Mobile Device Exploitation Cookbook

Reading local data in Windows phone

Stealing data from Blackberry applications

Stealing data from Windows phones applications

Configuring traffic interception settings for Blackberry phones

Setting up the Windows phone pentesting environment

Setting up the Windows phone development environment and simulator

Setting up the Blackberry pentesting environment

Setting up the Blackberry development environment and simulator

Introduction

Chapter 5. Working with Other Platforms

Bypassing SSL certificate validation in Android and iOS

Using a mobile configuration profile to set up a VPN and intercept traffic in iOS devices

Performing SSL traffic interception by certificate manipulation

WebKit attacks on mobile applications

Configuring traffic interception with iOS

Analyzing traffic and extracting sensitive information from iOS App traffic

Using MITM proxy to modify and attack

Intercepting traffic using Burp Suite and Wireshark

Configuring traffic interception with Android

Setting up the wireless pentesting lab for mobile devices

Introduction

Chapter 4. Attacking Mobile Application Traffic

Launching intent injection in Android

Other application-based attacks in mobile devices

Discovering data leakage sources

Insecure encryption in mobile apps

Finding client-side injection

Finding vulnerabilities in WAP-based mobile apps

Examining iOS App Data storage and Keychain security vulnerabilities

Auditing iOS application using a dynamic analyzer

Auditing iOS application using static analysis

Using Drozer to find vulnerabilities in Android applications

Auditing Android apps a using a dynamic analyzer

Auditing Android apps using static analysis

Introduction

Chapter 3. Auditing Mobile Applications

Analyzing malware in the iOS environment

Reverse engineering iOS applications

Permission model bypassing in Android

Writing custom malware for Android from scratch

Using Androguard for malware analysis

Analyzing an Android malware sample

Introduction

Chapter 2. Mobile Malware-Based Attacks

Introduction to rooting and jailbreaking

Setting up the iOS pentesting environment

Setting up the Android pentesting environment

Creating a simple iOS app and running it in the simulator

Setting up the iOS development environment - Xcode and iOS simulator

Bypassing Android lock screen protection

Analyzing the Android permission model using ADB

Creating a simple Android app and running it in an emulator

Installing and configuring Android SDK and ADB

Introduction

Chapter 1. Introduction to Mobile Security

Customer support

Reader feedback

Conventions

Sections

Who this book is for

What you need for this book

What this book covers

Preface

eBooks discount offers and more

www.PacktPub.com

About the Reviewer

About the Authors

Credits

版权页

封面

封面

版权页

Credits

About the Authors

About the Reviewer

www.PacktPub.com

eBooks discount offers and more

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Conventions

Reader feedback

Customer support

Chapter 1. Introduction to Mobile Security

Introduction

Installing and configuring Android SDK and ADB

Creating a simple Android app and running it in an emulator

Analyzing the Android permission model using ADB

Bypassing Android lock screen protection

Setting up the iOS development environment - Xcode and iOS simulator

Creating a simple iOS app and running it in the simulator

Setting up the Android pentesting environment

Setting up the iOS pentesting environment

Introduction to rooting and jailbreaking

Chapter 2. Mobile Malware-Based Attacks

Introduction

Analyzing an Android malware sample

Using Androguard for malware analysis

Writing custom malware for Android from scratch

Permission model bypassing in Android

Reverse engineering iOS applications

Analyzing malware in the iOS environment

Chapter 3. Auditing Mobile Applications

Introduction

Auditing Android apps using static analysis

Auditing Android apps a using a dynamic analyzer

Using Drozer to find vulnerabilities in Android applications

Auditing iOS application using static analysis

Auditing iOS application using a dynamic analyzer

Examining iOS App Data storage and Keychain security vulnerabilities

Finding vulnerabilities in WAP-based mobile apps

Finding client-side injection

Insecure encryption in mobile apps

Discovering data leakage sources

Other application-based attacks in mobile devices

Launching intent injection in Android

Chapter 4. Attacking Mobile Application Traffic

Introduction

Setting up the wireless pentesting lab for mobile devices

Configuring traffic interception with Android

Intercepting traffic using Burp Suite and Wireshark

Using MITM proxy to modify and attack

Analyzing traffic and extracting sensitive information from iOS App traffic

Configuring traffic interception with iOS

WebKit attacks on mobile applications

Performing SSL traffic interception by certificate manipulation

Using a mobile configuration profile to set up a VPN and intercept traffic in iOS devices

Bypassing SSL certificate validation in Android and iOS

Chapter 5. Working with Other Platforms

Introduction

Setting up the Blackberry development environment and simulator

Setting up the Blackberry pentesting environment

Setting up the Windows phone development environment and simulator

Setting up the Windows phone pentesting environment

Configuring traffic interception settings for Blackberry phones

Stealing data from Windows phones applications

Stealing data from Blackberry applications

Reading local data in Windows phone