O'Reilly logo

Mobile Application Penetration Testing by Vijay Kumar Velu

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Man-in-the-Middle (MitM) attacks

By default, for every SSL connection, when an Android app connects to a server, it validates the server's certificate and checks whether it has a valid trusted root certificate and also matches the reverse DNS (hostname). By defeating this feature, one can perform an MitM attack.

Since we have all the setup required to perform an MitM attack from Chapter 4, Loading up – Mobile Pentesting Tools, all we need to do now is turn on the proxy and set the right IP and port number in the wireless or APN settings.

When we launch our target app (FourGoats) and submit the username and password, we should be able to see the request in our proxy tool, as shown in the following screenshot:

Now let's see what changes we can do to ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required