4

I have been learning about security testing on Android apps, and to intercept traffic I was using Burp Suite. I know it works perfectly for HTTP/HTTPS traffic, but most of the messenger apps are using the XMPP protocol for their communication.

I did a little research on how XMPP works, the relationship with Jabber and all. What I lack is a tool to intercept the XMPP traffic. Burp Suite is unable to intercept the XMPP traffic. I heard about xmpppeak and IMSpector but I didn't try them. I would like to know what tools can intercept XMPP traffic.

I understand tool recommendation is not entertained on Stack Exchange, but still I believe it's a common requirement as attacks on Android apps are rising high these days.

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
Anandu M Das
  • 1,981
  • 14
  • 31
  • 46

1 Answers1

0

I guess set up a VPN-server of your own, connect your phone to it and intercept everything with wireshark could work given that you have the neccesairy certificates or are able to MITM yourself with a fake TLS certificate.

Alternatively one of the many tcpdump-alternatives for android for use with wireshark?

vidar
  • 124
  • 3
  • Wireshark is not that user friendly for a security tester. I am looking for something like Burp or Webscarab. :) – Anandu M Das Jan 30 '15 at 10:05
  • I am not sure XMPP is supported by burp as it is not an HTTP-protocol ( http://forum.portswigger.net/thread/587/failed-parse-first-line-request ) – vidar Feb 02 '15 at 09:48
  • I know that and thats the problem I mentioned in question :P – Anandu M Das Feb 02 '15 at 10:34
  • yeah, hehe remember, that's why I said wireshark.. Moday hitting me hard. Did you check out this wireshark plugin:https://code.google.com/p/xmpp-dissector/ ? Have not tried it out myself. – vidar Feb 02 '15 at 10:44