Sunday, 4 May 2014

Mobile Web Application Assessment (Android Emulator + Burpsuite)

In this tutorial, i will show how to set up an environment to perform Web Application assessment. In this tutorial, you will need to download and install the following things first:

1) Android Emulator  

2) BurpSuite 

3) Firefox Addon Proxy Selector


This tutorial assumes that you have downloaded and installed the above items. I will proceed to show how to set up the Android Emulator and Burpsuite.


1) Click on the SDK Manager
2) Click on Tools > Manage AVDs



3) Select the first AVD
4) Click Start


5) Click Launch


6) Allow Android to boot up. This can take up to 5mins


7) You will get to this screen once successfully loaded


8) Open Burpsuite and set the Specific Address to the local machine's IP address


9) On Android, go to Settings > Wireless & Networks > Mobile Networks > Access Point Names > Select the default APN > Edit Access Point and se the Proxy IP and the Port


10) Open up Firefox, go to the Proxy Selector and select Burpsuite-MobileApp (you may need to change the IP address accordingly to your given IP address)

*Take note that upon installing the Proxy Selector addon, you will need to set up the proxy settings manually before you can perform this portion.


11) Open the Browser in Android and ensure that BurpSuite Interceptor is set to On.
12) Traffic will be intercepted by Burp proxy.

There You Go! Now You Have My Permission to Intercept!

No comments:

Post a Comment