripping the iOS binary of unneeded symbols

Sometimes the iOS binary contains the symbol table which provides information about symbols linking a specific function in the binary. Presence of symbol tables make run time analysis of the binary easy for the attackers using gdb, cycript tools etc. So, it's recommended to strip the symbols off the binary.

The following commands shows the symbols linked to the funcion:
 # nm
0001556ad t _mySecretFuncion

An easy way to strip them is to use Strip command or strip the symbol table of C/C++ function information is by going into Xcode and changing around the Deployment Postprocessingand Strip Linked Product flags to YES.






















Thursday, June 9, 2016

When sqlite3 is unavailable

Sometime we come across cases, where sqlite3 is not available on the android device and we are stuck with pull and push of sqlite3 from emulator or our client machine to the android device.
I saw a lot of articles around using adb to pull and push the sqlite3 binray. Nothing worked for me due to some reasons.
I tried to the following effective way:

1. Install SFTPserver app on your android device. Configure and run it.
2. Install some SFTP client at your client machine, I used Cyberduck at my Mac.
3. The twist was, even I was able to connect to the android device files and folders, was not able to read the Data folder where the SQLite database resides., including other folders. Then either you should install a SFTP server with root privileges, maybe that was the reason behind above.
4. So, in this case, I did an ssh to my android device, (use ssh server on the android device and run it).
5. Run the cat /data/data/package_name/.../example.db > /sdcard/example.db
6. Now access the db file using Cyberduck on your client machine (Mac).
7. Open the db file using any sqlite browser at Mac.

That's it.

Wednesday, June 8, 2016

Warning: Remote Host Identification Has Changed error and solution

Ok, let me admit, I trapped in this issue again. This time the old remedy of running ssh-keygen -R did not work. Phew!

I did this :
went to cd /Users/nilesh/.ssh/ at my client machine and removed the following files:

known_hosts and known_hosts.old


Ran the ssh command once again, it asked for new RSA keys, accept it and the client machine would be added into list of new hosts.

And you are done. Now ssh connects properly.

Sunday, May 29, 2016

Nice read about hacking with SWIFT

https://www.theguardian.com/technology/2016/apr/26/international-bank-transfer-system-hacked-swift-group-admits

Tuesday, April 19, 2016

Provision file installation error- ios security testing-0xe800801a

Sometimes we get provision file along with the original ipa file for installation and security testing of ios apps. Earlier during old versions of ios such as 4  or5 we used to have a tool called iphone configuration utility tool which was used to provision the file. Now Apple has deprecated the utility so we have to install both using itunes.
Recently I faced repeated errors while trying to install provision file. Very similar to this:



This happens when you get the provision file through emails, which gets corrupted due the mail server issues, which throws the above error when trying to install. So the solution is it to ask the project team to send it again in zipped format- this solved my error.



Tuesday, March 1, 2016

When you face error while installing Drozer

Finally after doing  a lot of research while getting while getting the following error while installing Drozer on OSx/ linux:

"The following error occurred while trying to add or remove files in the
installation directory:

    [Errno 13] Permission denied: '/Library/Python/2.7/site-packages/test-easy-install-3959.pth'

The installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /Library/Python/2.7/site-packages/

Perhaps your account does not have write access to this directory?  If the
installation directory is a system-owned directory, you may need to sign in
as the administrator or "root" account.  If you do not have administrative
access to this machine, you may wish to choose a different installation
directory, preferably one that is listed in your PYTHONPATH environment

variable................"

This happens due to the fact that you don't have root permissions or write privileges. So, to enable root privilege:

$ dsenableroot

And then ,

sudo easy_install

and you are done! Phew!! :)