[WEB SECURITY] Blackberry apps security assessment

Praful Agarwal praful.agarwal at sandrock.in
Sun Dec 16 02:55:01 EST 2012


Hi Chintan,

By default, Burp is configured to listen to only Loopback Address
(localhost,127.0.0.1).

As your blackberry app is not on localhost, so please make sure that Burp
is allowed to listen to all IP Address.

*Burp Window -> Proxy -> Options -> Select the Proxy Listener -> Edit ->
Remove the check from "listen on loopback interface only" -> Update

You will be asked if "You want to listen on all interfaces" -> Yes*

I hope this resolves the issue.
-- 
..
Regards,
Praful Agawral
Information Security Consultant
Sandrock eSecurities Pvt. Ltd.
New Delhi, India

*Mobile:* +91-98185-59358
*Skype: praful.agarwal8**
Gmail: praful.aga at gmail.com
Hotmail: praful.agarwal at hotmail.com
Linked In: **in.linkedin.com/in/prafulagarwal
Facebook: facebook.com/praful.agarwal**
*
On Sun, Dec 16, 2012 at 12:18 PM, Chintan Dave <davechintan at gmail.com>wrote:

> Hi,
>
> I am trying to route a blackberry app via burp.
> I did some quick research and found that updating rimpublic.property file
> of MDS will do the job.
>
> I included appropriate config details under HTTPHandler and pointed it the
> ip on which my burp is running. However, the traffic from the simulator is
> still not getting routed via burp. The app is unable to connect to the
> server.
>
> So its not bypassing the proxy, but is not hitting burp either.
>
> Is anyone aware of any other method of routing the http traffic via proxy?
>
> Any help on this matter will be much appreciated.
>
> PS: HTTPS is disabled to ensure that everything uses HTTP.
>
>
>
> --
> Regards,
> Chintan Dave
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20121216/a8d903c5/attachment-0003.html>


More information about the websecurity mailing list