[WEB SECURITY] Blackberry apps security assessment

Chintan Dave davechintan at gmail.com
Mon Dec 17 21:59:28 EST 2012


Thanks, I am aware of this feature. If forward proxying doesn't work out, I
was planning to use this method for intercepting.
Seems, its about time as there are not many pointers available.


On Mon, Dec 17, 2012 at 4:00 PM, PortSwigger support <
support at portswigger.net> wrote:

> Hi Chintan
> If the app isn't honoring the proxy settings you've configured, you could
> potentially try invisible proxying via Burp. You'll need a way of
> controlling the DNS lookups on the device/emulator, enable invisible
> proxying on your Burp listener, and then redirect the outbound traffic from
> Burp to the correct destination (which might not be a problem in this
> instance).
> There is some (non-device-specific) help here:
> http://portswigger.net/burp/help/proxy_options_invisible.html
> Cheers
> PortSwigger
> -----Original Message-----
> From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On
> Behalf Of Chintan Dave
> Sent: 16 December 2012 06:48
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Blackberry apps security assessment
> Hi,
> I am trying to route a blackberry app via burp.
> I did some quick research and found that updating rimpublic.property file
> of MDS will do the job.
> I included appropriate config details under HTTPHandler and pointed it the
> ip on which my burp is running. However, the traffic from the simulator is
> still not getting routed via burp. The app is unable to connect to the
> server.
> So its not bypassing the proxy, but is not hitting burp either.
> Is anyone aware of any other method of routing the http traffic via proxy?
> Any help on this matter will be much appreciated.
> PS: HTTPS is disabled to ensure that everything uses HTTP.
> --
> Regards,
> Chintan Dave

Chintan Dave,

LinkedIn: http://in.linkedin.com/in/chintandave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20121218/9ede18fa/attachment-0003.html>

More information about the websecurity mailing list