Mobile Hacking - Proxying Newer Versions of Android with Burp and Genymotion
Рет қаралды 16,285
3 жыл бұрынIn this video we will proxy newer versions of Android after the changes made in version 7. By proxying the current version 10 which should work in newer versions as they are released. We do this by manually modifying root certificates and installing them on Genymotion.
Associated blog with commands:
console-cowboys.blogspot.com/...
👊Please don't forget to smash those LIKE & SUBSCRIBE buttons :D
💎Donate Ether or any Ethereum-Based (ERC-20) Tokens: 0xdef4c066177CA2dA76FBDa7E249960D2a43D60D6
Contact Info:
@Ficti0n on twitter:
/ ficti0n
cclabs.io
consolecowboys.com
@real.xplo1t Жыл бұрын
Thanks. Your content is amazing as always
@JesusHatesSanta Жыл бұрын
Thanks. Very straightforward and clear. This is still working as of July 2022.
@ConsoleCowboys Жыл бұрын
Thanks.. should keep working for the foreseeable future unless android re-engineers how things are handled again.. but its been the same since about 2017 after all the updates to 6.0..
@hero2zero2000 Жыл бұрын
Excellent instruction. Thank you!
@tobimastermind4583 Жыл бұрын
Hello, I've done all the steps, after pushing certificate and server when i try to fire up the frida server it shows me processes of my pc instead of emulator .
@deuxvlve746 Жыл бұрын
Life savior! Thank you man
@ConsoleCowboys Жыл бұрын
Yep, added that there becuase I could never find anywhere online of how to do it myself lol.
@ihabbessayah2290 2 жыл бұрын
* failed to start daemon . when i type in terminal: adb devices any fix for that :(
@Sharedbook 2 жыл бұрын
This is addicting !!!
@danieljerneholt9689 3 жыл бұрын
Thanks!
@whatiknowtech6887 3 жыл бұрын
great tut, but how do windows users go about with the linux commands , openssl commands ?
@ConsoleCowboys 3 жыл бұрын
Install a vmware/virutual box instance of linux and create them there, drag them over.. My main box is a windows box but I keep it clean of that stuff and use vmware for things like that. You are going to need linux for almost any hacking you do anyway.. so best to always have a vmware setup for development, hacking etc.
@atletien5737 2 жыл бұрын
Cmd still work with me
@falkensmaze3230 3 жыл бұрын
Hello! I have a question related to car hacking. Is sniffing traffic possible while the car is off? Say you were trying to hack a car you haven't tested yet, how would you go about hacking it?
@ConsoleCowboys 3 жыл бұрын
Data is sent over the network without the car on for example opening a door.. Plug into the port of your car and see what's sent prior to it being turned on and then you will have your answer. You know how to hack something.. by starting to hack it and observing your results..
@falkensmaze3230 3 жыл бұрын
@@ConsoleCowboys Thank you for your answer. I will try that. I was curios because I know a lot of cases in which hackers were able to turn on cars using this technique.
@mizo7627 2 жыл бұрын
Hello if i send the hash file (without using adb )to my android phone , then move it there to /etc/security/cacerts/ , does it also work in this way or should I use adb shell ? Thanks!
@ConsoleCowboys 2 жыл бұрын
ADB shell is just the common mechanism to interact with a phone or a VM, you can do it via anouther way to as long as the permissions and locations are correct. ADB is just a shell access.
@mizo7627 2 жыл бұрын
Thanks for the help! Sorry but I have 2 more questions and I hope yo could help .. 1- I stopped using genymotion and turned into Android virtualbox x86 , but there is no /security/cacerts directory , so does it work by adding It to the "add certificates" in the settings ? (The Android virtual box is rooted) 2- Is there a way to know my android local ip ?
@tomaszwysocki3042 6 ай бұрын
good work xD
@ConsoleCowboys 4 ай бұрын
Thanks
@Savage.735 3 жыл бұрын
Nice love it thanks
@ConsoleCowboys 3 жыл бұрын
Thanks, something someone asked me for so I figure I would just upload it for everyone.. Cheers..
@kevinday4874 2 жыл бұрын
I installed the CERT can send HTTP requests to the poxy. However, it says no internet for the network. Is there another setting or new update?
@ConsoleCowboys 2 жыл бұрын
I would redue all the steps. if you can send http but not https thats the normal behavior and the cert if not properly installed.. Maybe you missed a step in the video..
@nullpwn 3 жыл бұрын
awesome!
@ConsoleCowboys 3 жыл бұрын
Thanks!!! if it was helpful share it with your friends :)
@T1ger8oi 3 жыл бұрын
can you teach me how to copy an existing smart contract and deploy it?
@ConsoleCowboys 3 жыл бұрын
So your looking to deploy contracts to ropstien or something? You can litterally I think do that by just changing where your deploy in remix using metamask
@taigagaming3462 3 ай бұрын
perfect
@ThanguGang 22 күн бұрын
Still my request is not getting intercept after all this process It's been a month iam stuck with this problem. plz 🙏 help me
@ConsoleCowboys 22 күн бұрын
I can try to replicate next week when I get off travel see if if this is still working for me on a new macbook..
@ThanguGang 22 күн бұрын
@@ConsoleCowboys yes please 🙏
@elcapitanodeltimbuktu1O1sir 3 жыл бұрын
How About SSL Unpinning App ?
@ConsoleCowboys 3 жыл бұрын
If you want to do that your going to have to do a bit of reversing and remove those requirements.
@GamerDeskGIR Жыл бұрын
still getting this error mv: /system/etc/security/cacerts//9a5ba575.0: Read-only file system even i did as shown in the video !! how to resolve this ?
@ConsoleCowboys Жыл бұрын
permissions issue.. probably got to focus on step 3 from the blog.. or look up additional commands if those dont work for mounting with root permission on android.. I have seen a few ways to do that when searching.
@GamerDeskGIR Жыл бұрын
@@ConsoleCowboys u mean step 3 from this video ?
@ConsoleCowboys Жыл бұрын
@@GamerDeskGIR Yep
Black Hills Information Security
Рет қаралды 12 М.
Jason Ford {JSON:SEC}
Рет қаралды 84 М.
The Spiffing Brit
Рет қаралды 1,3 МЛН
Intigriti
Рет қаралды 15 М.
Braincatchers
Рет қаралды 7 МЛН
Юлия Смирнова
Рет қаралды 2,8 МЛН