[guardian-dev] possible to turn a phone into a mobile multi-use penetration testing platform?

Hans-Christoph Steiner hans at guardianproject.info
Mon Jun 23 09:57:32 EDT 2014


Try running Lil' Debi on an Android device.  It's easy to run a webserver, and
most Debian things run just fine.  The key difference is that it is the
Android Linux kernel, not Debian's, so depending on your device, that kernel
might not have all the things you need.

https://github.com/guardianproject/lildebi/wiki

Lil' Debi is in FDroid and in Google Play.

.hc

On 06/22/2014 01:58 PM, Natanael wrote:
> Den 22 jun 2014 19:08 skrev "cexinho ." <cexinho at gmail.com>:
>>
>> Hello all, i'm still trying to understand the full potential pf android
> and the hardware used in it.
>> I was wondering if it's possible to turn an Android phone into a fully
> fledged penetration testing platform.
>> i'll try to elaborate a bit:
>>  -I know it's possible to use a cellphone jammer to jam the signal from
> other phones, but is it possible to turn an android phone into a jammer or
> even a "proxy" for cellphone signals, allowing in a sense the tampering and
> sniffing of communications?
> 
> You would need to reverse engineer the radio firmware. Technically it could
> be done if you have hardware and firmware support, but that's unlikely.
> There's an SDR project too, but it isn't that capable yet (you can however
> use it with some TV receivers and USB-OTG to receive FM radio).
> 
>>  -Is it possible to reverse the USB process when connected to a computer,
> and make for ex adb work from phone to the computer. It's possible to
> achieve something like this trough wifi, but i want a wired and faster
> solution to allow a more practical approach.
> 
> Look up P2P-adb and various USB based apps. I think back when PS3 was
> jailbreakable over USB, people managed to do it from Android. You want a
> device with USB host mode support.
> 
> Also, for WiFi based look up dsploit. It has a lot of bundled basic classic
> attacks like arp spoofing (redirecting traffic on the WLAN) and
> upsidedownternet. There's even a few defense apps that detect arp spoofing
> and various hijack attempts.
> 
>> -Also was wondering if its possible to turn an android phone into a web
> server, no need to be a powerful one a scrap powered one would be fine.
> 
> Yes, there are tons of servers, of all kinds. Both for static and dynamic
> content. Even some using SL4A (scripting layer for Android) and Python.
> Others with ports of regular Linux servers.
> 
>> -Was also wondering if its possible to install linux packaged
> applications on android, ones that are not meant to be used on phone.
> 
> You can run full Linux in chroot with some tricks, and there's the VM app
> Limbo which even is capable of virtualizing x86. So you can do it that way.
> The chroot based methods will likely be perform better than a VM like Limbo
> (less overhead).
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81


More information about the Guardian-dev mailing list