Xxx4444xxx · 2014/07/08 11:59

0 x00 preface

With the development of science and technology, the intelligence of mobile phones has gradually improved. At the same time, the mobile terminal has become a piece of paradise for hackers.

Almost everyone has a smartphone these days, making it easy for viruses and vulnerabilities to attack mobile software.

Below I will give you a comparison of two more famous Android security tools.

0 x01 theme

These two software are zANTI and DSploit, I believe that the latter is basically rotten street level, our CCAV has also been for mobile phone security issues of the news, security experts inside the show is dsploit the efficacy of this software, while zANTI is relatively low-key.

Let’s start with DSploit, the open source software sponsored by BackBox Linux. Install the complete Busy Box for use.

Website: www.dsploit.net/

There are currently two versions listed on the official website, one is the full version of 1.0.31. The other is a beta version of 1.1.3. The beta builds on the full version with the Metasploit framework, making it possible to implement attacks after detection. (This framework should be downloaded… I always connect wrong on the next half.

So let’s take a look at the 1.1.3 interface

This is an improvement over 1.0.31.

Then we go to one of the targets (I clicked route) to see what it can do, such as ping, scanning for system information, opening ports, etc.

There is also a routing permission east, this thing support routing shell is relatively few…

Then let’s look at its main function, which is man-in-the-middle attack. The general function is shown in the diagram

Then I used my Baidu account to do a test. After logging in my account on another mobile phone, I successfully hijacked my Cookis and logged in through its session hijacking

Let’s take a look at zANTi, which was developed by Israeli mobile security company Zimperium. Kevin Miller is also involved in the company. The zANTi software is as powerful as dsploit, if not more so. ZANTi is produced by a company rather than an individual, so the complete function needs to be purchased, of course, there is a channel is registered users (I tried. He sent me an email back in English, asking me to call them and talk about yunyun. I think it’s better not to reply because of my half-proficiency in English. After starting the software, you need to connect to Zimperium’s servers to start using it (if you are a registered or paying user, you will have access to Zimperium’s powerful burst password files and vulnerability tests) and download about five files. Don’t be a Busy box.

This is the login screen

After completing the connection, I need to scan the network and discover that my favorite is its scan. ZANTi uses Namp scanner and integrates all the functions of Namp, including plug-ins. ZANTi’s interface is quite high-end, atmospheric and classy

Below is the interface of scanning

The second thing I like is its violence guessing tool, which can do the corresponding violence guessing according to the scanned ports and services. If you are a registered user, you can enjoy the powerful dictionary provided by Zimperium, of course I am poor. Use only the native small dictionary

Then there is zANTi’s man-in-the-middle attack module, which has a few more features than Dsploit, such as changing the downloaded software. One of them is a funny thing. Is to be able to see users in the Internet when the picture (including QQ friends sent pictures). His password seems to be better than dsploit’s (you can also see if the browser has a bug, if you want to test it, no problem, give me the money). Also use my Baidu account to test (Baidu this password encryption. It’s up to you.)

Here are the features of good (bian) play (tai)

0 x02 summary

Through this comparison, I believe that you also know the difference between the two software. Each has its own advantages as well as disadvantages (zANTi uses middlemen. No matter what is searched on Baidu is searched out a pile of gibberish. Dsploit sometimes changes your system time.

Finally, I want to remind you that mobile phones have risks, and Ann (Kan quan) should be cautious.