Doesn’t it bother you that you have to give up all your mobility when penetration testing Android applications and spend the majority of your time sitting in front of another device that has a running proxy? That will now be history. In this talk we will present a fully interactive proxy that runs as an overlay Android application. With this new tool, not only can we test browser contents on the go but also mobile applications that utilize web APIs. This proxy will give you the ability to modify requests and responses on the fly and act as a fuzzer, either actively or passively. The main highlight of this proxy is not the proxy itself, but the ability to utilize overlays in Android allowing a user to have a fully interactive proxy overlaying a web browser or application without the need to constantly switch between activities. The overlay can be called or minimized in a single touch when needed without affecting the already running activity, thus removing the need for a secondary device. So why waste your time setting up devices to run your proxy tool when you can do your scans while on the bus or as you try to beat your last highscore in flappy bird.
October 21, 2014 | Tech 1 (718a) | 14:40 – 15:40