The report is about the security of mobile applications.
We will freshen up in memory which data transfer protocols a mobile application uses when communicating with the server, and also how the symmetric / asymmetric encryption, the public key infrastructure and https work and what problem they solve. We will consider the ‘man in the middle’ attack type and learn how to protect from it in a mobile application.
In addition, we will get acquainted with such irreplaceable tools as Wireshark and Charles.
We’ll consider the ways to get the MITM-position, conduct classical attacks on HTTPS in the browser (SSLStrip +).We will learn to detect vulnerabilities of HTTPS-clients at the example of an Android application. We will also speak about mistakes in client-server communications.
Android part of the workshop will require phone with Android and such programs as bettercap, mitmproxy, openssl, adb and Android Studio (optional). It is recommended to use Kali Linux (can be live).