[WEB SECURITY] Blackberry apps security assessment

Chintan Dave davechintan at gmail.com
Mon Dec 17 21:59:28 EST 2012


Hi,

Thanks, I am aware of this feature. If forward proxying doesn't work out, I
was planning to use this method for intercepting.
Seems, its about time as there are not many pointers available.

Thanks,
Chintan


On Mon, Dec 17, 2012 at 4:00 PM, PortSwigger support <
support at portswigger.net> wrote:

> Hi Chintan
>
> If the app isn't honoring the proxy settings you've configured, you could
> potentially try invisible proxying via Burp. You'll need a way of
> controlling the DNS lookups on the device/emulator, enable invisible
> proxying on your Burp listener, and then redirect the outbound traffic from
> Burp to the correct destination (which might not be a problem in this
> instance).
>
> There is some (non-device-specific) help here:
>
> http://portswigger.net/burp/help/proxy_options_invisible.html
>
> Cheers
> PortSwigger
>
>
> -----Original Message-----
> From: websecurity [mailto:websecurity-bounces at lists.webappsec.org] On
> Behalf Of Chintan Dave
> Sent: 16 December 2012 06:48
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Blackberry apps security assessment
>
> Hi,
>
> I am trying to route a blackberry app via burp.
> I did some quick research and found that updating rimpublic.property file
> of MDS will do the job.
>
> I included appropriate config details under HTTPHandler and pointed it the
> ip on which my burp is running. However, the traffic from the simulator is
> still not getting routed via burp. The app is unable to connect to the
> server.
>
> So its not bypassing the proxy, but is not hitting burp either.
>
> Is anyone aware of any other method of routing the http traffic via proxy?
>
> Any help on this matter will be much appreciated.
>
> PS: HTTPS is disabled to ensure that everything uses HTTP.
>
>
>
> --
> Regards,
> Chintan Dave
>
>
>


-- 
Regards,
Chintan Dave,

LinkedIn: http://in.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20121218/9ede18fa/attachment-0003.html>


More information about the websecurity mailing list