This project was executed in order to bring more attention to the severity of this issue.
What is still needed:
Directions for testing:
On your Metasploit host machine:
- Check-out the http-proxy branch (not yet merged):
$ git clone https://github.com/jduck/metasploit-framework.git -b http-proxy
NOTE: if you have an existing metasploit-framework checkout, you can download less data using the following commands instead:
$ git add remote jduck https://github.com/jduck/metasploit-framework.git $ git fetch jduck $ git checkout jduck/http-proxy
Create the modules/exploits/android/mitm/http directory inside the checkout.
Place the module in modules/exploits/android/mitm/http directory.
Run the exploit module using a configuration similar to that in the included addjsif-exploit.msfrc file.
$ msfconsole -nL -r addjsif-exploit.msfrc
On your Android test device:
Go to Settings->Wi-Fi
Long press an existing connected network or connect to the one where the Metasploit instance lives.
Choose "Modify Network" if you are using an existing connection
Scroll to the bottom (both connecting and modifying now)
Check the "Show advanced options" box
Scroll down to "Proxy settings"
Choose "Manual" from the drop-down
Scroll down to see the "Proxy hostname" and "Proxy port" fields
Enter the Metasploit instance's IP address
Enter the Metasploit module's SRVPORT (8081 in the included msfrc)
Utilize vulnerable applications
The HTTP proxy code does not currently handle intercepting SSL traffic
Occasionally requests being transparently proxied may cause Metasploit to lag and stop responding. This can be fixed by:
msf > threads -K msf > rexploit
The linux/armle/shell/reverse_tcp (staged payload) crashes on armv7