Book Review: Practical Mobile Forensics

practical mobile forensics“Practical Mobile Forensics” by Satish Bommisetty, Rohit Tamma, and Heather Mahalik is a great book for both the individual looking to learn more about Mobile Forensics and those looking for a good smartphone reference book.

The book covers mobile forensics on Apple iOS, Android, Windows and BlackBerry devices. With the majority of emphasis spent on Apple and Android based product.

In “Practical Mobile Forensics” you will find extensive information on Apple and Android devices including models, features, architecture layout and security.

It covers multiple tools (commercial and open source) to obtain, decrypt, and analyze smartphones including recovering deleted files, contacts, messages and other data.

I am pretty familiar with the Android platform, so the book was a good refresher course on how to connect to and recover data from an Android Device. Though, as I am not as familiar with the iPhone platform, I found the book a great learning tool about Apple mobile devices and how they function and store data.

I did enjoy too that the author not only covered commercial/ law enforcement recovery tools, but also included numerous step-by-step tutorials in performing many of the same functions with open source utilities. The tutorials were easy to follow and the book was full of reference links to find out more information on the tools and technology behind mobile devices.

Though written from a legal forensics/ law enforcement point of view, security individuals will also find this book a good reference guide for mobile devices.

I highly recommend this book.

Available from Packt Publishing and Amazon.com.

Advertisements

Mana Tutorial: The Intelligent Rogue Wi-Fi Router

“Mana” by Dominic White (singe) & Ian de Villiers at Sensepost, is an amazing full feature evil access point that does, well, just about everything. Just install and run it and you will in essence receive Wi-Fi credentials or “Mana” from heaven!

Here is a link to the creator’s Defcon 22 presentation:

Not sure where to start with this one. Like other rogue Wi-Fi AP programs Mana creates a rogue AP device, but Mana does so much more.

It listens for computers and mobile devices to beacon for preferred Wi-Fi networks, and then it can impersonate that device.

Once someone connects to the rogue device, it automatically runs SSLstrip to downgrade secure communications to regular HTTP requests, can bypass/redirect HSTS, allows you to perform MitM attacks, cracks Wi-Fi passwords, grabs cookies and lets you impersonate sessions with Firelamb.

But that is not all; it can also impersonate a captive portal and simulate internet access in places where there is no access.

Mana is very effective and, well, pretty scary!

Before we get started, for best success use Kali Linux v.1.08.

And as always, this article is for educational purposes only, never try to intercept someone else’s wireless communications. Doing so is illegal in most places and you could end up in jail.

Mana Tutorial

** UPDATE ** – 10/21 – You can now install Mana in Kali by simply typing “apt-get install mana-toolkit”!

1. Download and unzip Mana from https://github.com/sensepost/mana.
2. Run the install script kali-install.sh.

Mana will then install libraries and other dependencies to work properly.

Once completed the install places the Mana program in the /usr/share/mana-toolkit directory, config files in /etc/mana-toolkit, and log files and captured creds in /var/lib/mana-toolkit.

3. Open the main config file /etc/mana-toolkit/hostapd-karma.conf

Here you can set several of the options including the default Router SSID which by default is “Internet”. Something like “Public Wi-Fi” may be more interesting. The other main setting here is “karma_loud” which sets whether mana impersonates all AP’s that it detects or not.

Lastly, all we need to do is run one of Mana’s program scripts located in usr/share/mana-toolkit/run-mana. The scripts are:

  • start-nat-simple.sh
  • start-noupstream.sh
  • start-nat-full.sh
  • start-noupstream-eap.sh

Mana Scripts

For this tutorial let’s just run Mana’s main “full” attack script.

4. Attach your USB Wi-Fi card (TL-WN722N works great).
5. Type “iwconfig” to be sure Kali sees it.

iwconfig

6. Type, “./start-nat-full.sh” to start Mana.

Mana then starts the evil AP, SSLstrip and all the other needed tools and begins listening for traffic:

Mana running

Once someone connects, Mana will display and store any creds and cookies detected as the victim surfs the web.

7. When done, press “Enter” to stop Mana

To check what you have captured run firelamb-view.sh to view captured cookie sessions:

Mana firelamb

This asks which session you want to try from the captured cookie sessions. It then tries to open the session in Firefox. If the user is still logged in you could take over their session.

You can also review the log files manually in /var/lib/mana-toolkit.

Mana works equally well against laptops and mobile devices. And the inherent trust of “preferred Wi-Fi networks” that most systems use makes this tool very effective at intercepting and impersonating wireless routers.

To defend against this type of attack turn off your wi-fi when not in use. Be very careful of using free or public Wi-Fi networks. Also, it would be best to perform any secure transactions over a wired LAN instead of using Wi-Fi!

If you enjoyed this tutorial and want to learn more about computer security testing, check out my new book, “Basic Security Testing with Kali Linux 2“.