For the last few years, the Pen Testing division of the SANS Institute has been publishing Hack Challenges for the Holiday Seasons.
This year is no different, Santa Clause has been kidnapped and is our job to find clues around the village and across time and cyberspace that help us rescue him from some evil conspirator.
My Setup:
On my laptop computer I'm running:
- Windows 10 Anniversary edition with BASH on Ubuntu - because it's the new thing, honestly, it's not very reliable, still extremely beta, but it's helpful.
- VirtualBox with Kali Linux - the Swiss Knife of Hacking tools
- Android Studio with Emulator running on Windows
- Emulated a Nexus S with API 18
On Kali I used Burp Suite - because the Repeater is just way better than "curling all the things" 😎
Burp Suite was very important, the repeater gives you a better visual understanding of what's going on and let's you catch very quickly those typos.
I could have run it on Windows but with Kali I had other tools I might have needed, so why bother reinstalling it.
Once you have all this, just point your phone to use Burp as a proxy (emulator @MyPhone -http-proxy <burp-ip>:<burp_port>) and push Burp's certificate to the phone:
- Download cacert.der using your browser http://burp and click the "CA Certificate"
- Rename cacert.der to cacert.cer
- Run adb push cacert.cer /mnt/sdcard
- From an adb shell, run: chmod 644 /mnt/sdcard/cacert.cer
- On your phone go to Settings -> Security -> Install from SD card, and chose the cacert file
Official instructions from Portswigger here.
And that should do it, you're ready to play 😃
No comments:
Post a Comment