[WEB SECURITY] Blackberry apps security assessment
davechintan at gmail.com
Sun Dec 16 03:03:16 EST 2012
My bad - I forgot to mention that, however I am listening on all interfaces
and not just local host.
It still is not working.
On Sun, Dec 16, 2012 at 1:25 PM, Praful Agarwal
<praful.agarwal at sandrock.in>wrote:
> Hi Chintan,
> By default, Burp is configured to listen to only Loopback Address
> As your blackberry app is not on localhost, so please make sure that Burp
> is allowed to listen to all IP Address.
> *Burp Window -> Proxy -> Options -> Select the Proxy Listener -> Edit ->
> Remove the check from "listen on loopback interface only" -> Update
> You will be asked if "You want to listen on all interfaces" -> Yes*
> I hope this resolves the issue.
> Praful Agawral
> Information Security Consultant
> Sandrock eSecurities Pvt. Ltd.
> New Delhi, India
> *Mobile:* +91-98185-59358
> *Skype: praful.agarwal8**
> Gmail: praful.aga at gmail.com
> Hotmail: praful.agarwal at hotmail.com
> Linked In: **in.linkedin.com/in/prafulagarwal
> Facebook: facebook.com/praful.agarwal**
> On Sun, Dec 16, 2012 at 12:18 PM, Chintan Dave <davechintan at gmail.com>wrote:
>> I am trying to route a blackberry app via burp.
>> I did some quick research and found that updating rimpublic.property file
>> of MDS will do the job.
>> I included appropriate config details under HTTPHandler and pointed it
>> the ip on which my burp is running. However, the traffic from the simulator
>> is still not getting routed via burp. The app is unable to connect to the
>> So its not bypassing the proxy, but is not hitting burp either.
>> Is anyone aware of any other method of routing the http traffic via proxy?
>> Any help on this matter will be much appreciated.
>> PS: HTTPS is disabled to ensure that everything uses HTTP.
>> Chintan Dave
>> The Web Security Mailing List
>> WebSecurity RSS Feed
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>> WASC on Twitter
>> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity