Analysis of Android app packet capture vulnerability mining on Windows

0x01 general idea

With 75% of the market share of Android, various Android applications are emerging, followed by a wave of vulnerabilities. In various markets, almost all applications connected to the network are opened at will. This gives users a pleasant experience while also giving us an opportunity to explore vulnerabilities.

Currently, both web pages and network-based Android applications must use the http protocol to communicate with the server, submit user changes, or obtain desired information, we will discuss how to capture http protocol packets on windows to find potential vulnerabilities.

0x02 Platform Construction

Since we want to explore Android Application vulnerabilities on the windows platform, we need to find a way to run Android applications on the computer. We use the third-party Android Simulator "BlueStacks ", and a Chinese auxiliary software "powerful assistant" url: http://www.shouzhi.net.cn/z/bluestacks.html software is not bloated, the function is very powerful. The built-in Android system is a custom system with no starters. you can install GO desktop as the starter in the Force assistant.
This is what it looks like after the installation. It is similar to the android pad, and the touch screen shows great performance:

For external apk application import, you can use the function in.

The Android app can run on the computer, and the key step is packet capture. The famous Wireshark is competent for this task. Url: After the http://dlsw.baidu.com/sw-search-sp/soft/01/15788/Wireshark-win32-1.11.2.1339076454.exe is installed, the startup interface is like this:

Click the interface list button to select the NIC:

Click the start button of the package to go to the listener. Wireshark can capture all the network packets. For this article, we only need to capture the data packets sent by the get and post methods. Otherwise, hundreds of data packets in one second will be useless.
Enter a filter statement in the box to filter out the get and post packages: http. request. method = "GET" or http. request. method = "POST"

Okay, now we can catch all the post and get request packets (note that wireshark listens to the NIC, and all applications in the computer will get the packets, so be sure to identify and distinguish them ), test opening the web page in the simulator to capture the page perfectly.

0x03 practice

After completing the preparations, we can start to explore the vulnerabilities. Because popular recommendation applications are free of charge and vulnerabilities are not discovered, paid applications need to pay first to trigger function interception of http packets .....
As a result, we started from a special application where we tested the app with 58 points and a mobile phone to make money. Url: http://www.58jf.com/one-click automatic registration after installation. Simply put, the method to make money for this application is to let us download, install, and give us points, points can be exchanged for prizes, 1 W points = 1 yuan. To benefit new users, You can reward points for basic tasks. The first task is to improve user information and reward 2 k points. Good. Let's start with this task of improving user data. Enter the information normally first (after the materials are visually filled out, they cannot be changed through normal channels, and they can only be recharged to the account entered here during the redemption process. Of course, you can also change the information with vulnerabilities in the future, it's just a little effort)

Do not click OK. Remember to enable wireshark monitoring before clicking OK...
After confirming that the packet can be captured properly, click OK. After the successful submission is returned, press ctrl + e in wireshark to terminate the packet capture and analyze the packets captured in the following seconds:

This is obviously a get request to submit information to the server. We use the information group selected in the figure to synthesize the url. The request is submitted successfully!
Let's look at the number of points.

0x04 reflection

From the above case, we have learned how to capture the external sending of Android apps. Through this method, we can dig out many vulnerabilities in many apps. Presumably this is an excellent ~
The entire black box test process requires almost no code. You only need to understand some basic knowledge. I hope you can draw up more vulnerabilities from other applications.