Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added ios & android technique and tool for re-flutter (by @appknox) #2600

Merged
merged 22 commits into from
Jun 24, 2024
Merged

Added ios & android technique and tool for re-flutter (by @appknox) #2600

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
1570297
Added techniques/android/MASTG-TECH-0099.md ,techniques/ios/MASTG-TEC…
sk3l10x1ng Apr 8, 2024
c66ad79
updated title
sk3l10x1ng Apr 8, 2024
67ef2c4
small correction fixes
sk3l10x1ng Apr 8, 2024
55cceab
renamed file to MASTG-TECH-0109.md
sk3l10x1ng Apr 10, 2024
c7b2103
updated ios & android techniques
sk3l10x1ng Apr 16, 2024
a8e2af9
update ios technique
sk3l10x1ng Apr 17, 2024
bab130a
added link
sk3l10x1ng Apr 17, 2024
3e8026e
added content
sk3l10x1ng Apr 17, 2024
4400933
updated mastg-tech-0109
sk3l10x1ng Apr 22, 2024
2e8a6db
updated mastg-tech-0110
sk3l10x1ng Apr 22, 2024
a7313bf
removed duplicate re-flutter mastg-tool-0099
sk3l10x1ng Apr 22, 2024
58a0c5b
removed duplicate file mastg-tech-0099
sk3l10x1ng Apr 22, 2024
a739edc
fix typo
cpholguera Apr 27, 2024
987322d
fix typo
cpholguera Apr 27, 2024
b3fc2e1
updated
sk3l10x1ng May 13, 2024
2f9e0bd
rename filename
sk3l10x1ng May 14, 2024
3d414a7
renamed the android app filename to MASTG-APP-0017
sk3l10x1ng Jun 14, 2024
338d809
updated changes
sk3l10x1ng Jun 18, 2024
e5eff2d
updated TOOL-0101.md
sk3l10x1ng Jun 18, 2024
6541328
updated TOOL-0100.md
sk3l10x1ng Jun 18, 2024
f91f157
updated changes TOOL-0100
sk3l10x1ng Jun 20, 2024
843c05e
updated techinque and tool
sk3l10x1ng Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Added techniques/android/MASTG-TECH-0099.md ,techniques/ios/MASTG-TEC… 
…H-0099.md, tools/generic/MASTG-TOOL-0099.md
  • Loading branch information
@sk3l10x1ng
sk3l10x1ng committed Apr 8, 2024
commit 15702974fa7bcf0925273388c804ce8848eb3edb
54 changes: 54 additions & 0 deletions techniques/android/MASTG-TECH-0099.md
View file
Open in desktop
cpholguera marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
title: Intercepting Non-proxy-aware Requests
platform: android
---

Flutter is an open-source UI software development kit (SDK) created by Google. It is used for building natively compiled applications for mobile, web, and desktop from a single codebase. Flutter uses Dart, which is not proxy-aware and uses its own certificate store.The application doesn’t take proxy configuration from the system and send the data directly to the server.Due to this , it is not possible to intercept the request using the Burp-suite or any MITM tools.

## Intercepting Traffic using re-flutter

1. The re-fultter supports both android and ios flutter applications.
2. Install the [reflutter](https://github.com/Impact-I/reFlutter.git).
3. Run the command to patch the application.
```
$ reflutter demo.apk
```
4. It prompts to choose two options:
```
$ reflutter demo.apk

Choose an option:

1. Traffic monitoring and interception
2. Display absolute code offset for functions

[1/2]?
```
5. Select the **Traffic monitoring and interception**.
6. Then it prompts **“Please enter your BurpSuite IP”**.Enter the IP of the machine which the burp suite is running.
```
$ reflutter demo.apk

Choose an option:

1. Traffic monitoring and interception
2. Display absolute code offset for functions

[1/2]? 1

Example: (192.168.1.154) etc.
Please enter your BurpSuite IP: 192.168.29.216
```
7. This will create a patched **release.RE.apk** file.
8. Re-sign the application with the [uber-apk-signer](https://github.com/patrickfav/uber-apk-signer).
```bash
$ java -jar uber-apk-signer.jar -a release.RE.apk --out demo-signed
```
9. This will create a **release.RE-aligned-debugSigned.apk** file in the output folder.
10. Install the re-signed application on the mobile device.
11. Configure the Burp-suite:
- Under Proxy -> Proxy settings -> Add new Proxy setting.
- Bind listening Port to **8083**.
- Select Bind to address to **All interfaces**.
- Request Handling -> support for invisible proxying.
12. Open the Application and start intercepting the requests from the applications.
cpholguera marked this conversation as resolved.
Show resolved Hide resolved
64 changes: 64 additions & 0 deletions techniques/ios/MASTG-TECH-0099.md
View file
Open in desktop
cpholguera marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
title: Intercepting Non-proxy-aware Traffic
platform: ios
---


Flutter is an open-source UI software development kit (SDK) created by Google. It is used for building natively compiled applications for mobile, web, and desktop from a single codebase. Flutter uses Dart, which is not proxy-aware and uses its own certificate store.The application doesn’t take proxy configuration from the system and send the data directly to the server.
Due to this , it is not possible to intercept the request using the BurpSuite or any MITM tools.



## Intercepting Traffic using re-fultter

1. The re-Fultter supports both android and ios flutter applications.
2. Install the [reflutter](https://github.com/Impact-I/reFlutter.git).
3. Run the command to patch the application.
```
$ reflutter demo.ipa
```
4. It prompts to choose two options:
```
$ reflutter demo.ipa

Choose an option:

1. Traffic monitoring and interception
2. Display absolute code offset for functions

[1/2]?
```
5. Select the **Traffic monitoring and interception**.
6. It prompts **Please enter your BurpSuite IP**. Enter the **IP** of the machine which the BurpSuite is running.
```
$ reflutter demo.ipa

Choose an option:

1. Traffic monitoring and interception
2. Display absolute code offset for functions
[1/2]? 1

Example: (192.168.1.154) etc.
Please enter your BurpSuite IP: 192.168.0.123
```
7. This will create a patched **release.RE.ipa** file.
```
SnapshotHash: 7dbbeeb8ef7bdfd91338640dca3927636de
The resulting ipa file: ./release.RE.ipa
Please install the ipa file

Configure Burp Suite proxy server to listen on *:8083
Proxy Tab -> Options -> Proxy Listeners -> Edit -> Binding Tab

Then enable invisible proxying in Request Handling Tab
Support Invisible Proxying -> true
```
8. [Re-sign](../../techniques/ios/MASTG-TECH-0092.md) the application with the Apple certificates.
9. Install the re-signed application on the mobile device.
10. Configure the Burp-suite:
- Under Proxy -> Proxy settings -> Add new Proxy setting.
- Bind listening Port to **8083**.
- Select Bind to address to **All interfaces**.
- Request Handling -> support for invisible proxying.
11. Open the Application and start intercepting the requests from the applications.
cpholguera marked this conversation as resolved.
Show resolved Hide resolved
7 changes: 7 additions & 0 deletions tools/generic/MASTG-TOOL-0099.md
View file
Open in desktop
cpholguera marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: re-flutter
platform: generic
source: https://github.com/Impact-I/reFlutter
---

[re-flutter](https://github.com/Impact-I/reFlutter) framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis.
cpholguera marked this conversation as resolved.
Show resolved Hide resolved
Loading