.

Using Mobile Devices For Pentesting

<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Mon Dec 19, 2011 10:51 pm

Using Mobile Devices For Pentesting

My sister just got an iPad from her work (apparently you can't teach 2nd grade without one now--when I was in grade school I think there 10 Apple IIs for the whole school!), and although I personally don't see the appeal for tablets, it got me thinking: has anyone here found a use for mobile devices in pentesting? 

There are quite a number of articles about performing a pentest on mobile applications, but besides one or two interesting projects, I couldn't really find anyone using smartphones or tablets to help perform a pentest.  This is understandable given the limited processing power, but I was just wondering does anyone here have any thoughts or personal experience on this topic?
Sec+, eCPPT
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Dec 20, 2011 9:42 am

Re: Using Mobile Devices For Pentesting

A couple of the android based tablets have been hacked to run BT.  I also know someone who got it to run on their Moto Atrix.  As for the iPad, I think Apple has it locked down enough but I believe some have gotten it jailbroken to run WiFi sniffers.  Performance wise, I can't see them being an asset, I suppose you can rig one to be a RF sniffer and carry it in a small neoprene sleave with the scanner attached similar to the netbook version.  Walk around NYC grabbing cards and such.
Certs: GCWN
(@)Dewser
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Dec 20, 2011 10:04 am

Re: Using Mobile Devices For Pentesting

For most activities involved in general pen testing a tablet or smartphone would be my last choice of platform.  Yes, some folks have done full BT installs on them but that is more for amusement than anything else.  Just not enough horsepower to do it directly from the mobile device.  That being said, I use an ipad in the field to do some quick remote access into a server I use for pen testing.  iSSH into the box to fire of nmap scans, msfcli, etc.  That's cheating as the tablet isn't really doing any of the testing, just giving me quick access to the box that is.  Some of the droid platforms can be used to do some wireless testing, but you're obviously going to be limited by antennas, injection capabilities, etc.  You're also not going to be doing much WEP or WPA cracking on the mobile, but you might be able to pass it off to another system for the actual cracking.  You can also find apps like droidsheep and others that are fun to play with, but still, more fun than functional. 
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

chrisg

Post Tue Dec 20, 2011 10:47 pm

Re: Using Mobile Devices For Pentesting

you can do it but the keyboards on the tablets make things unfun to do anything serious.
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed Dec 21, 2011 2:12 am

Re: Using Mobile Devices For Pentesting

pseud0 wrote:You can also find apps like droidsheep and others that are fun to play with, but still, more fun than functional. 


Yeah, this is kinda the feeling I got when I looked this topic online.

ChrisG wrote:you can do it but the keyboards on the tablets make things unfun to do anything serious.


I HATE typing on my phone, I can call and leave a voicemail faster than I can send a text!
Sec+, eCPPT
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Wed Dec 21, 2011 9:02 am

Re: Using Mobile Devices For Pentesting

I bought this for myself as an early Xmas present.  Pretty happy with it so far in regards to being functional and portable.  I can sync it with my ipad or my droid phone.  Makes it a lot easier to use either one as a ssh platform into the actual testing server.

http://www.amazon.com/Verbatim-97537-Wi ... B004L9LT2E
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

kuddus ali

Newbie
Newbie

Posts: 1

Joined: Thu Dec 22, 2011 11:41 am

Post Thu Dec 22, 2011 11:55 am

Re: Using Mobile Devices For Pentesting

tablets and ipad and others does not normally provide the option to use mobile to pentest but now some softwares are there which can help to use cell for this purpose
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Thu Dec 22, 2011 1:10 pm

Re: Using Mobile Devices For Pentesting

I did a talk at deacon about three years back on this exact topic. It was titled "hacking WITH the iPod touch."

The issues and advantages addressed in that talk are still relevant.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Thu Dec 22, 2011 2:48 pm

Re: Using Mobile Devices For Pentesting

Thanks Tom, I found it, I'll take a look at it tonight.
Sec+, eCPPT

Return to Mobile

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software