If you are familiar with mobile penetration testing and you did one before, you probably came across this kind of situation when you want to intercept the application HTTP or HTTPS traffic using your favorite proxy tool such as Burp Suite, Fiddler, Charles , etc.
After modifying the WIFI connection and adding your proxy host and port there, you should immediately be able to capture the HTTP/S traffic.
However, this kind of method is not always working since some mobile applications are using customized HTTP/S functionalities within the device.
So what you should do in order to capture all of the HTTP/S traffic from the mobile device without breaking you heads? it’s simple, use Vproxy!
Vproxy
Vproxy is a python script that built to quickly configure a PPTP VPN server that will redirect HTTP/S traffic to your favorite proxy instance host.
Screenshot
System Requirements
This script was built and test on Kali-Linux and should work on any linux distribution
Prerequisites
pip install termcolor
Usage
Setup VPN server on localip and redirect traffic sent from the clients (80,443) to proxy 192.168.1.10:8080
$sudo python vproxy.py -localip 192.168.1.9 -phost 192.168.1.10 -pport 8080 -port 80,443
The Goal
- Help Penetration Testers conduct mobile security assessment easier
- Intercept Mobile HTTP/S traffic from any mobile device
IOS - https://www.youtube.com/watch?v=TC-xJ9rCTXU
Android - https://www.youtube.com/watch?v=bFeJZKX4O3A