Chapter 6. Server-Side Attacks
This chapter gives an overview of attack surface of Android apps from server side. We will discuss the possible attacks on Android Apps backend, devices, and other components in application architecture. Essentially, we will build a simple threat model for a traditional application that communicates with databases over the network. It is essential to understand the possible threats that an application may come across for performing a penetration test. This chapter is a high level overview and contains less technical details as most of the server side vulnerabilities are related to web attacks and have been covered extensively in OWASP Testing and Developer guides.
This chapter covers the following topics:
Type of mobiles apps and their threat models
Understanding mobile app's service side attack surface
Strategies for testing mobile backend
Setting up burp proxy for testing
Via APN
Via Wi-Fi
Bypassing Certificate Errors
Bypassing HSTS
Bypassing Certificate Chaining
Few...