Hacking Android by CLARK TERRY D

Author:CLARK, TERRY D. [CLARK, TERRY D.]
Language: eng
Format: epub
Publisher: UNKNOWN
Published: 2020-10-31T00:00:00+00:00

6. To install the certificate, navigate to Settings | Personal | Security |

Credential storage | Install from Storage go to .cer file.

7. Fill in any name of your choice for the CA. You need to set the PIN if you are not already using it for certificate storage:

8. We will receive a BurpProxy is Installed message, if everything went well.

9. We can verify the certificate by going to Trusted credentials :

10. The following screen will appear after tapping on the Trusted credentials option:

11. We can see that the PortSwigger CA certificate is installed and we can say goodbye to the certificate warnings.

Installing the Burp CA certificate gets rid of the annoying popups and helps to save some time for testers.

HSTS – HTTP Strict Transport Security

HSTS policy helps supported clients in avoiding cookie stealing and protocol downgrade attacks. When a user tries to access a website HTTP, HSTS policy automatically redirects the client to https connection and if the server's certificate is untrusted it doesn't let the user accept the warning and continue. HSTS is enabled by using the following header:

Strict-Transport-Security: max-age=31536000

By adding the CA certificate into a trusted store, the redirection doesn't raise a certificate warning, thereby helping testers save some time.

Bypassing certificate pinning

In the previous section, we learnt how to intercept SSL traffic of Android applications. This section shows how to bypass a special scenario called SSL/ Certificate Pinning where apps perform an additional check to validate the SSL connection. In the previous section, we learnt that Android devices come with a set of trusted CAs and they check if the target server's certificate is provided by any of these trusted CAs. Though this increases the security of data in transit to prevent MITM attacks, it is very easy to compromise the device's trust store and install a fake certificate and convince the device to trust the servers whose certificates are not provided by a trusted CA. The concept of Certificate Pinning is introduced to prevent this possibility of adding a certificate to the device's trust store and compromising the SSL connections.

With SSL pinning, it is assumed that the app knows which servers it communicates with. We take the SSL certificate of this server and add it to the application. Now the application doesn't need to rely on the device's trust store, rather it makes its own checks verifying if it is communicating with the server whose certificate is already stored inside this application. This is how SSL pinning works.

Twitter is one of the very first popular apps that has implemented SSL pinning. Multiple ways have been evolved to bypass SSL pinning in Android apps. One of the easiest ways to bypass SSL pinning is to decompile the app binary and patchSSL validation methods.

It is suggested to read the following paper written by Denis Andzakovic, to achieve this:

http://www.security-assessment.com/files/documents/whitepapers/ Bypassing%20SSL%20Pinning%20on%20Android%20via%20Reverse%20 Engineering.pdf

Additionally, a tool called AndroidSSLTrustKiller is made available by iSecPartners to bypass SSL pinning. This is a Cydia Substrate extension which bypasses SSL pinning by setting up breakpoints atHttpsURLConnection.setSocketFactory() and modifying the local variables.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.