Mobile Device Exploitation Cookbook
图书信息
| 作者 | Prashant Verma,Akshay Dixit |
| 出版社 | Packt Publishing |
| ISBN | 9781783558735 |
| 出版时间 | 2016-06-01 |
| 字数 | 110.6万 |
| 分类 | Packt Publishing,进口书,外文原版书,电脑,网络 |
读书简介
Over 40 recipes to master mobile device penetration testing with open source tools About This Book Learn application exploitation for popular mobile platforms Improve the current security level for mobile platforms and applications Discover tricks of the trade with the help of code snippets and screenshots Who This Book Is For This book is intended for mobile security enthusiasts and penetration testers who wish to secure mobile devices to prevent attacks and discover vulnerabilities to protect devices. What You Will Learn Install and configure Android SDK and ADB Analyze Android Permission Model using ADB and bypass Android Lock Screen Protection Set up the iOS Development Environment - Xcode and iOS Simulator Create a Simple Android app and iOS app and run it in Emulator and Simulator respectively Set up the Android and iOS Pentesting Environment Explore mobile malware, reverse engineering, and code your own malware Audit Android and iOS apps using static and dynamic analysis Examine iOS App Data storage and Keychain security vulnerabilities Set up the Wireless Pentesting Lab for Mobile Devices Configure traffic interception with Android and intercept Traffic using Burp Suite and Wireshark Attack mobile applications by playing around with traffic and SSL certificates Set up the Blackberry and Windows Phone Development Environment and Simulator Setting up the Blackberry and Windows Phone Pentesting Environment Steal data from Blackberry and Windows phones applications In Detail Mobile attacks are on the rise. We are adapting ourselves to new and improved smartphones, gadgets, and their accessories, and with this network of smart things, come bigger risks. Threat exposure increases and the possibility of data losses increase. Exploitations of mobile devices are significant sources of such attacks. Mobile devices come with different platforms, such as Android and iOS. Each platform has its own feature-set, programming language, and a different set of tools. This means that each platform has different exploitation tricks, different malware, and requires a unique approach in regards to forensics or penetration testing. Device exploitation is a broad subject which is widely discussed, equally explored by both Whitehats and Blackhats. This cookbook recipes take you through a wide variety of exploitation techniques across popular mobile platforms. The journey starts with an introduction to basic exploits on mobile platforms and reverse engineering for Android and iOS platforms. Setup and use Android and iOS SDKs and the Pentesting environment. Understand more about basic malware attacks and learn how the malware are coded. Further, perform security testing of Android and iOS applications and audit mobile applications via static and dynamic analysis. Moving further, you'll get introduced to mobile device forensics. Attack mobile application traffic and overcome SSL, before moving on to penetration testing and exploitation. The book concludes with the basics of platforms and exploit tricks on BlackBerry and Windows Phone. By the end of the book, you will be able to use variety of exploitation techniques across popular mobile platforms with stress on Android and iOS. Style and approach This is a hands-on recipe guide that walks you through different aspects of mobile device exploitation and securing your mobile devices against vulnerabilities. Recipes are packed with useful code snippets and screenshots.
目录
Mobile Device Exploitation Cookbook
Mobile Device Exploitation Cookbook
Credits
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Introduction to Mobile Security
Introduction
Installing and configuring Android SDK and ADB
Getting ready
How to do it...
How it works...
There's more...
See also
Creating a simple Android app and running it in an emulator
Getting ready
How to do it...
See also
Analyzing the Android permission model using ADB
Getting ready
How to do it...
How it works...
There's more...
See also
Bypassing Android lock screen protection
Getting ready
How to do it...
How it works...
There's more...
Setting up the iOS development environment - Xcode and iOS simulator
Getting ready
How to do it...
How it works...
There's more...
See also
Creating a simple iOS app and running it in the simulator
Getting ready
How to do it...
How it works...
There's more...
See also
Setting up the Android pentesting environment
Getting ready
How to do it...
How it works...
There's more...
Setting up the iOS pentesting environment
Getting ready
How to do it...
How it works...
There's more...
Introduction to rooting and jailbreaking
Getting ready
How to do it...
Rooting
Jailbreaking
How it works...
Rooting
Jailbreaking
2. Mobile Malware-Based Attacks
Introduction
Analyzing an Android malware sample
Getting ready
How to do it...
How it works...
There's more...
Using Androguard for malware analysis
Getting ready
How to do it...
There's more...
Writing custom malware for Android from scratch
Getting ready
How to do it...
How it works...
There's more...
See also
Permission model bypassing in Android
Getting ready
How to do it...
How it works...
There's more...
See also
Reverse engineering iOS applications
Getting ready
How to do it...
How it works...
Analyzing malware in the iOS environment
Getting ready
How to do it...
How it works...
3. Auditing Mobile Applications
Introduction
Auditing Android apps using static analysis
Getting ready
How to do it...
How it works...
There's more...
See also
Auditing Android apps a using a dynamic analyzer
Getting ready
How to do it...
How it works...
There's more...
See also
Using Drozer to find vulnerabilities in Android applications
Getting ready
How to do it...
How it works...
There's more...
See also
Auditing iOS application using static analysis
Getting ready
How to do it...
How it works...
There's more...
See also
Auditing iOS application using a dynamic analyzer
Getting ready
How to do it...
How it works...
There's more...
See also
Examining iOS App Data storage and Keychain security vulnerabilities
Getting ready
How to do it...
How it works...
There's more...
Finding vulnerabilities in WAP-based mobile apps
Getting ready
How to do it...
There's more...
See also
Finding client-side injection
Getting ready
How to do it...
There's more...
See also
Insecure encryption in mobile apps
Getting ready
How to do it...
How it works...
An example of weak custom implementation
There's more...
See also
Discovering data leakage sources
Getting ready
How to do it...
How it works...
There's more...
See also
Other application-based attacks in mobile devices
Getting ready
How to do it...
How it works...
M5: Poor Authorization and Authentication
M8: Security Decisions via Untrusted Inputs
M9: Improper Session Handling
See also
Launching intent injection in Android
Getting ready
How to do it...
How it works...
There's more...
See also
4. Attacking Mobile Application Traffic
Introduction
Setting up the wireless pentesting lab for mobile devices
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring traffic interception with Android
Getting ready
How to do it...
How it works...
There's more...
See also
Intercepting traffic using Burp Suite and Wireshark
Getting ready
How to do it...
How it works...
There's more...
See also
Using MITM proxy to modify and attack
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring traffic interception with iOS
Getting ready
How to do it...
How it works...
There's more...
See also
Analyzing traffic and extracting sensitive information from iOS App traffic
Getting ready
How to do it...
There's more...
See also
WebKit attacks on mobile applications
Getting ready
How to do it...
How it works...
There's more...
See also
Performing SSL traffic interception by certificate manipulation
Getting ready
How to do it...
How it works...
There's more...
See also
Using a mobile configuration profile to set up a VPN and intercept traffic in iOS devices
Getting ready
How to do it...
How it works...
There's more...
See also
Bypassing SSL certificate validation in Android and iOS
Getting ready
How to do it...
How it works...
There's more...
See also
5. Working with Other Platforms
Introduction
Setting up the Blackberry development environment and simulator
Getting ready
How to do it...
How it works...
There's more...
See also
Setting up the Blackberry pentesting environment
Getting ready
How to do it...
How it works...
There's more...
See also
Setting up the Windows phone development environment and simulator
Getting ready
How to do it...
How it works...
There's more...
See also
Setting up the Windows phone pentesting environment
Getting ready
How to do it...
How it works...
There's more...
See also
Configuring traffic interception settings for Blackberry phones
Getting ready
How to do it...
Case 1 - Using MDS server and Blackberry simulator
Case 2 - Blackberry 10 simulators
Case 3 - Blackberry 10 phones
How it works...
There's more...
See also
Stealing data from Windows phones applications
Getting ready
How it works...
There's more...
See also
Stealing data from Blackberry applications
Getting ready
How to do it...
How it works...
There's more...
See also
Reading local data in Windows phone
Getting ready
How to do it...
How it works...
There's more...
See also
NFC-based attacks
Getting ready
How to do it...
How it works...
Eavesdropping
Data tampering
Data fuzzing
There's more...
See also
- 经济数学-微积分习题解答(安徽财经大学大学数学教学研究中心)
- “新时代万有文库”公羊传(刘跃进)
- 纸上王国(邓安庆)
- 姚明(1)(读书堂)
- 大白鲸童话森林·樟树公寓的十二家房客(梅瑜)
- 00后整顿职场指南(赵雪)
- ARM 9嵌入式开发基础与实例进阶(光盘内容另行下载,地址见书封底)(冯新宇)
- 戒子的诗(戒子)
