We’re going to configure Burp Suite in this post, but if you’re partial towards another proxy, the details will differ, but this information will still apply, as the concepts are the same.įor the purpose of this tutorial, we’ll be covering how to proxy the traffic, which is useful in executing attacks such as SQL injection, CSRF, IDOR, and other common web app vulnerabilities. Those of you who are accustomed to performing web application pen tests, simply proxying mobile traffic is more than enough to get started testing mobile apps.Stay tuned for posts on how to actually perform a mobile pen test in the coming weeks and months. I’m not going to cover tactical bug hunting techniques in this post–just the setup. I will also assume that you have some general security testing or bug hunting knowledge.Setup is relatively straightforward, and these guidelines should still apply. You can also use an emulator, such as Genymotion or the one included in Android Studio.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |