Monday, 18 May 2015

How to simulate man in the middle attack in android emulator?

I am new to pen-testing. Yesterday i analysed one android application using dex2jar application and i saw an android application implemented https connection using empty trust manager.
class miTM implements  javax.net.ssl.X509TrustManager{

    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws java.security.cert.CertificateException{
        return;
    }
In the above code checkServerTrusted method is empty so this application is vulnerable to MITM attacks.
I created a certificate using openssl and installed vulnerable android application in emulator.
Now how can i perform man in the middle attack in android emulator using sslsniff or any other tools?

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)