[WEB SECURITY] Blackberry apps security assessment

PortSwigger support support at portswigger.net
Mon Dec 17 05:30:26 EST 2012


Hi Chintan

If the app isn't honoring the proxy settings you've configured, you could potentially try invisible proxying via Burp. You'll need a way of controlling the DNS lookups on the device/emulator, enable invisible proxying on your Burp listener, and then redirect the outbound traffic from Burp to the correct destination (which might not be a problem in this instance).

There is some (non-device-specific) help here:

http://portswigger.net/burp/help/proxy_options_invisible.html

Cheers
PortSwigger


-----Original Message-----
From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of Chintan Dave
Sent: 16 December 2012 06:48
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Blackberry apps security assessment

Hi,

I am trying to route a blackberry app via burp. 
I did some quick research and found that updating rimpublic.property file of MDS will do the job.

I included appropriate config details under HTTPHandler and pointed it the ip on which my burp is running. However, the traffic from the simulator is still not getting routed via burp. The app is unable to connect to the server. 

So its not bypassing the proxy, but is not hitting burp either.

Is anyone aware of any other method of routing the http traffic via proxy?

Any help on this matter will be much appreciated.

PS: HTTPS is disabled to ensure that everything uses HTTP.



-- 
Regards,
Chintan Dave






More information about the websecurity mailing list