[WEB SECURITY] Blackberry apps security assessment
davechintan at gmail.com
Mon Dec 17 21:59:28 EST 2012
Thanks, I am aware of this feature. If forward proxying doesn't work out, I
was planning to use this method for intercepting.
Seems, its about time as there are not many pointers available.
On Mon, Dec 17, 2012 at 4:00 PM, PortSwigger support <
support at portswigger.net> wrote:
> Hi Chintan
> If the app isn't honoring the proxy settings you've configured, you could
> potentially try invisible proxying via Burp. You'll need a way of
> controlling the DNS lookups on the device/emulator, enable invisible
> proxying on your Burp listener, and then redirect the outbound traffic from
> Burp to the correct destination (which might not be a problem in this
> There is some (non-device-specific) help here:
> -----Original Message-----
> From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On
> Behalf Of Chintan Dave
> Sent: 16 December 2012 06:48
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Blackberry apps security assessment
> I am trying to route a blackberry app via burp.
> I did some quick research and found that updating rimpublic.property file
> of MDS will do the job.
> I included appropriate config details under HTTPHandler and pointed it the
> ip on which my burp is running. However, the traffic from the simulator is
> still not getting routed via burp. The app is unable to connect to the
> So its not bypassing the proxy, but is not hitting burp either.
> Is anyone aware of any other method of routing the http traffic via proxy?
> Any help on this matter will be much appreciated.
> PS: HTTPS is disabled to ensure that everything uses HTTP.
> Chintan Dave
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity