Cyber Defense eMagazine October Edition for 2021

More documents

Recommendations

Info

Intercepting data traffic via iPhone Intercepting data traffic via iPhone By Jordan Marcus Bonagura Introduction This article aims to demonstrate in a simplified way different approach for capturing and intercepting network traffic data originating from an iPhone device. Obviously, the iPhone is not the only device subject to these approaches, and the strategies presented here are not the only ones capable of performing such intercepts. The simplest way to get this data is to use a proxy server. In the first part of this article, we will adopt BURP software to exemplify this operation. After collecting the data, we will analyze the packages of a given application and its connection to the WEB services. However, if the objective is a more detailed analysis of the traffic of an application that uses communication ports other than WEB requests, we can diversify the strategy and use a remote virtual interface (RVI), as we will demonstrate in the second part of this article. Cyber Defense eMagazine – October 2021 Edition 44 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Part 1 - Using a Proxy Server – BURP When we mention the use of a proxy server, we are basically referring to intercepting and analyzing requests related to the HTTP (Hypertext Transfer Protocol), whether the one with the TLS (Transport Layer Security) security layer or not. Some of the applications we have on our smartphones still only use the HTTP protocol, which means that data travels in plain text form, that is, without any encryption, making sensitive information fully exposed to any attacker who adopts techniques man in the middle. To configure our proxy, the first step is to open BURP software, by default the interface it will be listening to will be the equipment itself, that is, the IP address 127.0.0.1 and port 8080 as we can see in the image below: In BURP every capture is by default related to the local machine, but to execute our strategy of intercepting the data that will reach our server through the iPhone we will need to add the internal IP of the local machine in the Specific address field. Note that in this case we adopt the IP 192.168.1.102 with port 8081. Once BURP is configured, let's go to iPhone: Cyber Defense eMagazine – October 2021 Edition 45 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: The Top 6 Cyber Attacks Of 2021 So
Page 3 and 4: Protecting SMBs from Current Cybers
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: Cyber Defense eMagazine - October 2
Page 35 and 36: #2 Florida’s water system A hacke
Page 37 and 38: Raise Cyber Security Awareness: Whe
Page 39 and 40: Source Code Protection Market Do we
Page 41 and 42: of script administration, no backup
Page 43: to steal “the keys to the kingdom
Page 47 and 48: Below we have an example of interce
Page 49 and 50: Having the device UUID and being co
Page 51 and 52: In the second part, we demonstrate
Page 53 and 54: Currently, we are bound to use tech
Page 55 and 56: You can be a hacker too! Remember,
Page 57 and 58: The Brutal Reality of Brute Force A
Page 59 and 60: Multi-factor authentication is one
Page 61 and 62: Why outdated software poses cyberse
Page 63 and 64: About the Author Roman Davydov is a
Page 65 and 66: What data security risks do communi
Page 67 and 68: Is the Edge Really Secure? By Cheta
Page 69 and 70: Or, let’s spend some time discuss
Page 71 and 72: accessible. Different agencies have
Page 73 and 74: Making Sure the Lights Don’t Go O
Page 75 and 76: Gösgen’s IT Security Officer, Fr
Page 77 and 78: MFA works a few different ways, but
Page 79 and 80: Get Ahead of the Game: Packet Captu
Page 81 and 82: investigations and the ability to t
Page 83 and 84: Thousands of Fortinet VPN Account C
Page 85 and 86: and operating costs. FIDO2 is the s
Page 87 and 88: As ports have been steadily ramping
Page 89 and 90: About the Author Working at the int
Page 91 and 92: Today’s Threat Landscape The 2021
Page 93 and 94: Thwarting Today’s Phishing Attack
Page 95 and 96:
Security is Everyone’s Job Employ
Page 97 and 98:
CapitalOne data breach occurred as
Page 99 and 100:
About eSentire eSentire Inc., is th
Page 101 and 102:
Complying with regulations Security
Page 103:
Cyber Defense eMagazine - October 2
Page 106 and 107:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Free Monthly Cyber Defense eMagazin
Page 117 and 118:
show all

Cyber Defense eMagazine October Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?