r00ster Posted August 29, 2011 Share Posted August 29, 2011 Ok like everyone else who is trying to learn i've got Backtrack and messed around, done some wifi cracking and now i've progressed to tinkering with MitM attacks on my network. I've been able to successfully capture email and other ssl logins using sslstrip, but when I connect my Droid or an Iphone to my network via wifi I can't get it to sniff the login info. This is when the devices use the facebook app and not using a browser. Do those apps send out data on another port than 80? I've been googling for what I thought would be basic information on them but I have yet to find out anything about what port those apps use or the encryption. I'm assuming SSL on the encryption. Can anyone tell me what the problem is or point me towards some proper research material? Quote Link to comment Share on other sites More sharing options...
digip Posted August 29, 2011 Share Posted August 29, 2011 Its possible the apps are tied into the carrier, and don't allow use over wifi, or they explicitly enforce SSl, and don't allow http access through the app. Quote Link to comment Share on other sites More sharing options...
r00ster Posted August 29, 2011 Author Share Posted August 29, 2011 Its possible the apps are tied into the carrier, and don't allow use over wifi, or they explicitly enforce SSl, and don't allow http access through the app. I understand the part about not running through wifi even while connected that way but i'll admit the other part goes a bit over my head. Is there any way to test that idea? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 30, 2011 Share Posted August 30, 2011 (edited) I understand the part about not running through wifi even while connected that way but i'll admit the other part goes a bit over my head. Is there any way to test that idea? To test this idea, what you could do is a MITM attack on your phone. Open Wireshark on the attacker machine and then connect your phone to the WIFI and run the facebook app then go back to Wireshark and analyse the packets captured. The packets captured should tell if the facebook app is using HTTPS all the way. And with Wireshark still running, you could do a SSLStrip and see what happens. Edited August 30, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
r3b00tz Posted August 30, 2011 Share Posted August 30, 2011 (edited) As an android developer I've had the misfortune of dealing with facebook functionality.... The success of this is going to depend on the app itself, if its the actual Facebook one or one that uses the Facebook sdk, it uses single sign on with OAuth (which is an HTTPS connection), with the idea being that you don't want to handle the actual log in. If it's an older app there's no telling as they had all kinds of ways to implement. So depending on if the user has previously signed in on the device, they may never enter the login but just 'allow' the app to work with your profile. For instance I dont use facebook so when I test I have to enter a login, but after that one time every other facebook app I test just wants permission to use my profile. They've gone to a key system, so you may end up snagging the app key, which might be fun too. The facebook sdk is crap, but the point of the single sign on was solely to avoid entering usernames and passwords. Hope this helps. As far as ports and ssl, there's nothing that specifically states which is being used, but being what it is I'd say port 80 and ssl would depend on the user having it turned on or not. Edited August 30, 2011 by r3b00tz Quote Link to comment Share on other sites More sharing options...
r00ster Posted August 30, 2011 Author Share Posted August 30, 2011 I had planned on learning to use wireshark in a few weeks but your idea sounds interesting enough for me to make time this week :) Thanks dude I will post my results when I'm done. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted August 30, 2011 Share Posted August 30, 2011 Capture on all ports. Filter by HTTP Quote Link to comment Share on other sites More sharing options...
r00ster Posted August 30, 2011 Author Share Posted August 30, 2011 As an android developer I've had the misfortune of dealing with facebook functionality.... The success of this is going to depend on the app itself, if its the actual Facebook one or one that uses the Facebook sdk, it uses single sign on with OAuth (which is an HTTPS connection), with the idea being that you don't want to handle the actual log in. If it's an older app there's no telling as they had all kinds of ways to implement. So depending on if the user has previously signed in on the device, they may never enter the login but just 'allow' the app to work with your profile. For instance I dont use facebook so when I test I have to enter a login, but after that one time every other facebook app I test just wants permission to use my profile. They've gone to a key system, so you may end up snagging the app key, which might be fun too. The facebook sdk is crap, but the point of the single sign on was solely to avoid entering usernames and passwords. Hope this helps. As far as ports and ssl, there's nothing that specifically states which is being used, but being what it is I'd say port 80 and ssl would depend on the user having it turned on or not. The app on my phone, is the standard Facebook app from the marketplace. My wife is the iphone user and I have little to do with it but it would be whatever came on that phone. Like you I don't use FB either and also noticed that once you signed in it stayed signed in. I figured the -k option in sslstrip would make it have to re-authenticate. Certainly have some more options to try and if all else failed like Mr-P suggested I could take the gung-ho approach and listen on all ports. Thanks guys Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.