dannymcc Posted November 6, 2013 Share Posted November 6, 2013 Hi, I've just been reading and watching videos about Derren Browns show Apocalypse (http://en.wikipedia.org/wiki/Derren_Brown:_Apocalypse). In the show a penetration tester sets something up on the 'victims' iPhone which allows a continuous man-in-the-middle attack. The most interesting part was that they could add content to his apps. Tweets in Twitter and news items into the BBC news app for example. Does anyone have any idea how this could be achieved. I'd love to play around with this in my own iphone and see what I can do. For the continuous access I wondered if some sort of ios certificate was added which forces the use of a proxy? Thanks, Danny Quote Link to comment Share on other sites More sharing options...
dannymcc Posted November 6, 2013 Author Share Posted November 6, 2013 This could be one way: http://mitmproxy.org/doc/tutorials/gamecenter.html Quote Link to comment Share on other sites More sharing options...
aibohphobia Posted November 7, 2013 Share Posted November 7, 2013 I reckon you saw a pentester using HTTP request Hijacking. http://www.skycure.com/blog/http-request-hijacking/ In short: Twitter/BCC news app requests a feed, one spoofs the DNS request for the feed to a third party, at the third party you put a 301 redirect to a specific site (e.g. notyourtwitter.com), and the application gets the feed spoon-fed from the wrong place. Now, you would think this would all end once the iPhone moves to a different place, dns cache expires and the situation would resolve itself. But no, the application itself is caching the 301 redirect to the same specific notyourtwitter site, long after the fact. The link above describes the exploit in more detail. It's not an iOS fix that would resolve this, developers themselves need to fix this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.