[WEB SECURITY] Blackberry apps security assessment

Andreas Schmidt webappsec at siberas.de
Tue Dec 18 02:57:21 EST 2012


Hi Chintan,

you don't have to run your app on linux. All you have to do is to
configure your Blackberry to use the linux system on which WATOBO is
running as its default gateway. When you use WATOBO in transparent mode
you don't even have to change the proxy settings of your Blackberry.

You will find a detailed how-to here
http://siberas.blogspot.de/2012/08/watobo-099-supports-transparent-mode.html

Regards,
Andy

Am 18.12.2012 03:52, schrieb Chintan Dave:
> Hi Andreas, the version of Blackberry JDE the app is being built on -
> I don't think it comes with support for simulators for Linux platform.
> However, I'll still check if I can port it to Linux.
>
> None the less, i'd still love to check your proxy out. Thanks for
> bringing it to my notice. I'll let you know should I need any further
> help.
>
> Thanks,
> Chintan 
>
>
> On Mon, Dec 17, 2012 at 12:44 PM, Andreas Schmidt
> <webappsec at siberas.de <mailto:webappsec at siberas.de>> wrote:
>
>     Hi Chintan,
>
>     I don't now how to do it with burp, but you could try it with
>     WATOBO which supports transparent proxy mode (on linux).
>     You find a brief description here
>     http://siberas.blogspot.de/2012/08/watobo-099-supports-transparent-mode.html
>
>     regards,
>     andy
>
>     PS:"I'm the author of WATOBO, so if you run into problems please
>     contact me"
>
>
>     Am 16.12.2012 07:48, schrieb Chintan Dave:
>>     Hi,
>>
>>     I am trying to route a blackberry app via burp. 
>>     I did some quick research and found that updating
>>     rimpublic.property file of MDS will do the job.
>>
>>     I included appropriate config details under HTTPHandler and
>>     pointed it the ip on which my burp is running. However, the
>>     traffic from the simulator is still not getting routed via burp.
>>     The app is unable to connect to the server. 
>>
>>     So its not bypassing the proxy, but is not hitting burp either.
>>
>>     Is anyone aware of any other method of routing the http traffic
>>     via proxy?
>>
>>     Any help on this matter will be much appreciated.
>>
>>     PS: HTTPS is disabled to ensure that everything uses HTTP.
>>
>>
>>
>>     -- 
>>     Regards,
>>     Chintan Dave
>>
>>
>>     _______________________________________________
>>     The Web Security Mailing List
>>
>>     WebSecurity RSS Feed
>>     http://www.webappsec.org/rss/websecurity.rss
>>
>>     Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>     WASC on Twitter
>>     http://twitter.com/wascupdates
>>
>>     websecurity at lists.webappsec.org <mailto:websecurity at lists.webappsec.org>
>>     http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
>
> -- 
> Regards,
> Chintan Dave,
>
> LinkedIn: http://in.linkedin.com/in/chintandave
> Blog:http://www.chintandave.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20121218/101e9971/attachment-0003.html>


More information about the websecurity mailing list