Categories: Authentication & AuthorizationCase StudyData PrivacyMobile Application SecurityWindows Mobile Security

Mobile Application Security Assessment – Proxying for Windows Phone

While conducting mobile application security assessment of Windows Phone capturing application traffic will allow penetration tester to modify the traffic and analyze the responses from the server. This is important to understand the behavior of application and to find out possible vulnerabilities in it.

In this blog we will learn how to capture application’s traffic on Windows Phone.

 

Burp Proxy Setting For Mobile Application Security Assessment –

1.  Select Proxy tab and under Proxy tab select Option tab. Now click on Add.

2.  Enter proxy port (eg. 8080) and select All Interfaces. Now click on OK.

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

3. 

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

Select the Proxy Listener you have created just now.

 

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

Capturing Windows Phone Traffic Using Burp Proxy :

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

1.  On Windows Phone navigate to Settings

2. 

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

Tap the Setting and select the WiFi

3. 

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

After Selecting WiFi all the WiFi Network details will be shown

4.  Select the WiFi Network you are connected after selecting the WiFi Network you are connected  tap to on the Proxy

5. 

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

Under Edit Network enter Proxy IP and Port. (e.g. 10.1.1.132:8080)

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

Normal

0

false

false

false

EN-US

X-NONE

X-NONE

/* Style Definitions */

table.MsoNormalTable

{mso-style-name:”Table Normal”;

mso-tstyle-rowband-size:0;

mso-tstyle-colband-size:0;

mso-style-noshow:yes;

mso-style-priority:99;

mso-style-qformat:yes;

mso-style-parent:””;

mso-padding-alt:0in 5.4pt 0in 5.4pt;

mso-para-margin-top:0in;

mso-para-margin-right:0in;

mso-para-margin-bottom:10.0pt;

mso-para-margin-left:0in;

line-height:115%;

mso-pagination:widow-orphan;

font-size:11.0pt;

font-family:”Calibri”,”sans-serif”;

mso-ascii-font-family:Calibri;

mso-ascii-theme-font:minor-latin;

mso-fareast-font-family:”Times New Roman”;

mso-fareast-theme-font:minor-fareast;

mso-hansi-font-family:Calibri;

mso-hansi-theme-font:minor-latin;

mso-bidi-font-family:”Times New Roman”;

mso-bidi-theme-font:minor-bidi;}

6.  Now http/https traffic from windows phone can be intercepted. Happy Testing  🙂 🙂 🙂

Written By,

Attack & PenTest Team,

Varutra Consulting

To read about how to proxy for Android and iOS Devices.

kalpadmin

Leave a Comment
Share
Published by
kalpadmin
Tags: Mobile App PentestMobile HackingProxy on Windows Phone
11 years ago

Recent Posts

The Benefits of SEBI Security Audit and Governance: Safeguarding Investors’ Interests

Introduction In an increasingly interconnected world, the financial industry is becoming more vulnerable to cyber…

2 years ago

Root Detection Bypass Vulnerabilities: A Crucial Aspect of Mobile App Security

Introduction In today's interconnected world, where smartphones are an extension of our lives, ensuring the…

2 years ago

How to Detect & Mitigate Zero-Day Threats in Your Business Infrastructure?

Introduction Unseen and unpredictable, zero-day threats loom as a constant menace to modern businesses. Detecting…

2 years ago

Common Challenges In Android Penetration Testing

Android penetration testing is a crucial aspect of ensuring the security of Android applications and…

2 years ago

Password Spraying Attacks: Detecting and Preventing Credential-Based Threats

In today's interconnected world, where cybersecurity is of paramount importance, password security plays a crucial…

2 years ago

Bug Bounty vs. Penetration Testing: Which One Is Right for You?

Introduction to Web & Mobile Application Security Assessment Web and Mobile applications have become an…

2 years ago