Tech Star

  • Home
  • App Development
    • Topics
    • Getting Started with Android
      • Installing the Android SDK
      • Creating the first Android application
      • Create a Simple Menu
      • Creating an Emulator
    • Android with Maven
      • Creating Android Project with Maven Archetypes
    • Gradle
      • Migrating Java project from Maven to Gradle
    • Location based applications
      • Getting Started with Maps
      • Google Maps Application with Google Maps Android API v2
      • Google Maps Android API v2 Key (New)
      • Get the Map API key (Deprecated)
      • Current Position
      • Process of putting a marker
      • Simply view Google maps data
      • Testing the Current Position on Emulator
    • Barcode Reader application
      • QR/Bar-code Scanner using “Zxing Fragment Library”
      • Barcode/QRcode Scanner using ‘android-zxinglib’ library project
    • GCM
      • Google Cloud Messaging for Android (GCM)
      • Process of sending a Push Notification using GCM in a nutshell
    • Internal Database
      • Creating SQLite internal databases
      • SQLite Database Browser
      • Export Android internal databases
    • Android Testing
    • Genymotion VM
      • Genymotion Virtual Device
      • Fix error: adb server is out of date. killing…
    • Discuss Issues
      • Android Studio
        • “Module not Specified” in Android Studio
      • Memory full Issues
        • Extend internal storage of android device with Link2SD (free) and Link2SD Plus
        • Partitioning external SD Card using “MiniTool Partition Wizard Free”
        • Work out to fix “Memory full” error on android device
      • Maven or Gradle Issues
        • Fix Issue: Failed to install artifact : (Access is denied) while installing 3rd party jars with maven
        • Gradle Build Issue: an unrecognized jvm option is used
      • Issues on Ubuntu
        • Fix Issue: Android SDK Manager is not executable on Ubuntu 14.0 ?
        • Fix Issue: while calling repo init; fatal: unable to auto-detect email address…
      • Ecipse Issues
        • Fix Issue: Problem updating the ADT plugin
      • VM Issues
        • Fix error: adb server is out of date. killing…
  • Operating System
    • System Execution Environment
      • System Execution Sequence – BIOS/UEFI and Bootloader
    • Flashing Firmware
      • Flashing Unofficial AOKP Nougat (Android 7.1.2) and Xposed on Galaxy S4 GT-19500
      • Installing Xposed on Galaxy S4 GT-19500 Android 6.0.1 CM13
      • Flashing Custom Firmware Android 6.0.1 CM13 on Galaxy S4 GT-19500
      • Flashing Official Lollipop 5.0.1 on Galaxy S4 (GT-19500) using Odi3 v3.13.1
    • Build Android OS
      • 1. Getting CyanogenMod source code
      • 2. Get-prebuilts requires while building
      • 3. Getting device-specific code
      • 4. Enable ADB on Linux to link your device and LinuxVM
      • 5. How to connect your mobile device to LinuxVM
      • 6. Extracting proprietary files from the device
      • 7. Extracting proprietary files from an already built CyanogenMod ROM
      • 8. Start Building OS…
    • Android Kernel
      • Android Kernel Overview
      • How to Build Android Kernel from source (Part 1)
      • How to Build Android Kernel from source (Part 2)
    • Android Rooting
      • Detecting Rooted Android Devices
      • Get Root Access- Root my phone with Root Genius
    • Android Security Model
      • Android security model (4.2 and earlier)
      • Android security model (4.3 and later)
    • Build Issues
      • Android AOSP download error – fatal: error no host given
      • Make error “could not find jdk tools.jar”
      • AOSP Build Issues: Invalid Java Version
    • Octoplus Box
      • Octoplus Box for unlock, flash, and repair mobile phones
      • “Read Unlock Codes” with Octoplus
  • Security
    • Tracers
      • Peekaboo Tracer
    • Certificate Pinning
      • Move Android User Installed Certificates to System CA Store
    • Xposed (Dynamic Testing)
      • Xposed: Hook Java Anonimous Inner Classes
      • Tips for writing Xposed Module to Hook Android App’s Methods
      • Xposed: Hook and Read okhttp3.Response Body Without Failures
      • Fix Bootloop Caused By Xposed Module
      • Running Xposed Module: “Default Activity not Specified” error
    • Fuzzing
      • AFL/Kelinci: Fuzzing a java program
    • Ethical Hacking
      • 1.Enable OpenWRT on TP-link TL-WR841N router
      • 2.Reinstall the firmware on the OpenWRT enabled TP-link TL-WR841N.
      • 3.Unbrick a TP-link TL-WR841N router
      • 4. Install chaos_calmer on OpenWRT device TP-Link WR841n router
      • 5.Solving internet connection problem on openWRT device for package installations
      • 6. Traffic mirroring using OpenWRT router
    • Web Scrapping
      • Scraping JavaScript Web Sites which requires Authentication
    • Kali Linux
      • Create Kali Linux Live USB stick with Etcher on Windows
      • Install Kali Linux using USB drive
      • Use MongoDB Cloud with Python on Kali 2020
      • Use MongoDB on Kali Linux with PyCharm
      • Install MongoDB on Kali 2020
      • Setup Chrome Driver for Selenium on Kali Linux
      • Create an Open Hotspot on Kali Linux
      • Install JD_GUI on Kali
      • Solving apt-get update error on kali linux
      • Fiddler on Kali Linux
      • Use MySQL Database with Pycharm Community Edition on Kali Linux
      • Wi-Fi Connection Settings For Kali Linux
      • Python GUI with PySide2 and QtCreator
    • Reverse Engineering
      • 1. Getting familiar with “Radare2”
      • 2. Disassembling and Rebuilding with ‘Apktool’
      • 3. ‘Dex2jar’ with ‘JD-GUI’ decompiler
      • 4. Python script to automate decompiling Android apk files
      • 5. Python script to automate “search-text” in decompiled files
      • 6. Decompiling APK with jadx
    • mitmproxy
      • Use mitmproxy to Capture Traffic on the Same Machine
    • Fiddler
      • Running PyCharm Traffic through Fiddler
      • Fix ERR_CONNECTION_TIMED_OUT error on Android with Fiddler Proxy
    • SSL
      • SSL: 01 Creating a self-signed SSL certificate
      • SSL: 02 Installing a self-signed SSL certificate
      • SSL: 03 Force HTTPS using .htaccess
    • Articles
      • Article on Mobile Secuirty
  • Internet of Things (IoT)
    • Why Smart Homes Require Integration Analysis?
    • Did you know that your Philips Hue bulb can be hijacked by a malicious hub in the neighborhood?
  • About Kulani Mahadewa
    • About Kulani Mahadewa

Create Kali Linux Live USB stick with Etcher on Windows

Posted by Kulani Mahadewa on October 7, 2020
Posted in: Kali Linux. Tagged: 1 failed device, balena etcher, dual boot, fast-restart, kali linux live usb stick, kali linux startup missing. Leave a comment

Hi, You can create a bootable USB stick for Kali Linux Live with few steps using the BalenaEtcher tool on Windows.

  • Step 1: Download the Kali linux live image from https://www.kali.org/downloads/ I select Kali Linux 64-Bit (Live) 2020.3. After downloading you can verify the image by comparing the SHA 256 value shown in the website.

certutil -hashfile <pasth to iso image> SHA256

  • Step 2: Next, Download BalenaEtcher from https://github.com/balena-io/etcher/releases.

Once installed, you can simply select the ISO image of the kali linux live at “Flash from URL” –> Then select the USB drive for flashing at “Select target”–> Select “flash”.

Once the flashing is done, you may see as “1 failed device” due to checksum fail (during verification) on Windows. However, the writing to the USB was successful. This error has identified as a false positive case seen on Windows.

What else can you do with the Live USB stick of Kali Linux?

Add kali linux to startup on dualboot with Windows: You can find a guide to add kali linux startup on a dual boot with Windows at https://networkwolves.wordpress.com/2015/04/13/repair-kali-linux-grub-after-installing-window-in-dual-boot/amp/

Boot the live USB stick –> select “Live system” -> Open a terminal.-> login as root user

(If you have a fresh version install root user by following command)

sudo apt-get install kali-root-login
super su

Next, you can use the following commands. Then reboot the system to see the boot menu with kali linux option.

mount /dev/sda3 /mnt
mount –bind /dev /mnt/dev
mount –bind /dev/pts /mnt/dev/pts
mount –bind /proc /mnt/proc
mount –bind /sys /mnt/sys
chroot /mnt
grub-install /dev/sda
update-grub
exit
umount /mnt/dev/pts
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount /mnt

Resolving kali linux startup problem on dual boot desktop due to Window’s fast-restart: To resolve this also, you can use the Kali Linux Live USB stick.

When you try the first command (mount /dev/sda3 /mnt) you can see the error is shown as follows. You can disable the fast-restart which is a new feature on Windows 10, by selecting control panel->system and security -> power options–> “choose what the power buttons do” -> “Change the settings that are currently unavailable” -> untick “Turn on fast-startup”.

Cheers ! 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

System Execution Sequence – Part 1: BIOS/UEFI and Bootloader

Posted by Kulani Mahadewa on July 6, 2020
Posted in: System Execution Sequence. Tagged: bios, bootloader, system execution, uefi. Leave a comment

Execution Environment

Computing is about running algorithms. It is achieved by executing code. So, what is the order of executing codes in a computer?

Different kinds of computers (e.g., desktops/server platforms, mobile, and embedded devices) may organize the system execution order slightly differently. In general, on top of hardware is the kernel space, and on top of the kernel is the user-space software. However, in simple embedded software like in IoT devices, the firmware code can be on top of the hardware. The kernel provides system calls, for the user libraries to access system functionalities, and the libraries provide library calls for the applications to access the functionalities of libraries. Despite this organization, the CPU receives the data as a flat instruction stream.

Is it possible to run the binaries of different architecture on another architecture? For example, Linux binary on Windows.

Yes. In particular, there are compatibility layers that facilitate the execution of binary belongs to a different architecture. Wine is such a compatibility layer, which supports the execution of Windows binaries on Unix-like OSs. Windows Subsystem for Linux  (WSL) is another compatibility layer, which facilitates the execution of Linux native binaries on top of Windows OS.

Virtual machines (VM) are a way to provide an isolated execution environment. It can provide the same or different execution environment as the underlying architecture. Such as Linux VM provides the Linux execution environment on Windows OS. A VM provides both kernel space and userspace. Hence, the end-users can work without worrying about the underlying architecture.

Docker is another way to provide an isolated execution environment. However, docker provides isolation for application through containers, whereas VM provides isolation for the OS environment. The VM’s userspace is similar to the container of Docker.

Firmware Booting Code

When the PC is power on, firmware booting code is the first thing to run. When this booting code runs, you will see the logos on the screen. During this time, in the backend, it probes all the hardware devices, to check whether they work well. Only the keyboard is enough to communicate with this code.

BIOS (Basic I/O System) and UEFI (Unified Extensible Firmware Interface) are two types of booting codes or booting firmware. It comes pre-installed on the PC board.

BIOS vs UEFI:

  • BIOS is legacy booting firmware. It only supports up to 4 partitions of Hard Disk.
  • UEFI is a new booting firmware. It supports more than 4 partitions of HD, and additionally provide a secure mode and network support during booting to download missing codes.

Another main function of booting code is, it requires to find the next code to be executed and put it in the memory. What is the next code to execute? Bootloader.

Bootloader

It is a small program to load other OS programs and data in memory and executes them. It can be automatic or ask for manual options. With bootloader can load single or multiple kernels. It becomes the main application running on the microprocessor during normal operation.

Is it required to have a bootloader on a computer system? No. Simple embedded systems may not come with bootloader to save space.

Can you replace the existing bootloader? Yes. You can use U-boot to replace the bootloader.

Different bootloaders:

  • Linux: GRUB bootloader
  • Windows: BCD bootloader
  • Android: Fastboot (to load recovery image)
  • iOS: iboot
  • Embedded systems: Uboot (a general bootloader tool)

A main function of the bootloader is to find where the kernel image resides, and put it in the memory and execute it.

What if the bootloader cannot find the kernel or the kernel image is missing? PXE (Preboot Execution Environment) comes to the scene. An advantage of UEFI booting firmware is that it supports PXE. Hence, if the kernel image is not found, it can download it from a remote server.

The general procedure of PXE:

  • The host requests the IP for a network adapter from the DHCP server. The DHCP server replies with a temporary IP and TFTP Server address.
  • Next, the host requests a network bootloader from the TFTP server. TFTP server replies with reboot and support files.
  • Next, the host requests for kernel from the Web or TFTP server, and receives the kernel.
  • Finally, it acquires an IP for the kernel from the DHCP server.

Bootloader Security

Archived through TPM

What is TPM?

Trusted Platform Module (TPM) is a hardware component (comes on-chip of the motherboard ) that guarantees the integrity of the booting process.

Threat Model: A malicious code that replaces bootloader or kernel.

With TPM it can check the integrity of code and prevent the attacker from modifying the code at the initial stages of booting the OS. It uses simple cryptographic techniques and supports saving some sensitive data. The advantage is that it can hash a large amount of data.  The hash value is stored at PCR (Platform Configuration Register).

Chain of Trust

  • First, check whether the root of trust (BIOS/UEFI) is secure by checking the signature of the bootloader.
  • Next, transfers the control to the bootloader. At the bootloader, check the integrity of the hash value.
  • Next, transfers the control to the kernel. Check the integrity of the kernel.

UEFI Secure Mode

First, the signature of the kernel bootloader has to be generated. This is done by the manufacture. Next, when it loads check for its signature for integrity.

This adds trouble if you have to add a customized bootloader.

In fact, the UEFI secure boot + TPM is recommended for preserving security.

Unlock Bootloader

  • PC’s supports both BIOS and UEFI as booting methods. It is possible to switch between the two types. However, data loss and compatibility issues could happen.
  • In Android, the bootloader is locked by default. The fastboot tool can be used to unlock. When the bootloader is unlocked it is possible to changes the OS. (Whereas rooting will only allow the control of the whole OS. It provides access to the system partition, while bootloader unlocking provides boot or recovery partitions access).
  • In Iphones and MacOS, iboot is the bootloader.  DFU is required to downgrade iOS OS.

Booting Disk Creation and Disk Management

  • Etcher: can be used to locally generate a bootable USB with 3 steps. Select image, select drive with USE, and flash.
  • Unetbootin: Universal Netboot installer.
  • dd: direct dump, is a Unix utility. It can securely erase all files block by block.
  • Clonezilla

Online Resources that can be referred:

  • Booting code in firmware/ROM
    • BIOS https://en.wikipedia.org/wiki/BIOS
    • Mac Open Firmware
    • UEFI&BIOS https://www.partitionwizard.com/partitionmagic/uefi-vs-bios.html
  • Bootloader:
    • Linux GRUB:
      https://www.gnu.org/software/grub/manual/grub/html_node/index.html
    • Windows Bootloader:
      https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/boot-options-in-windows
    • Embedded device bootloader:
      https://www.embedded.com/bootloaders-101-making-your-embedded-design-future-proof/
    • Android Bootloader (Recovery, Fastboot)
      https://source.android.com/devices/bootloader
      https://www.howtogeek.com/249439/how-to-enter-androids-bootloader-and-recovery-environments/
    • iOS Bootloader:
      https://www.theiphonewiki.com/wiki/IBoot_(Bootloader)
    • UBoot:
      https://www.denx.de/wiki/U-Boot
    • Network Bootloader: PXE https://en.wikipedia.org/wiki/Preboot_Execution_Environment
    • (Backgroun Knowledge) MBR and GPT https://www.howtogeek.com/193669/whats-the-difference-between-gpt-and-mbr-when-partitioning-a-drive/
  • Bootloader security, TPM
    • Boot security modes and recommendations: https://media.defense.gov/2019/Jul/16/2002158058/-1/-1/0/CSI-BOOT-SECURITY-MODES-AND-RECOMMENDATIONS.PDF
    • UEFI and the TPM:
      https://resources.infosecinstitute.com/uefi-and-tpm-2/#BIOSBootProcess
    • Use TPM to improve boot security at BIOS layer: https://ieeexplore.ieee.org/document/6161909
    • Unlock Bootloader (Android):
      https://www.quora.com/What-is-the-meaning-of-an-unlocked-bootloader-in-mobile-phones
      https://www.getdroidpro.com/how-to-unlock-bootloader-on-any-android-smartphone/
    • Unlock Bootloader (iPhone):
      Device Firmware Upgrade (DFU): https://blog.elcomsoft.com/2018/10/everything-about-ios-dfu-and-recovery-modes/
      https://ifixelectronics.com.au/what-is-dfu-mode/

 TPM overview: https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Overview.pdf (optional)

  • Trusted boot loader: https://elinux.org/images/2/28/Trusted_Boot_Loader.pdf (Optional)
  • TPM manual: https://trustedcomputinggroup.org/wp-content/uploads/PC_Client_TPM_PP_1.3_for_TPM_1.2_Level_2_V116.pdf (optional
  • Windows TPM usage: https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview (Optional)
    https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm#measured-boot (Optional)
  • Boot disk (USB/CD-R), system installation process, system image cloning
    • dd: https://www.unixtutorial.org/commands/dd
    • Etcher: https://www.balena.io/etcher/
    • UNetbootin: https://unetbootin.github.io/
    • Clonezilla: https://clonezilla.org/

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Did you know that your Philips Hue bulb can be hijacked by a malicious hub in the neighborhood?

Posted by Kulani Mahadewa on May 25, 2020
Posted in: Article, Internet of Things. Tagged: 2018, 2019, attacks, bulb hijacking, Chromecast, finite state machine, fsm, google scholar, hijacking, HomeScan, iceccs, inegration, integration analysis, iot, iot attacks, iot security, iot system, LIFX, malicious, phd research, Philips Hue, reachability analysis, reachability check, research, security analysis, Security Research, smart bulb, smart home attack, smart lighting, state transitions, TSE, vulnerabilities, ZigBee, ZLL. Leave a comment

Philips Hue is a popular smart home lighting system. This smart lighting system provides you with flexibility and ease in controlling, and diverse customizations in terms of colour range and functionalities that a typical light bulb cannot provide you. However,  there can be vulnerabilities in these new Internet of Things products due to lack of security hardening or challenges in adopting existing security solutions into them.

With reference to the previous post, HomeScan [1, 2] has discovered a vulnerability in the Philips Hue lighting system that leads to hijacking a Philips Hue bulb which is already connected with a victim’s hub at the presence of a malicious hub. As stated by HomeScan,  the vulnerability introduced due to the use of the existing communication protocol ‘ZigBee’ by the Philips Hue bulbs as a low power solution. Specifically, Philips Hue uses ZigBee Light Link (ZLL) protocol. It allows the ZigBee enabled bulb to accept and reply to the discovery beacons even after the bulb is already connected to a hub. Consequently, a malicious hub can discover the victim’s bulb by sending a discovery beacon. Following that the attacker can launch the ZLL authentication which results in the bulb disconnect itself from the victim’s hub and establish authentication with the malicious hub.

Here, is the attack demo video showing how the Philips Hue bulb is hijacked by the malicious hub over the ZigBee network. This demo uses the Perytons tool and a USB pluggable sniffing stick that supports ZigBee traffic capturing. This traffic was captured at the presence of a real Philips Hue bulb and two Philips Hue Hubs (one as the benign or belongs to the victim and the other as the malicious or belongs to the attacker). There are several other vulnerabilities that were discovered by HomeScan from including Chromecast and LIFX devices. You can check the HomeScan demo site for other findings.

 

References

[1] Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Yan Liu, Jin Song Dong, and Zhenkai Liang. IEEE Transactions on Software Engineering, TSE 2019

[2] HOMESCAN: Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Jin Song Dong and Zhenkai Liang. 23rd International Conference on Engineering of Complex Computer Systems, ICECCS 2018, Melbourne, Australia, December 12-14, 2018

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Why Smart Homes Require Integration Analysis?

Posted by Kulani Mahadewa on May 24, 2020
Posted in: Article, Getting Started with Android. Tagged: 2018, 2019, discovering flaws, end to end, finite state machine, HomeScan, iceccs, integration, integration analysis, Internet of Things, iot, iot system, model, model checker, model checking, model extraction, security analysis, security flaws, semi-automatic, smart home, smart home security, smart home system, smart home system security, specification extraction, state machine, state transitions, system model, TSE, Vulnerability Analysis. Leave a comment

In the HomeScan[2]  paper (in ICECCS 2018),  we highlight the importance of the security analysis of a smart home system from the integration perspective and propose a semi-automatic approach to perform the integration analysis. Later, an extended version [1] of this work was published in the 2019 TSE journal.

Why integration analysis?

Unlike the traditional ubiquitous smart home systems, the IoT (Internet of Things) driven smart home systems are more complex with the inherent attributes of IoT such as heterogeneity in technologies, standards, protocols, and platforms they are built upon while supporting a low-cost and a low-power system over the Internet.

Screenshot 2020-05-25 03.23.52

The Figure shows the diversity of communication protocols and smart devices by different manufacturers supported by a smart home system that uses Smarthings hub.

The HomeScan paper suggests two factors which make securing of a smart home system challenging as incompatibilities and invalidated assumptions exist in a smart home system due to its complexity. Therefore, it highlights the requirement of analyzing the security of a smart home system from the integration perspective to discover insecurities arrises due to the challenges in providing security for smart home systems.

How to perform integration analysis?

The paper proposes HomeScan, a semi-automatic approach to perform a security analysis of a smart home system from the integration perspective. The idea is that, if you have a model (a finite state diagram) of the integrated system, you can perform model checking against different attack models to find security problems in the integrated system. Hence, the paper first provides a set of techniques to extract the model of the integrated system as a Labeled Transition System (LTS) from the available implementations. Next, it shows that reachability checking over the generated integrated system model can be used to find security problems in the smart home integration. For more information please refer to the Homescan [2] paper or its extended version [1].

References

[1] Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Yan Liu, Jin Song Dong, and Zhenkai Liang. IEEE Transactions on Software Engineering, TSE 2019

[2] HOMESCAN: Scrutinizing Implementations of Smart Home Integrations. Kulani Mahadewa, Kailong Wang, Guangdong Bai, Ling Shi, Jin Song Dong and Zhenkai Liang. 23rd International Conference on Engineering of Complex Computer Systems, ICECCS 2018, Melbourne, Australia, December 12-14, 2018

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Use mitmproxy to Capture Traffic on the Same Machine

Posted by Kulani Mahadewa on April 10, 2020
Posted in: mitmproxy. Tagged: capture traffic, capture traffic of the same machine, desktop, Fiddler, fiddler alternative, firefoex, Firefox ESR, https, intercept, intercept ssl traffic, iptables, Kali, Kali Linux, Kali Linux 2020, Linux, linux machine, man-in-the-middle, mitm.it, mitmproxy, mitmproxy 5.0.1, mitmproxyuser, modify, nat, pip3, python3, redirect traffic, redirect traffic originating from the same machinej, same machine, save, ssl, traffic, transparent mode. Leave a comment

Hi, In this post I’m giving a detailed guide to use mitmproxy on kali Linux to capture the traffic. The mitmproxy tool provides many attacker capabilities in traffic analysis such as intercept, modify, replay, save, etc. You can check here for more details. I wanted to use this tool to capture traffic on the same machine (The tool is by default designed to use as a man-in-the-middle attacker to monitor the traffic of a victim device) to analyze the web protocols.  On my windows machine I used Fiddler to capture and analyze traffic. However, it was not enough support for Linux machines, if required to do further processing. Hence, I decided to use mitmproxy on Linux.

Note: In order to use mitmproxy to monitor traffic in the same machine we need to consider two users; one user as to provide the proxy; the other user as the victim. So following are the steps to set up your environment on a kali Linux machine. Although kali Linux comes with mitmproxy as pre-installed, I removed the existing version and installed the latest mitmproxy version 5.0.1. The newest version claims to be 4X faster.

Step 0: Remove previously installed mitmproxy

You may have to install the existing old version of mitmproxy if you are using kali Linux

sudo apt-get remove --auto-remove mitmproxy

Step 1: Create a new account for the proxy.

Use the following commands to create a new user. This user will be used as the attacker.

useradd -m mitmproxyuser// it creates a new direcotry 
 passwd mitmproxyuser //provide a password 
usermod -a -G sudo mitmproxyuser //add the user to sudo user list

Step 2: Download the mitmproxy version 5.0.1

  • Visit https://mitmproxy.org/ and download the v5.0 binary of mitmproxy.
  • Extract the downloaded .gz file. It contains following executables:
    • mitmproxy
    • mitmdump
    • mitmweb

Step 3: Install the mitmproxy as the newly created user

Change the directory to the directory with the extracted content of mitmproxy

  • Use the following command to install the mitmproxy.

Note: I’m using pip3 to install the mitmproxy, the pip gave errors for me.

sudo -u mitmproxyuser bash -c 'cd ~ && pip3 install --user mitmproxy'

If the command was successful, the following hidden files will be generated

0installmitmproxyasdiffuser(1)genfiles

Step 3: Update IP forwarding settings and add rules to the iptables.

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080

Note*: Once the iptables are updated you will not be able to browse the internet unless the mitmproxy is started

Step 4: Start the mitmproxy as the user mitmproxyuser

sudo -u mitmproxyuser bash -c '$HOME/.local/bin/mitmproxy --mode transparent --showhost --set block_global=false'

00runmitmproxyNote*: Now, when you visit a web site on Firefox browser, it will still say that the certificate is not trusted.

01waring

Step 5: Install the mitmproxy certificates on Firefox browser

Once the mitmproxy is started …

  • Open the browser and visit http://mitm.it/

02installcert

02details

  • Click on ‘other’ for Linux. It will download the certificate and prompt for acceptance. You can view the certificate and accept it.

02trustcert

02certdetails(2)

Step 5: Capture traffic on mitmproxy

Finally,  after installing the CA certificate, you can use the mitmproxy to analyze your traffic as follows.

03successmitmproxy

Click on an item to view the details.

03details

Cheers ! 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Running PyCharm Traffic through Fiddler

Posted by Kulani Mahadewa on April 6, 2020
Posted in: Fiddler. Tagged: (ssl.SSLError, accept certificate, certificate, certificate verify failed, CERTIFICATE_VERIFY_FAILED, do_not_trust, Fiddler, fiddler root certificate, fiddlerroot, HTTP Code 422, http proxy, Invalid Data, jetbrains.com, PyCharm, PyCharm traffic through Fiddler, python, python3, requests, server certificates, urllib, urllib3. Leave a comment

Hi, Here is a brief guide to setup PyCharm to send its traffic generated by requests through Fiddler.

Usage:  If you get errors while  implementing an extracted  protocol from a Fiddler traces, you can forward the traffic to Fiddler, so that you can check the captured traces against the traffic generated from PyCharm to debug your code. For example, you can solve issues when receiving Code 422 in response.

Running PyCharm Traffic through Fiddler

First, you need to update proxy settings at PyCharm with Fiddler proxy details. This will ask to install Fiddler generated certificates at PyCharm. However, this step only allows PyCharm to direct it’s traffic to Fiddler, but your python code fails since this setting does not apply to urllib3 used by requests. Hence, we have to bypass certificate verification in the code.

Step 1: Add Fiddler Generated Certificates to PyCharm

  • At PyCharm IDE Goto -> File -> Settings ->Appearance & Behaviour -> System Settings -> HTTP Proxy -> Provide Fiddler proxy settings as follows (Host: 127.0.0.1, Port: 8888)

update proxy settings

  • Restart PyCharm -> It will prompt to Accept the Fiddler generated certificates for JetBrains.

Screenshot 2020-04-06 19.32.00

  • You can check the saved certificates at File -> Settings ->Tools-> Server Certificates

Step2: Update Python Code

In the python code, I’m using requests package to send HTTPS requests. Update the request with an additional argument as verify=False. Otherwise, it will throw an verification failed exception (ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:646))

import requests

initResponse = requests.get(initURL, params=initParams, headers=headerInit,verify=False)

Now, it will only give a warning (InsecureRequestWarning: Unverified HTTPS request is being made to host ‘127.0.0.1’. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning,) and pass the code. Assuming you are aware of the security of the URL you are visiting, this can help you forward PyCharm traffic through Fiddler without much hassle.

Cheers ! 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Fix ERR_CONNECTION_TIMED_OUT error on Android with Fiddler Proxy

Posted by Kulani Mahadewa on March 12, 2020
Posted in: Fiddler. Tagged: 8888, After setting Fiddler proxy on Android, Allow remote computers to connect, Android, Android application Lose internet connection once connec, Android with Fiddler Proxy, Connected, Decrypt HTTPS traffic, ERR_CONNECTION_TIMED_OUT, Fiddler, Fiddler causes my Internet access to stop working, fiddler no interent with android, Fiddler Proxy on Android, Fiddler with Android, Fix ERR_CONNECTION_TIMED_OUT error, http://ipv4.fiddler:8888, no internet, No internet on Android device, Remove interception certificates. Leave a comment

Hi, When setting up an Android device with Fiddler on the host machine, you need to set up proxy settings on Android Wi-Fi giving the IP address shown on Fiddler (Online) as host and port as 8888. After that, you need to visit http://ipv4.fiddler:8888 on your browser to download the Fiddler Root Certificate. However, when visiting the http://ipv4.fiddler:8888 on the Android browser, you might get ERR_CONNECTION_ TIMED_OUT.  This could be due to many reasons.

Reasons and Solutions:

  • If you are connecting your Android with Fiddler for the first time recheck the settings on Fiddler. Goto -> Tools -> Options -> Connection -> Tick “Allow remote computers to connect”.  To allow HTTPS decryption, ensure you have ticked “Decrypt HTTPS traffic” under Options-> HTTPS, and then install the root certificate.
  • If you are trying to reconnect you Android with Fiddler which was working with a different host, and now getting  ERR_CONNECTION_ TIMED_OUT on the Android browser,
    • You can first try removing current certificates on the Fiddler host machine and try reinstalling the certificates..
      • First, Goto -> Tools -> Options -> HTTPS-> Untick “Decrypt HTTPS traffic”.
      • Then, select ‘Actions’ on the same dialog -> select “Remove interception certificates”
      • Then follow the normal procedure to enable HTTPS traffic decryption
    • The ultimate try is to uninstall and reinstall the Fiddler from the beginning on your host machine. After that, your Android browser can visit http://ipv4.fiddler:8888 and download a new Fiddler Root Certificate.

Plus:

Even after successfully installing the Fiddler root certificate on your Android device, if you are not able to capture the HTTTPS traffic. It might be that you are using an older fiddler root certificate or a certificate you installed when working with a different Fiddle r host machine. Hence, remove the current installed certificate from your android device. After that, try reconnecting with the Fiddler host to reinstall the new root certificate.

adb shell
cd /data/misc/user/0/cacerts-added
ls
rm < current root certificate e.g. e5c3944b.0>

In the worst case It may be due to certificate pinning used in the application you are trying to test. In that case, you may have to use an instrumentation tool like Xposed to bypass such conditions.

Cheers ! 🙂

 

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Install MongoDB on Kali 2020

Posted by Kulani Mahadewa on March 10, 2020
Posted in: Kali Linux. Tagged: .bashrc, basrc, binaries, error, export, install monodb, isngtall, Kali, Kali 2020, Kali Linux, Kali Linux 2020, Linux, mongo, mongod, mongod package not found, mongoDB, pacakge not found mongod, package not found mongo, pakcage not found, path, Unable to locate package mongo, Unable to locate package mongodb-org, Unable to locate package mongodb-org/mongo. 2 Comments

Hi, I have tried to install mongod from the apt-get install on my Kali Linux machine. However, it couldn’t find a package with that name. Hence, I decided to install mongod binaries specified at in their documentation as follows.

  • Donwload mongod package and extract the content

mogodown

wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.6.17.tgz
  • Add the location of mongod in the PATH variable

Goto home directory -> Ctrl+H -> Find the .bashrc file -> open and paste following-> Save

export PATH=<path-to-mongodb-directory>/bin:$PATH
  • Create data/db directory. (Since I use the root user not needed to set permissions)
mkdir -p /data/db
  • Now open terminal and use mongod  to start the server
mongod

mongod

  • Use mongo command to use the database
mongo

mongo

Cheers ! 🙂

 

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Python GUI with PySide2 and QtCreator

Posted by Kulani Mahadewa on March 7, 2020
Posted in: Kali Linux. Tagged: gui, Kali, Kali 2020, Kali Linux, kit selection, Linux, mainWindow.py, mainWinow.ui, no kits, no kits available, pyqt, pyqt5, pyside, pyside2, python, Python GUI application, QApplication, qt, Qt 5.14, Qt Version, qt wideget application, qt widget, Qt5, QtCore, QtCreator, QtDesigner, QtGui, QtWidgets. Leave a comment

Hi, In this post I explain how to create a GUI application for Python using Qt. Qt is a cross-platform software development framework.  It provides PySide to support creating GUI applications for Python. There is also PyQt another python package supporting the same functionality. This post explains the differences between the two packages. They are basically alternatives. So, in this post I’m using PySide2 the latest version of PySide supporting the Qt 5.14 version.  In brief, you can first generate the layout using QtCreator tool. Then export that into your Python application for adding functionalities to the UI components.

Step 1: Install QtCreator/QtDesigner

There are two version of the QtCreator is available. You can use the open source version.

  • Prerequisite:
sudo apt-get install build-essential libgl1-mesa-dev
  • Download the installer:  from https://www.qt.io/offline-installers. I installed qt-opensource-linux-x64-5.14.1.run.
  • Installing: The installer can be directly executed on linux machine (I’m using Kali Linux 2020)  when  provide access to execute. It will prompt to create a user account through the installer. Then verify your email and continue. Once installed the application can be find through the application searching as qt.

qt setup

Step 2: Create an Qt Application using the QtCreator

  • Select Qt Widget application -> Provide the name and location -> select qtmake as the build system -> Next, you can edit class name information -> Next, select Kit Selection as ‘Desktop’ -> Finish

Screenshot_2020-03-08_01-57-38

  • When you install for the first time there won’t be any kits available.

Hence, you need to do the following steps first.

    • Install qt5-defaults
sudo apt-get install qt5-default
    • At the QtCreator Select Tools -> Options -> at Kits goto Qt Versions -> Maual -> Add -> give qmake file of qt5 location (usr/lib/x86_64-linux-gnu/qt5/bin/qmake)

Screenshot_2020-03-08_02-10-12

qt setup versoin

    • Then at the Kits window –> Select Desktop -> Update the Qt Version to the added Qt version.
    • Now, you can create the Qt Widget application as described above.
  • When you created the Qt application you can use the ‘Design’ View to add the layouts and the components as desired.

Screenshot_2020-03-08_02-20-47

Step 3: Export your designed mainWindow.ui as mainWindow.py

The mainWindow.ui is an xml file.

Screenshot_2020-03-08_02-21-00

You can covert it to a python file as folllows.

pip3 install PySide2
pyside2-uic mainwindow.ui -o mainWindow.py

The generated mainWindow.py:

Screenshot_2020-03-08_02-31-30

Step 4: Create Python GUI Application

Now, you can create a python project including the mainWindow.py, and another python file app.py to refer the components in the mainWindow.py and provide functionalities.

you import the Ui_mainWindow from the ainWindow.py  in app.py

app.py:

import sys
from PySide2.QtGui import *
from PySide2.QtCore import *
from PySide2.QtWidgets import *
from path.to.mainWindow import Ui_mainWindow

class MainWindow(QMainWindow, Ui_mainWindow):
def __init__(self):
super(MainWindow, self).__init__()
self.setupUi(self)
self.assignWidgets()
self.show()

def assignWidgets(self):
self.goButton.clicked.connect(self.goPushed)

def goPushed(self):
self.goText.append("Test Go!")

if __name__ == '__main__':
app = QApplication(sys.argv)
mainWin = MainWindow()
ret = app.exec_()
sys.exit( ret )

You can refer to following tutorials for more information

  • https://it.toolbox.com/blogs/jeffhoogland/pyside-tutorial-using-qt-designer-with-pyside-031315
  • https://doc.qt.io/qtforpython/PySide2/QtWidgets/QMainWindow.html

Cheers ! 🙂

 

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Peekaboo Tracer

Posted by Kulani Mahadewa on March 5, 2020
Posted in: Tracers. Tagged: dynamorio, generating trace, modularized, peekaboo, seqence of instructions, Testing, trace, tracer. Leave a comment

Hi, Today I’m introducing the Peekaboo Tracer available at GitHub. You can use it to obtain the sequence of instructions executed while running a program or function as a trace. A trace in general, is a sequence of events happened when performing a task. So, if any errors were occurred while performing the task, the trace can be analyzed to find the problem or the cause.  Hence, the objective of Peekaboo is to help the users generate the traces.

Challenges in Tracing

The typical challenges in generating and managing a trace:

    • Length of the trace is tool long: If a single trace file includes all the attributes of a instruction, then the file size becomes too big.
    • Customized requirements: which attributes of the instructions are included in the trace (An instruction includes an instruction address, opcode, register value, memory value, memory address): If a single trace includes selected attributes for each instruction. Then reading the trace becomes difficult.

Solution by Peekaboo

In addressing the above challenges, Peekaboo introduces modularization. In precise, it generates a file for each attribute in a instruction such that each attribute file includes a sequence of attributes corresponding to the sequence of instructions executed. Hence, depending on the interest of the user, he can generates the trace including selected attributes.

Set up Peekaboo

Peekaboo is built on top of DynamoRIO instrumentation tool. Hence, we required to download the latest build of DynamoRIO to test the Peekaboo.

  • Download DynamoRIO DynamoRIO-Linux-7.91.18319.tar.gz
  • Download Peekaboo Source: git clone https://github.com/melynx/peekaboo.git

Next, following the guide in the Peekaboo documentation..

cd peekaboo_dr
mkdir build
cd build
DynamoRIO_DIR=/path/to/DynamoRIO/DynamoRIO-Linux-7.91.18319 cmake ..
make

cmake

make

Run Peekaboo

Generate the trace for executing ls command as follows.

path/to/DynamoRIO/DynamoRIO-Linux-7.91.18319/bin64/drrun -c /path/to/peekaboo/peekaboo_dr/build/libpeekaboo_dr.so -- ls

Results: Generated Trace Files

trace modules

Cheers ! 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn

Like this:

Like Loading...

Posts navigation

← Older Entries
  • Welcome to Tech Star World… !

  • Blog Stats

    • 119,216 hits
  • Kulani Mahadewa

    Kulani Mahadewa

    I’m a Ph.D. candidate with the Department of Computer Science, National University of Singapore. I am interested in Python, Java, and Android developments. My research interests are IoT security and privacy, program analysis, fuzzing, and protocol verification. This blog was started in 2012 while I was working as an intern in software engineering. However, I recently started posting content about my research work and research interests. I hope you enjoy my blog posts.

    View Full Profile →

  • Enter your email address to follow this blog and receive notifications of new posts by email.

  • Advertisements
  • Archives

    • October 2020 (1)
    • July 2020 (1)
    • May 2020 (2)
    • April 2020 (2)
    • March 2020 (6)
    • February 2020 (3)
    • January 2020 (1)
    • December 2019 (1)
    • June 2019 (1)
    • April 2019 (3)
    • March 2019 (6)
    • February 2019 (8)
    • January 2019 (3)
    • January 2018 (9)
    • November 2016 (1)
    • August 2016 (2)
    • May 2016 (2)
    • February 2016 (1)
    • January 2016 (2)
    • December 2015 (3)
    • September 2015 (1)
    • August 2015 (1)
    • May 2015 (2)
    • April 2015 (1)
    • March 2015 (6)
    • February 2015 (4)
    • January 2015 (7)
    • December 2014 (2)
    • October 2014 (5)
    • July 2014 (1)
    • June 2014 (1)
    • May 2014 (1)
    • April 2014 (3)
    • March 2014 (1)
    • September 2012 (1)
    • August 2012 (5)
    • July 2012 (9)
  • Recent Posts

    • Create Kali Linux Live USB stick with Etcher on Windows
    • System Execution Sequence – Part 1: BIOS/UEFI and Bootloader
    • Did you know that your Philips Hue bulb can be hijacked by a malicious hub in the neighborhood?
    • Why Smart Homes Require Integration Analysis?
    • Use mitmproxy to Capture Traffic on the Same Machine
    • Running PyCharm Traffic through Fiddler
    • Fix ERR_CONNECTION_TIMED_OUT error on Android with Fiddler Proxy
    • Install MongoDB on Kali 2020
    • Python GUI with PySide2 and QtCreator
    • Peekaboo Tracer
  • Advertisements
  • Topics

  • Tags

    ADB Android Android application android kernel android studio apk Apktool automate AVD barcode brunch classes.dex connection current position custom rom CyanogenMod decompile eclipse Eclipse IDE Emulator export Fiddler file explorer firmware flashing galaxys4 Genymotion GitHub google gps gps provider Gradle GT-19500 GT-I8150 https iceccs install internal databases iot java jd-gui Kali Kali 2020 Kali Linux Kali Linux 2020 Linux Maven mongoDB no internet Octoplus box openwrt PyCharm python qrcode reverse engineering root Samsung security Server Key smart home source code sqlite ssl ssl certificate Testing tplink TSE Ubuntu Ubuntu 14.0 Vulnerability Analysis web security Windows wr841n xposed xposed module
  • Flag Counter
  • Advertisements
  • Relax …

  • Advertisements
    Advertisements
    Advertisements
    Advertisements
    Advertisements
    Advertisements
Blog at WordPress.com.
Tech Star
Blog at WordPress.com.
Cancel

 
Loading Comments...
Comment
    ×
    %d bloggers like this: