In previous article, we already setup the environment of iphone Lab. In this post, we will continue to do some research with iphone applications on the environment we have installed.
Now, let’s go!
Lab 1: Secure Connection
In this lab, we will using a proxy to intercept request between the app and server. In this post, we will using Charles proxy. In this section, we will have to implement an Xcode build configurations for the environment on the iPhone. If you do not it, then you should review the installation instructions above.
Run server with command:
server will run on port 8080 and protocol http.
Now, turn on your device or emulator.
In this lab, we will check request and response between application and server(LabServer). I will have to configure MacOSX passing the proxy , there then will we be able to view the entire network traffic on the emulator.
You can config as follows:
Go to: System Preferences -> Network -> Proxies
Login with username and password default.
We can see network traffic of application on proxy. It is clear that the application is using clear-text at this point and that HTTP traffic can be trapped and modified.
In addition, you can using Wireshark to view the information transmitted on the network. I will have to listen on the loopback interface (lo0).
It is clear that the application is using clear-text at this point and that HTTP traffic can be trapped and modified.This is often the first step to attacking any mobile application and if you’ve made it this far, you now are able to fully act as a man in the middle against any iPhone application.
Lab 2: Parameter manipulation
The parameter manipulation lab is contained within the bank transfer section.
The purpose of this lab is to demonstrate that many common iPhone applications still rely on traditional web architectures or REST interfaces in the back end to perform their tasks. Often, if you’re able to trap the request, you can make the application or server act in the ways that their programmer have never ever thought about it. 😀
The first, in application we will transfer.
We will using account default Some accounts are configured by default in the Lab. I will make the transfer between them.
1. jdoe / password
○ Debit: 123456789
○ Credit: 987654321
2. bsmith / password
○ Debit: 111111111
○ Credit: 22222222
Make the transfer and view the results on the proxy.
We can now modify the “from_account” field to see if we can transfer from another account into our own!