Showing posts from June, 2013

Man-in-the-middle Testing of a Mobile Application

On initial tests of a mobile application that I was utilizing it sent the username and password in plain-text to a server for authentication.  Upon working with the company they fixed the issue and asked me to test again.

I was very impressed with them fixing the mobile application so quickly.  Here are my chicken scratches of how I tested the mobile application the second time.

Using my laptop I have a wireless interface (wlan0) and then a LAN connection (eth0).  I connected a wireless access points internet side of the connection to eth0.  The wireless access points IP is and my eth0 is  Then the access points internal addressing was with DHCP range of  I then connected my mobile device to the DHCP range of that access point.

My wlan0 card was connected to with a router IP of

So in essence the flow of outbound traffic would be:
to (eth0)

Create Windows User from the Command Prompt

To create a windows user from the command prompt:

net user /add <username> <password> To add the user to the local administrators group:

net localgroup administrators <username> /add