Hands-on experiments to demonstrate the exploitability of insecure TLS configurations in Android apps

Overview

Containerized Demo for Insecure TLS Certificate Checking in Android

Overview

This repository contains the files you need to run the demos for our blog post on insecure TLS certificate checking in Android apps. There are two parts to the repo:

  1. Example app: In app/ you will find the full AndroidStudio project for the example app that showcases different TLS checking implementations.
  2. Docker setup: By running setup.sh you prepare a Docker environment consisting of several containers: An Android emulator is spawned and a web frontend to interact with it is made available on https://localhost (Note that this frontend uses a self-signed certificate). Additionally, an example web server container is created, which will be used as the backend for the demo scenarios. The last part of the setup is an attacker container, through which you will be able to interactively intercept web traffic between backend server and Android emulator.

Scenario Overview

The backend serves a simple HTML website over HTTPs. This mimicks the situation where sensitive data is provided over a secure connection. The catch is that the certificate it uses (see backend/nginx-certs/) has not been issued by a globally trusted CA but rather by a custom one.

The Android app in app/ fetches the data provided by this server and displays it to the user. In order to make Android accept the custom certificate, the default certificate checking mechanism needs to be modified. To showcase different insecure ways of doing so, the app consists of several tabs, where each fetches the data using a different workaround commonly found online. You can check out the corresponding source code in WebViewFragment.kt.

In the blog post we cover three different types of implementation errors:

  1. WebView ignores all SSL errors: See setupInsecureWebView()
  2. Malfunctioning X509TrustManager Implementations: See setupInsecureTrustManager()
  3. Disabled Host Name Checks: See setupInsecureHostnameVerifier()

This app will be installed to a containerized Android emulator that lives in the same virtual network as the backend server and the attacker. Setting this network up is explained in the next section.

Prerequisites

In order to launch the demo environment, you will need to have docker-compose installed, as well as Python3, NodeJS and npm. Also make sure to have the Android SDK installed (SDK platform version 31). The ANDROID_SDK_ROOT environment variable needs to point to its installation directory, usually ~/Android/Sdk. All other necessary dependencies will be downloaded automatically.

Docker Setup

Running setup.sh will get the necessary files to set up the Docker containers, which may take a while, depending on your system performance and Internet speed. Afterwards you can launch the containers with run.sh. This script takes care of several things:

  1. The Android emulator will be booted and a web interface to interact with it is made available on https://localhost (Note that the website uses a self-signed certificate). Login with username user and password pass. Then you should see the emulator screen, with which you can interact using your mouse.
  2. In the meantime, the example app is compiled and once the emulator is fully booted up it is installed and launched automatically.
  3. Once the app is running, a bash shell is opened on the attacker container so that you can interactively experiment with the man-in-the-middle setup. As a quick start, you can simply execute the start.sh script that you will find in the current working directory where the shell was spawned (/eve_files on the container). This script sets up the attacker proxy using the mitmproxy tool without needing any user input. You can then observe intercepted traffic in the console that will show up. To exit the console and stop the attack, simply press Ctrl+C and confirm. Should you want to deviate from the default attacker script, feel free to inspect start.sh and the associated proxy.py file.
  4. After you are done exploring the demos, simply exit the attacker shell as usual (Ctrl+D or typing exit). This will automatically shut down the containers in a clean way.
You might also like...
LocalisationDemo - A sample project to demonstrate localization in android

LocalisationDemo This is a sample project to demonstrate localization in android

This is a sample app to demonstrate the power of using EventSourced models and the ease with which these can be modelled using Kotlin.
This is a sample app to demonstrate the power of using EventSourced models and the ease with which these can be modelled using Kotlin.

Lego 4 Rent This is a sample app to demonstrate the power of using EventSourced models and the ease with which these can be modelled using Kotlin. To

A complete Kotlin application built to demonstrate the use of Modern development tools with best practices implementation using multi-module architecture developed using SOLID principles
A complete Kotlin application built to demonstrate the use of Modern development tools with best practices implementation using multi-module architecture developed using SOLID principles

This repository serves as template and demo for building android applications for scale. It is suited for large teams where individuals can work independently on feature wise and layer wise reducing the dependency on each other.

A sample to demonstrate how to use Compose with Ktor Websockets
A sample to demonstrate how to use Compose with Ktor Websockets

This is a sample to demonstrate how to use Compose with Ktor Websockets

AndroidIDE - an IDE for Android to develop full featured Android apps on Android smartphones.
AndroidIDE - an IDE for Android to develop full featured Android apps on Android smartphones.

AndroidIDE - an IDE for Android to develop full featured Android apps on Android smartphones.

📌This repo contains the kotlin implementation of TensorflowLite Example Android Apps🚀
📌This repo contains the kotlin implementation of TensorflowLite Example Android Apps🚀

TensorflowLite Examples Kotlin This repo contains the kotlin implementation of TensorflowLite Example Apps here, which are mostly implemented in java

Sushi Design System - UI Kit for Android apps
Sushi Design System - UI Kit for Android apps

Sushi Design System ⚡️ Android UI Kit ⚡️ Application is available here: Latest release: Usage The master branch is being used for release and dev is t

Android & iPhone payments apps built w/ SwiftUI & Jetpack Compose
Android & iPhone payments apps built w/ SwiftUI & Jetpack Compose

Android & iPhone payments apps built w/ SwiftUI & Jetpack Compose, the apps persist data locally w/ SQLDelight and Remote w/ Firebase., Payments w/ Stripe and are architected to emphasize code sharing

XCore is a Open-Source , simple and lightweight API & Template for Android Apps.

XCore XCore is a Open-Source , simple and lightweight API & Template for Android Apps. Support XCore is compatible with Android Studio & Sketchware Pr

Building Web Applications with React and Kotlin JS Hands-On Lab

Building Web Applications with React and Kotlin JS Hands-On Lab This repository is the code corresponding to the hands-on lab Building Web Application

Brian Donnoe 0 Nov 13, 2021
KoltinPulsar - A collection of experiments using Kotlin with Apache Pulsar

Some Experiments of using Kotlin and Apache Pulsar This is a collection of exper

Wayne Ellis 0 Jan 11, 2022
A creatively named utility for developing biome configurations for Terra

Biome Tool Biome Tool is a creatively named utility for developing biome configurations for Terra This is a simple dummy platform implementation that

Polyhedral Development 5 Aug 17, 2022
A podcast proxy that sits between itunes search api and android apps allowing normalization of rss feeds to standard Json format that can be consumed by apps.

Podcasts Rss Feeds Search Proxy A podcast proxy written using kotlin dsl that sits between itunes search api, podcasts rss feeds and android apps allo

8BitsLives .❤️ 2 Nov 27, 2022
In this Repo i create public apis to serve apps, like muslim apps using Spring, kotlin, and microservices

spring-freelance-apis-kotlin In this Repo i create public apis to serve apps, like muslim apps using Spring, kotlin, and microservices This repo for l

null 6 Feb 13, 2022
Reach plc. Apps Team Exercise (Junior)Reach plc. Apps Team Exercise (Junior)

Reach plc. Apps Team Exercise (Junior) Description One of our magazines is looking for new sources of revenues and starts a few partnerships with beau

null 0 Nov 9, 2021
Shreyas Patil 2.2k Jan 4, 2023
📒 NotyKT is a complete 💎Kotlin-stack (Backend + Android) 📱 application built to demonstrate the use of Modern development tools with best practices implementation🦸.

NotyKT ??️ NotyKT is the complete Kotlin-stack note taking ??️ application ?? built to demonstrate a use of Kotlin programming language in server-side

Shreyas Patil 1.4k Dec 26, 2022
Sample app to demonstrate the integration code and working of Dyte SDK for android, using Kotlin.

Dyte Kotlin Sample App An example app in kotlin using the Dyte Mobile SDK Explore the docs » View Demo · Report Bug · Request Feature Table of Content

Dyte 8 Dec 3, 2021