This is mainly due to the fact that the Java program runs in the Java Virtual Machine (JVM). Trying to use proxychains with the Java version of Gnirehtet does not work. It is a tool that hooks network-related functions to redirect traffic to a proxy according to a configuration file. I thought of using proxychains for the job. Next, the traffic needs be routed to Burp. The main difference being that Rust consumes less CPU/memory. The relay server has two flavours: Java & Rust. The project has two components: an Android APK (client) and a relay server. This allows the Android device to use the internet connection of a PC over adb. Recently I have bumped into Gnirehtet, a project that provides reverse tethering over adb. In this blogpost, I am going to present a setup using Gnirehtet and proxychains. In such case, a new setup needs to be prepared. In addition, sometimes it is required to perform a pentest from the corporate IP range, therefore traffic should pass through the analyst’s intercepting software and go through the corporate VPN. Consider the case where the analyst’s PC is using a corporate VPN which isolates the PC and blocks all incoming connections from the mobile phone on the same network: However, in some cases, the previously mentioned setup is not ideal. This is the simplest setup that should work in most cases. Typically, an intercepting software such as Burp Suite Pro is configured on the PC to listen on all incoming connections. The proxy settings on the mobile phone are configured to point to the analyst’s PC. Traditionally, to inspect traffic for Android apps, the mobile phone and the security analyst’s PC are connected to the same Wi-Fi hotspot.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |