yehgdotnet · November 2, 2019 02:53
diff --git a/gistfile1.txt b/gistfile1.txt
 https://mobile-security.gitbook.io/mobile-security-testing-guide/general-mobile-app-testing-guide/0x04f-testing-network-communication

 Dealing with Xamarin

 Xamarin is a mobile application development platform that is capable of producing native Android and iOS apps by using Visual Studio and C# as programming language.

 When testing a Xamarin app and when you are trying to set the system proxy in the WiFi settings you won't be able to see any HTTP requests in your interception proxy, as the apps created by Xamarin do not use the local proxy settings of your phone. There are two ways to resolve this:

 Add a default proxy to the app, by adding the following code in the OnCreate()or Main() method and re-create the app:WebRequest.DefaultWebProxy = new WebProxy("192.168.11.1", 8080); Use ettercap in order to get a man-in-the-middle position (MITM), see the section above about how to setup a MITM attack. When being MITM we only need to redirect port 443 to our interception proxy running on localhost. This can be done by using the command rdr on macOS:$ echo " rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8080 " | sudo pfctl -ef -

 The interception proxy need to listen to the port specified in the port forwarding rule above, which is 8080
	https://mobile-security.gitbook.io/mobile-security-testing-guide/general-mobile-app-testing-guide/0x04f-testing-network-communication

	Dealing with Xamarin

	Xamarin is a mobile application development platform that is capable of producing native Android and iOS apps by using Visual Studio and C# as programming language.

	When testing a Xamarin app and when you are trying to set the system proxy in the WiFi settings you won't be able to see any HTTP requests in your interception proxy, as the apps created by Xamarin do not use the local proxy settings of your phone. There are two ways to resolve this:

	Add a default proxy to the app, by adding the following code in the OnCreate()or Main() method and re-create the app:WebRequest.DefaultWebProxy = new WebProxy("192.168.11.1", 8080); Use ettercap in order to get a man-in-the-middle position (MITM), see the section above about how to setup a MITM attack. When being MITM we only need to redirect port 443 to our interception proxy running on localhost. This can be done by using the command rdr on macOS:$ echo " rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8080 " \| sudo pfctl -ef -

	The interception proxy need to listen to the port specified in the port forwarding rule above, which is 8080