Pentesting Android applications
Hi all, I would like to talk about the coolness of android applications. So if you want to perform a security review an android app, how will you go about it? There are so many ways to go about this, i will highlight some of the ways I use. 1) Most android applications work just like Web applications, they send out HTTP requests using POST and GET methods. So a cool thing to do is to intercept and capture these requests, make modifications and monitor responses (which can also be intercepted and modified). So how can this be done? A sweet way to achieve this is by proxying all traffic from the application on your phone through a proxy tool such as Burp Suite (coolest tool for me). Now how can you direct that phone traffic to your Burp Suite which is probably running on a laptop or system? Well, you can use a great android tool called "Proxy Droid" to direct the traffic to the IP address and port on which the burp suite is listening. You can connect them to the same wire...