07/18/14

Mobile Application Security Assessment – Proxying for Windows Phone

While conducting mobile application penetration testing of Windows Phone capturing application traffic will allow penetration tester to modify the traffic and analyze the responses from the server. This is important to understand the behavior of application and to find out possible vulnerabilities in it.

In this blog we will learn how to capture application’s traffic on Windows Phone.

Burp Proxy Setting :

1.  Select Proxy tab and under Proxy tab select Option tab. Now click on Add.

2.  Enter proxy port (eg. 8080) and select All Interfaces. Now click on OK.

http://varutra.com/blog/wp-content/uploads/2014/07/Proxy.jpg

3.  Select the Proxy Listener you have created just now.

Capturing Windows Phone Traffic Using Burp Proxy :

1.  On Windows Phone navigate to Settings

Mobile Hacking-2

2.  Tap the Setting and select the WiFi

3.  After Selecting WiFi all the WiFi Network details will be shown

Mobile Hacking-3

4.  Select the WiFi Network you are connected after selecting the WiFi Network you are connected  tap to on the Proxy

5.  Under Edit Network enter Proxy IP and Port. (e.g. 10.1.1.132:8080)

Mobile Hacking-4

6.  Now http/https traffic from windows phone can be intercepted. Happy Testing  🙂 🙂 🙂

http://varutra.com/blog/wp-content/uploads/2014/07/Mobile-Hacking-5.jpg

Written By,

Attack & PenTest Team,

Varutra Consulting

To read about how to proxy for Android and iOS Devices.