dannymcc Posted November 6, 2013 Posted November 6, 2013 Hi, I've just been reading and watching videos about Derren Browns show Apocalypse (http://en.wikipedia.org/wiki/Derren_Brown:_Apocalypse). In the show a penetration tester sets something up on the 'victims' iPhone which allows a continuous man-in-the-middle attack. The most interesting part was that they could add content to his apps. Tweets in Twitter and news items into the BBC news app for example. Does anyone have any idea how this could be achieved. I'd love to play around with this in my own iphone and see what I can do. For the continuous access I wondered if some sort of ios certificate was added which forces the use of a proxy? Thanks, Danny Quote
dannymcc Posted November 6, 2013 Author Posted November 6, 2013 This could be one way: http://mitmproxy.org/doc/tutorials/gamecenter.html Quote
aibohphobia Posted November 7, 2013 Posted November 7, 2013 I reckon you saw a pentester using HTTP request Hijacking. http://www.skycure.com/blog/http-request-hijacking/ In short: Twitter/BCC news app requests a feed, one spoofs the DNS request for the feed to a third party, at the third party you put a 301 redirect to a specific site (e.g. notyourtwitter.com), and the application gets the feed spoon-fed from the wrong place. Now, you would think this would all end once the iPhone moves to a different place, dns cache expires and the situation would resolve itself. But no, the application itself is caching the 301 redirect to the same specific notyourtwitter site, long after the fact. The link above describes the exploit in more detail. It's not an iOS fix that would resolve this, developers themselves need to fix this. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.