Home » Posts filed under Android

[AndroRat] Remote Administration Tool for Android

in , , - on 12:17 AM - No comments
androrat-remote-administration-tool-for-android

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
The name Androrat is a mix of Android and RAT (Remote Access Tool).
It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.

Technical matters
  • The android application is the client for the server which receive all the connections.
  • The android application run as a service(not an activity) that is started during the boot. So the user does not need to interact with the service (Even though there is a debug activity that allow to configure the IP and the port to connect to).
  • The connection to the server can be triggered by a SMS or a call (this can be configured)
All the available functionalities are:-
  • Get contacts (and all theirs informations)
  • Get call logs
  • Get all messages
  • Location by GPS/Network
  • Monitoring received messages in live
  • Monitoring phone state in live (call received, call sent, call missed..)
  • Take a picture from the camera
  • Stream sound from microphone (or other sources..)
  • Streaming video (for activity based client only)
  • Do a toast
  • Send a text message
  • Give call
  • Open an URL in the default browser
  • Do vibrate the phone
Folders
The project contains the following folders:
  • doc: Will soonly contain all the documentation about the project
  • Experiment: Contain an experimental version of the client articulated around an activity wish allow by the way to stream video
  • src/Androrat: Contain the source code of the client that should be put on the android plateform
  • src/AndroratServer: Contain the sources of the Java/Swing server that can be run on any plateform
  • src/api: Contain all the different api used in the project (JMapViewer for the map, forms for swing, and vlcj for video streaming)
  • src/InOut: Contain the code of the content common for the client and the server which is basically the protocol implementation

Read more
Labels: , ,

[zAnti] Android Network Toolkit

in , , - on 12:12 AM - No comments
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti

Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them


Read more
Labels: , ,

[Intercepter-ng] Sniffer de Red con SSLstrip para Android

in , , , , , - on 10:23 AM - No comments

Intercepter-NG es una aplicación que nos permitirá capturas el tráfico de datos en la red local a la que estemos conectados. Esta herramienta tiene la funcionalidad de analizador de protocolos al más puro estilo Wireshark aunque con muchísimas menos opciones. Con Intercepter-ng podremos ver cookies de las diferentes conexiones que se realicen así como realizar ataques contra SSL con SSLStrip.

En RedesZone tenéis un completo manual de utilización de SSLstrip y cómo funciona exactamente para “descifrar” el tráfico SSL. La aplicación tiene varias pestañas para elegir el objetivo, iniciar el analizador de paquetes y ver todo el tráfico en detalle y también las cookies de las páginas web que la víctima ha visitado.
Lo primero que debemos hacer con esta aplicación es pulsar en el radar para escanear los posibles objetivos, una vez seleccionado el objetivo nos movemos por las pestañas para ir viendo las diferentes opciones que nos brinda esta aplicación.

Alguna de las utilidades es que nos permite recuperar la contraseña y los archivos que se transmitan en la red que estamos analizando.

Los requisitos que necesita esta aplicación son los siguientes:
  • Android 2.3.3 o superior
  • Ser root
  • Tener instalado Busybox

Read more
Labels: , , , , ,

[Orbot] Mobile Anonymity + Circumvention

in , , , , , - on 9:03 PM - No comments


Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Orbot is the only app that creates a truly private internet connection. As the New York Times writes, “when a communication arrives from Tor, you can never know where or whom it’s from.” Tor won the 2012 Electronic Frontier Foundation (EFF) Pioneer Award.

Read more
Labels: , , , , ,

[Bugtroid] Pentesting for Android

in , , , - on 4:10 PM - No comments
Bugtroid is an innovative tool developed by the team of Bugtraq-Team.
The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through its Smarthphone or tablet.
It has a menu categorized according to the nature of the tool may find:

  • Anonymity
  • Search People
  • Audit for frequencies 802.11 (Wireless and Bluetooth)
  • Mapping Networks
  • Remote
  • DDOS
  • Sniffers
  • Pentesting
  • Security
  • Forensic
  • Web Analysis
  • Cryptography
  • Brute Force
  • Antivirus
  • System

From the application menu you can:

  • Check the information on the tool.
  • Install the application.
  • Uninstall the Application.
  • Run the Application (PRO)
  • also paragraph settings available, which will serve to manage and install certain requirements for the proper functioning of the tools as well as other fnciones:
  • Set wallpaper
  • Install the minimum requirements for running the tools
  • Install shortcuts on the desktop (PRO)
  • Install shortcuts Console (PRO)
  • Installation of interpreters: Perl, Python, Ruby, PHP and Mysql (PRO)


Bugtraq team-Team can not be held responsible for the use to which it can be applied to these tools, or the contents thereof.

Read more
Labels: , , ,

[APKinspector] Powerful GUI tool to analyze the Android applications

in , , , , , , , - on 9:45 AM - No comments
The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps:
  • CFG
  • Call Graph
  • Static Instrumentation
  • Permission Analysis
  • Dalvik codes
  • Smali codes
  • Java codes
  • APK Information

What’s new?

UI Improvement:
  • Automatically installation
  • Fine-grained Graph View to Source View
  • Call Graph
  • Navigation
  • Better display of Control Flow Graph
New Analysis Features:
  • Reverse the Code with Ded for Java Analysis
  • Static Instrumentation
  • Combine Permission Analysis  

Read more
Labels: , , , , , , ,

[Cryptocat] Chat Client with encrypted conversations on iPhone and Android

in , , , , , - on 4:34 PM - No comments

Cryptocat is an experimental browser-based chat client for easy to use, encrypted conversations. It aims to make encrypted, private chat easy to use and accessible. We want to break down the barrier that prevents the general public from having an accessible privacy alternative that they already know how to use. 

Cryptocat is currently available for Chrome, Firefox and Safari. It uses the OTR protocol over XMPP for encrypted two-party chat and the (upcoming) mpOTR protocol for encrypted multi-party chat.


Read more
Labels: , , , , ,