If you are familiar with mobile penetration testing and you did one before, you probably came across this kind of situation when you want to intercept the application HTTP or HTTPS traffic using your favorite proxy tool such as Burp Suite, Fiddler, Charles , etc.
After modifying the WIFI connection and adding your proxy host and port there, you should immediately be able to capture the HTTP/S traffic.
However, this kind of method is not always working since some mobile applications are using customized HTTP/S functionalities within the device.
So what you should do in order to capture all of the HTTP/S traffic from the mobile device without breaking you heads? it’s simple, use Vproxy!
Vproxy is a python script that built to quickly configure a PPTP VPN server that will redirect HTTP/S traffic to your favorite proxy instance host.
This script was built and test on Kali-Linux and should work on any linux distribution
pip install termcolor
Setup VPN server on localip and redirect traffic sent from the clients (80,443) to proxy 192.168.1.10:8080
$sudo python vproxy.py -localip 192.168.1.9 -phost 192.168.1.10 -pport 8080 -port 80,443
- Help Penetration Testers conduct mobile security assessment easier
- Intercept Mobile HTTP/S traffic from any mobile device
Configuring VPN Videos
IOS – https://www.youtube.com/watch?v=TC-xJ9rCTXU
Android – https://www.youtube.com/watch?v=bFeJZKX4O3A