EH-Net

My sister just got an iPad from her work (apparently you can't teach 2nd grade without one now--when I was in grade school I think there 10 Apple IIs for the whole school!), and although I personally don't see the appeal for tablets, it got me thinking: has anyone here found a use for mobile devices in pentesting? 

There are quite a number of articles about performing a pentest on mobile applications, but besides one or two interesting projects, I couldn't really find anyone using smartphones or tablets to help perform a pentest.  This is understandable given the limited processing power, but I was just wondering does anyone here have any thoughts or personal experience on this topic?

A couple of the android based tablets have been hacked to run BT.  I also know someone who got it to run on their Moto Atrix.  As for the iPad, I think Apple has it locked down enough but I believe some have gotten it jailbroken to run WiFi sniffers.  Performance wise, I can't see them being an asset, I suppose you can rig one to be a RF sniffer and carry it in a small neoprene sleave with the scanner attached similar to the netbook version.  Walk around NYC grabbing cards and such.

For most activities involved in general pen testing a tablet or smartphone would be my last choice of platform.  Yes, some folks have done full BT installs on them but that is more for amusement than anything else.  Just not enough horsepower to do it directly from the mobile device.  That being said, I use an ipad in the field to do some quick remote access into a server I use for pen testing.  iSSH into the box to fire of nmap scans, msfcli, etc.  That's cheating as the tablet isn't really doing any of the testing, just giving me quick access to the box that is.  Some of the droid platforms can be used to do some wireless testing, but you're obviously going to be limited by antennas, injection capabilities, etc.  You're also not going to be doing much WEP or WPA cracking on the mobile, but you might be able to pass it off to another system for the actual cracking.  You can also find apps like droidsheep and others that are fun to play with, but still, more fun than functional. 

you can do it but the keyboards on the tablets make things unfun to do anything serious.

Yeah, this is kinda the feeling I got when I looked this topic online.


I HATE typing on my phone, I can call and leave a voicemail faster than I can send a text!

I bought this for myself as an early Xmas present.  Pretty happy with it so far in regards to being functional and portable.  I can sync it with my ipad or my droid phone.  Makes it a lot easier to use either one as a ssh platform into the actual testing server.

http://www.amazon.com/Verbatim-97537-Wireless-Bluetooth-Keyboard/dp/B004L9LT2E

tablets and ipad and others does not normally provide the option to use mobile to pentest but now some softwares are there which can help to use cell for this purpose

I did a talk at deacon about three years back on this exact topic. It was titled "hacking WITH the iPod touch."

The issues and advantages addressed in that talk are still relevant.

Thanks Tom, I found it, I'll take a look at it tonight.