Home Mobile Application Penetration Testing - Essentials
Post
Cancel

Mobile Application Penetration Testing - Essentials

Intercepting Traffic with Burpsuite

  • Go to phone settings, click in Wi-FIi options and configure the proxy.
  • Give a Burp certificate error when browsing with the phone.
  • Go to the url where the burp is from the mobile and click on allow in the certificate.
  • Then go to settings, general and download the certificate.
  • Then enable it and that’s it.

Other option is to use Proxyman.

OWASP Mobile Application Security Testing Guide (MASTG)

https://github.com/OWASP/owasp-mastg

Dump Memory

Fridump

Fridump is a tool used in penetration testing and reverse engineering to extract and dump sensitive data, such as credentials and encryption keys, from the memory of Android and iOS mobile applications.

Syntax:

1
fridump [-h] [-o dir] [-u] [-H HOST] [-v] [-r] [-s] [--max-size bytes] process

Download: https://github.com/rootbsd/fridump3

This post is licensed under CC BY 4.0 by the author.