Man-In-The-Front: Modifying the Android OS for Mobile Application Testing presented at Converge 2014

by Ray Kelly,

Summary : Speakers Ray Kelly Converge Conference DetroitMost penetration testers know the headaches of testing mobile applications. Challenges like certificate pinning and wondering what files are being written to the device while the app is in use. Since Android is open source, you create your own custom OS that takes the guess work out of your assessment. By doing this, you can monitor HTTP/HTTPS traffic, SQL Lite queries, file access and more. Since this is part of the OS, you can intercept the data before it is encrypted (i.e. MiTF). This works for all apps, no need to hook, inject or rebuild each app you test. This saves you time and helps you deliver accurate results.