Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows

TL;DR: You can configure Burp to use your PKCS#11 (or Belgian eID) card to set up client-authenticated SSL sessions, which you can then intercept and modify. This blog post shows how you can easily view and modify your¬†own, local traffic.¬† In order to complete this tutorial, you still need a valid eID card, and the … Continue reading Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows

Using a custom root CA with Burp for inspecting Android N traffic

TL;DR: Follow these steps to intercept traffic using Burp with a self made root CA on Android (or any browser) The problem In a previous blogpost, we presented a Magisk module that easily integrates user certificates into the system CA store in order to bypass Android N's new hardened security model. For instrumenting applications, this … Continue reading Using a custom root CA with Burp for inspecting Android N traffic

Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp

Intercepting HTTPS traffic is a necessity with any mobile security assessment. By adding a custom CA to Android, this can easily be done. As of Android Nougat, however, apps don't trust client certificates anymore unless the app explicitly enables this. In this blogpost, we present a new¬†Magisk module, that circumvents this requirement, by automatically adding … Continue reading Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp

MoveBot: Battling inactivity one micro-exercise at a time

Many of our NVISO¬†colleagues are very active during their free time.¬†We have colleagues who go mountain-biking, rock climbing, swimming, running, ... The problem is that during the day, they often sit at their desk for four hours straight, grab some lunch, and go back to their desk to sit and work at their computers. To … Continue reading MoveBot: Battling inactivity one micro-exercise at a time

CSCBE Challenge Write-up – Trace Me

This is the first post in a series of write-ups on some of the challenges that were tackled by students during our Cyber Security Challenge¬†Belgium this month. Credits All challenges of the Cyber Security Challenge Belgium are created by security professionals from many different organisations. The TraceMe¬†challenge in particular was created by Vasileios Friligkos, one … Continue reading CSCBE Challenge Write-up – Trace Me