M 105: Plaintext Login (15 pts)
What You Need for This Project
- An Android Emulator with Google Play
Purpose
To observe network transmissions from
an insecure app, and prove that they
are not encrypted properly.
Background
This problem is gaining recognition, so few
apps still have this flaw.
The app below used plaintext network transmission
on Mar 26, 2021, but eventually it may
be fixed or removed.
<
Installing a Vulnerable App
This App is no longer available in Google Play,
as of August, 2022, so we'll use an archived
APK file.
Download this APK file:
traveler.apk
Drag and drop that file onto your Android Emulator
to install the app.
Starting Wireshark
On your host system, launch Wireshark.
If you don't have it, get it at:
https://www.wireshark.org/
In the main Wireshark window, double-click the
network interface that is being used to reach
the Internet. On my system, it is "Wi-Fi: en0",
outlined in green in the image below.
Wirehark starts displaying packets.
At the top, in the Filter bar, enter this
display filter:
http
Press Enter to filter the traffic.
On your Android device,
in the vulnerable app,
enter any email and password into the login
page,
as shown below.
Wireshark shows a GET request to
/Webservice/user_login.ashx.
Click that line and expand the
"Hypertext Transfer Protocol item
in the lower pane,
as shown below.
M 105.1: Host (15 pts)
Find the text covered by a green box
in the image above. That's the flag.
|
Responsible Disclosure
I notified the developer
in 2017.
Converted to a CTF 2-28-19
Wireshark image fixed 1-29-2020
Updated 1-20-21
Updated to use Traveler app 3-26-2021
Google Play instructions removed 8-29-22
APK download link fixed 8-30-22