Mobile Hacking - Proxying Newer Versions of Android with Burp and Genymotion

Рет қаралды 17,153

Күн бұрын

In this video we will proxy newer versions of Android after the changes made in version 7. By proxying the current version 10 which should work in newer versions as they are released. We do this by manually modifying root certificates and installing them on Genymotion.
Associated blog with commands:
console-cowboy...
👊Please don't forget to smash those LIKE & SUBSCRIBE buttons :D
💎Donate Ether or any Ethereum-Based (ERC-20) Tokens: 0xdef4c066177CA2dA76FBDa7E249960D2a43D60D6
Contact Info:
@Ficti0n on twitter:
/ ficti0n
cclabs.io
consolecowboys.com

Пікірлер: 43

@real.xplo1t Жыл бұрын

Thanks. Your content is amazing as always

@hero2zero2000 2 жыл бұрын

Excellent instruction. Thank you!

@JesusHatesSanta 2 жыл бұрын

Thanks. Very straightforward and clear. This is still working as of July 2022.

@ConsoleCowboys 2 жыл бұрын

Thanks.. should keep working for the foreseeable future unless android re-engineers how things are handled again.. but its been the same since about 2017 after all the updates to 6.0..

@mosmoker1245 Ай бұрын

wanna ask you is this still verified for 2024 on mac m1 ?

@ConsoleCowboys Ай бұрын

Try it..

@ThanguGang 3 ай бұрын

Still my request is not getting intercept after all this process It's been a month iam stuck with this problem. plz 🙏 help me

@ConsoleCowboys 3 ай бұрын

I can try to replicate next week when I get off travel see if if this is still working for me on a new macbook..

@ThanguGang 3 ай бұрын

@@ConsoleCowboys yes please 🙏

@danieljerneholt9689 3 жыл бұрын

Thanks!

@tobimastermind4583 2 жыл бұрын

Hello, I've done all the steps, after pushing certificate and server when i try to fire up the frida server it shows me processes of my pc instead of emulator .

@deuxvlve746 Жыл бұрын

Life savior! Thank you man

@ConsoleCowboys Жыл бұрын

Yep, added that there becuase I could never find anywhere online of how to do it myself lol.

@ihabbessayah2290 3 жыл бұрын

* failed to start daemon . when i type in terminal: adb devices any fix for that :(

@whatiknowtech 3 жыл бұрын

great tut, but how do windows users go about with the linux commands , openssl commands ?

@ConsoleCowboys 3 жыл бұрын

Install a vmware/virutual box instance of linux and create them there, drag them over.. My main box is a windows box but I keep it clean of that stuff and use vmware for things like that. You are going to need linux for almost any hacking you do anyway.. so best to always have a vmware setup for development, hacking etc.

@atletien5737 3 жыл бұрын

Cmd still work with me

@tomaszwysocki3042 9 ай бұрын

good work xD

@ConsoleCowboys 7 ай бұрын

Thanks

@kevinday4874 2 жыл бұрын

I installed the CERT can send HTTP requests to the poxy. However, it says no internet for the network. Is there another setting or new update?

@ConsoleCowboys 2 жыл бұрын

I would redue all the steps. if you can send http but not https thats the normal behavior and the cert if not properly installed.. Maybe you missed a step in the video..

@GamerDeskGIR Жыл бұрын

still getting this error mv: /system/etc/security/cacerts//9a5ba575.0: Read-only file system even i did as shown in the video !! how to resolve this ?

@ConsoleCowboys Жыл бұрын

permissions issue.. probably got to focus on step 3 from the blog.. or look up additional commands if those dont work for mounting with root permission on android.. I have seen a few ways to do that when searching.

@GamerDeskGIR Жыл бұрын

@@ConsoleCowboys u mean step 3 from this video ?

@ConsoleCowboys Жыл бұрын

@@GamerDeskGIR Yep

@Savage.735 3 жыл бұрын

Nice love it thanks

@ConsoleCowboys 3 жыл бұрын

Thanks, something someone asked me for so I figure I would just upload it for everyone.. Cheers..

@taigagaming3462 6 ай бұрын

perfect

@nullpwn 3 жыл бұрын

awesome!

@ConsoleCowboys 3 жыл бұрын

Thanks!!! if it was helpful share it with your friends :)

@bigoper 2 жыл бұрын

This is addicting !!!

@mizo7627 2 жыл бұрын

Hello if i send the hash file (without using adb )to my android phone , then move it there to /etc/security/cacerts/ , does it also work in this way or should I use adb shell ? Thanks!

@ConsoleCowboys 2 жыл бұрын

ADB shell is just the common mechanism to interact with a phone or a VM, you can do it via anouther way to as long as the permissions and locations are correct. ADB is just a shell access.

@mizo7627 2 жыл бұрын

Thanks for the help! Sorry but I have 2 more questions and I hope yo could help .. 1- I stopped using genymotion and turned into Android virtualbox x86 , but there is no /security/cacerts directory , so does it work by adding It to the "add certificates" in the settings ? (The Android virtual box is rooted) 2- Is there a way to know my android local ip ?

@falkensmaze3230 3 жыл бұрын

Hello! I have a question related to car hacking. Is sniffing traffic possible while the car is off? Say you were trying to hack a car you haven't tested yet, how would you go about hacking it?

@ConsoleCowboys 3 жыл бұрын

Data is sent over the network without the car on for example opening a door.. Plug into the port of your car and see what's sent prior to it being turned on and then you will have your answer. You know how to hack something.. by starting to hack it and observing your results..

@falkensmaze3230 3 жыл бұрын

@@ConsoleCowboys Thank you for your answer. I will try that. I was curios because I know a lot of cases in which hackers were able to turn on cars using this technique.

@T1ger8oi 3 жыл бұрын

can you teach me how to copy an existing smart contract and deploy it?

@ConsoleCowboys 3 жыл бұрын

So your looking to deploy contracts to ropstien or something? You can litterally I think do that by just changing where your deploy in remix using metamask