i EXPLOITME MOBILE IPHONE LABS- Secure Connection & Parameter manipulation – All things in moderation

EXPLOITME MOBILE IPHONE LABS- Secure Connection & Parameter manipulation

Hi all!
In previous article, we already setup the environment of iphone Lab. In this post, we will continue to do some research with iphone applications on the environment we have installed.
Now, let’s go!

Lab 1: Secure Connection

In this lab, we will using a proxy to intercept request between the app and server. In this post, we will using Charles proxy. In this section, we will have to implement an Xcode build configurations for the environment on the iPhone. If you do not it, then you should review the installation instructions above.
Run server with command:

python app.py

server will run on port 8080 and protocol http.
Now, turn on your device or emulator.

iphone emulator

In this lab, we will check request and response between application and server(LabServer). I will have to configure MacOSX passing the proxy , there then will we be able to view the entire network traffic on the emulator.
You can config as follows:

Go to: System Preferences -> Network -> Proxies

config proxy on MacOSx

config proxy on MacOSx

config_proxy_on_macosx

Login with username and password default.

We can see network traffic of application on proxy. It is clear that the application is using clear-text at this point and that HTTP traffic can be trapped and modified.

network_traffic

In addition, you can using Wireshark to view the information transmitted on the network. I will have to listen on the loopback interface (lo0).

wireshark

It is clear that the application is using clear-text at this point and that HTTP traffic can be trapped and modified.This is often the first step to attacking any mobile application and if you’ve made it this far, you now are able to fully act as a man in the middle against any iPhone application.

Lab 2: Parameter manipulation

The parameter manipulation lab is contained within the bank transfer section.
The purpose of this lab is to demonstrate that many common iPhone applications still rely on traditional web architectures or REST interfaces in the back end to perform their tasks. Often, if you’re able to trap the request, you can make the application or server act in the ways that their programmer have never ever thought about it. 😀

The first, in application we will transfer.

bank transfer

We will using account default Some accounts are configured by default in the Lab. I will make the transfer between them.
1. jdoe / password
○ Debit: 123456789
○ Credit: 987654321
2. bsmith / password
○ Debit: 111111111
○ Credit: 22222222
Make the transfer and view the results on the proxy.

view bank transfer on proxy

We can now modify the “from_account” field to see if we can transfer from another account into our own!

bank_transfer

Leave a Reply