mitmproxy.org

VishalVyas14 333 views 20 slides Apr 18, 2016
Slide 1
Slide 1 of 20
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20

About This Presentation

Mitmproxy - An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed.

Size: 1.11 MB
Language: en
Added: Apr 18, 2016
Slides: 20 pages

Slide Content

mitmproxy.org An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. -Vishal Vyas

Me? Into mobile application development for 6 years Developed mobile advertising SDKs (Android and iOS)

Me? Working with a Startup from past 6 months Developed mobile advertising SDKs (Android and iOS) and I am NOT a HACKER :?

A basic mobile application Web Server Web Services Database Mobile Device Local Database (cached data) Application PLAIN TEXT, JSON, XML ...

Man in the Middle Attack?

What is mitmproxy? Web Server Web Services Database Mobile Device Local Database Application My Laptop running MITMproxy

An SSL-capable man-in-the-middle proxy Generic pentest/debug tool Interactive, console based intercept & modify Extensible – invoke Python modules What is mitmproxy?

How to … ? MITMproxy is not an attack tool! Configure it as a proxy Import the CA Root cert Run as interactive console app Or 'mitmdump' - Think tcpdump for HTTP

To get started Install pip install mitmproxy See the installation instructions for more

Start MITM proxy vishal@vishal:~$ sudo mitmproxy -b 192.168.1.108 -p 8080 --no-upstream-cert -b ADDR, --bind-address ADDR Address to bind proxy to -p PORT, --port PORT Proxy service port --no-upstream-cert Don't connect to upstream server to look up certificate details

Configure Proxy

Configure Proxy Proxy Settings To automate this step BUT! No support for Android Marshmallow

Download and Add Certificate Custom SSL certificate that allows mitmproxy to decrypt the HTTPS traffic.

Start monitoring your traffic

3G/4G connections? :(

3G/4G connections? :( BUT! You still can use your nifty hotspot feature! What you need is: a device with a 3G/4G connection the development device your laptop

How we used mitmproxy for QA testing? For mobile operator targeting Spoofing operator name(s) in the HTTP request to check if server response

Any Alternatives? Charles (Paid) Fiddler

www.hashbinary.com HashBinary Software Development Services Company Mobile Application Development Consulting

Thank You! Slides https://goo.gl/ TJHQ4I References https://medium.com/@rotxed/how-to-debug-http-s-traffic-on-android-7fbe5d2a34#.ozotqeton https://www.owasp.org/images/7/73/SlayingDragons-ccbysa30nz.pdf https://github.com/mitmproxy/mitmproxy/tree/master/examples Have any questions? Email : [email protected] Twitter : @veshalvyas
Tags
android software testing tools testing
Categories
Business Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 333
  • Slides 20
  • Favorites 1
  • Age 3514 days
Related Slideshows
DTI BPI Pivot Small Business - BUSINESS START UP PLAN 1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
CATHOLIC EDUCATIONAL Corporate Responsibilities 1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
Karin Schaupp – Evocation; lançamento: 2000 11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
Pillars of Biblical Oneness in the Book of Acts 10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
7-10. STP + Branding and Product & Services Strategies.pptx 31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
Business Legislation PPT - UNIT 1 jimllpkggg 44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views
View More in This Category