Monday, June 26, 2017

Dynamic Binary Instrumentation (pt2)

Quick how to:


After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/android/qnx device ... (emulators) too in the case of android (yet to test on blackberry emulator)

get the download/s here:


moving on...

setting up on Android:

(am currently using android, so i will focus more on this)

The use case can be on any device there is enough documentation for the all the current (common) mobile OS platforms.



COMMENCE PART 2

What i aim to achieve:

Use Frida as a mobile penetration testing tool, on high end/secure (mostly banking/social media) applications

I cannot fully disclose the vulnerabilities on this applications seeing this is not ethical and in terms of responsible disclosure in the cases i find vulnerabilities.

The following cases shall be examined:

Root Check Evasion
SSL Pinning defeat
Encryption defeat
Obfuscation defeat (dynamic application mapping/reverse engineering)
Proxy bypass

I will start this in the manner they are arranged :)

(short post but should be longer practical ones after this)

REF: Frida - https://www.frida.re/

ARCHIVED

:) No longer posting, all articles should be treated as archived and outdated