Description: Most penetration testers know the headaches of testing mobile applications. Challenges like certificate pinning and wondering what files are being written to the device while the app is in use. Since Android is open source, you create your own custom OS that takes the guess work out of your test. By doing this, you can monitor HTTP/HTTPS traffic, SQLLite queries, file access and more. Because this is part of the OS, you can intercept before the data is encrypted (i.e. MiTF). And this works for all apps. No need to hook, inject or rebuild each app you test.
In this talk, I will give a high level overview of the Android OS, point out key files for modifications, and demonstrate a proof on concept with a custom OS along with a monitor showing the intercepted information.
For More Information Please Visit : - http://rvasec.com/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.