[WEB SECURITY] Blackberry apps security assessment

Chintan Dave davechintan at gmail.com
Sun Dec 16 03:03:16 EST 2012


Hi Praful,

My bad - I forgot to mention that, however I am listening on all interfaces
and not just local host.

It still is not working.

Thanks,
Chintan


On Sun, Dec 16, 2012 at 1:25 PM, Praful Agarwal
<praful.agarwal at sandrock.in>wrote:

> Hi Chintan,
>
> By default, Burp is configured to listen to only Loopback Address
> (localhost,127.0.0.1).
>
> As your blackberry app is not on localhost, so please make sure that Burp
> is allowed to listen to all IP Address.
>
> *Burp Window -> Proxy -> Options -> Select the Proxy Listener -> Edit ->
> Remove the check from "listen on loopback interface only" -> Update
>
> You will be asked if "You want to listen on all interfaces" -> Yes*
>
> I hope this resolves the issue.
> --
> ..
> Regards,
> Praful Agawral
> Information Security Consultant
> Sandrock eSecurities Pvt. Ltd.
> New Delhi, India
>
> *Mobile:* +91-98185-59358
> *Skype: praful.agarwal8**
> Gmail: praful.aga at gmail.com
> Hotmail: praful.agarwal at hotmail.com
> Linked In: **in.linkedin.com/in/prafulagarwal
> Facebook: facebook.com/praful.agarwal**
> *
> On Sun, Dec 16, 2012 at 12:18 PM, Chintan Dave <davechintan at gmail.com>wrote:
>
>> Hi,
>>
>> I am trying to route a blackberry app via burp.
>> I did some quick research and found that updating rimpublic.property file
>> of MDS will do the job.
>>
>> I included appropriate config details under HTTPHandler and pointed it
>> the ip on which my burp is running. However, the traffic from the simulator
>> is still not getting routed via burp. The app is unable to connect to the
>> server.
>>
>> So its not bypassing the proxy, but is not hitting burp either.
>>
>> Is anyone aware of any other method of routing the http traffic via proxy?
>>
>> Any help on this matter will be much appreciated.
>>
>> PS: HTTPS is disabled to ensure that everything uses HTTP.
>>
>>
>>
>> --
>> Regards,
>> Chintan Dave
>>
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>>
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>
>>
>
>


-- 
Regards,
Chintan Dave,

LinkedIn: http://in.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20121216/44a4939a/attachment-0003.html>


More information about the websecurity mailing list