Intercepting Blackberry Application Traffic
It is important to note that the standalone blackberry simulator does not offer any mechanism to route HTTP traffic over a web proxy. To use a web proxy for traffic interception, one has to use blackberry device simulator + MDS and email simulator. Assuming you have both installed, following steps will allow you to intercept blackberry web traffic.
Case 1: Routing HTTP traffic via web proxy:
- Browse to “\Program Files\Research In Motion\BlackBerry Email and MDS Services Simulators #.#.#\MDS\config”
- Open the rimpublic.property file
- Under the HTTP HANDLER section, add your web proxy configuration information:
The following image shows the rimpublic.property file HTTP HANDLER section for fiddler running on port 8888 on localhost.
Web Proxy Configuration |
More details on proxy configuration can be seen here. Once you save these settings and launch MDS simulator, you will be able to monitor, intercept and modify all HTTP traffic. However, we still need to put in some extra work for SSL traffic.
Image shows HTTP traffic captured for google.com |
Case 2: Routing HTTPS traffic via web proxy:
The above mentioned configuration was not successful when attempted on SSL traffic. It was time for some workaround and I thought of using a reverse proxy. The idea of using reverse proxy had some limitations but it worked seamlessly and allowed me to intercept SSL traffic for a particular domain. To demonstrate this concept, I will be using Charles Proxy’s Reverse Proxy. You can use any reverse proxy of your own choice. Lets configure the Charles proxy now.
- Obtain the IP address to which the application/browser talks
- Obtain the IP for the target domain. nslookup for mail.google.com revealed four DNS entries(74.125.226.184, 74.125.226.182, 74.125.226.181, 74.125.226.183) and one of them was chosen to be destination for reverse proxy settings. See the screenshots below for Charles Reverse Proxy settings.
- In the hosts file make an entry to forward all the target domain address to the IP at which reverse proxy is hosted. In our case, I entered the following for mail.google.com
127.0.0.1 mail.google.com - Now launch your browser and access https://mail.google.com
- The blackberry simulator will issue a certificate error. Choose the “Trust Certificate” option, provide certificate store password and the save your settings.
- All the traffic will be routed via Charles now. Enjoy!
Entry 1: To ensure that all SSL traffic is forwarded to mail.google.com:443
Listening on : 127.0.0.1:443
Forwarding to: 74.125.226.181:443 #one
Entry 2: To ensure that all plain HTTP is forwarded too
Listening on : 127.0.0.1:80
Forwarding to: 74.125.226.181:80
Image shows reverse proxy settings in Charles |
Image shows the certificate error issued when https://mail.google.com is access via reverse proxy. Choosing the “Trust Certificate” options allows SSL traffic to be intercepted. |
*** This is a Security Bloggers Network syndicated blog from Random Security authored by Gursev Singh Kalra. Read the original post at: http://gursevkalra.blogspot.com/2011/06/intercepting-blackberry-application.html