Now my question is why (for only a few vulnerable apps) I can easily connect to the app's server while the app itself does not show any warning when connecting to the proxy, but there is no "finished" packet or "cipher key changed" packet in Wireshark? In other words, it seems that this app is connected to its server through the proxy so it is vulnerable, but Wireshark does not show any connection with the server, or cipher key changed, or finished frame and as a result, based on observation in Wireshark, seems that the app, proxy and server do not finish the SSL handshake process completely, and I am still doubtful if the app is really vulnerable (note that the proxy's certificate is not configured on the phone, otherwise, the proxy was considered as a trusted party). I should also be able to see in Wireshark that the cell phone, the proxy and the app's server were connected to each other and finished the SSL handshake process successfully. If an app is vulnerable, the app should easily connect to its server after the login was successful and show the data in that account. Mac Catalina 10.15.2 loses Internet connection when Wireshark is capturing. Wireshark crashes in the Enabled Protocols dialog box. Wireshark crashes on 'Initializing external capture plugins' tshark crashes: reading large packet captures via luascript. Besides, I use Wireshark to see the traffic. Wireshark crashes every time I enter a frame matches longer than 5 char. I have set up a MITM proxy (as an attacker) on my lubuntu machine and set my cell phone to connect to the proxy before connecting to each app's server. I am trying to figure out if some Android applications with login functions are vulnerable to man in the middle attacks or not.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |