My Pentest Log -14- (A Little Tip)

Greetings everyone from Palatium Magnum,

Today, I would like to give you information about how the IPSEC VPN configuration, which I often use during mobile tests, is done on iOS and Android.

1. I was informed by our project manager that I needed to perform mobile-based security tests on the mobile application of the company “private”.

2. As always, I was planning to verify the scope form first and start the tests, but in the information text in the scope form, I realized that I needed to connect to the ipsec vpn specially designed for testing purposes in order to access the services of the relevant application.

3. So why do we need to perform this test over VPN?

There is more than one answer to this, but the one that applies to us is that the application is an application used within the institution.

4. Based on this, IPSEC VPN settings must be made on our devices so that we can talk to the relevant services.

5. First, let’s explain step by step how to setup IPSEC VPN on Android:

A. Go to Settings and search for “VPN”.

B. Open the appropriate tab (This part may differ according to the devices.)

C. Click “Add VPN” on the page that opens.

D. Select the VPN type “L2TP/IPSec PSK”. (We choose this part because we are installing IPSEC VPN)

E. Next, Enter and Save Your “Username/Password/IP/IPSec Key” Information.

F. After saving the information, try to connect to the VPN.

G. On the Android side, you can set up IPSEC VPN this way.

5. Let’s explain step by step how to setup L2TP/IPSEC VPN on iOS side:

A. Go to Settings and search for “VPN”

B. Open the appropriate tab.

C. Do “Add VPN”.

D. Select VPN type “L2TP”

E. Next, enter your “Username/Password/IP/Secret (Enter your KEY in this section.)” information.

F. Done and complete the required operation.

G. In this way, you can set up L2TP/IPSEC VPN on the iOS side.

6. From this point on, we will need to pass the requests of the relevant application through the burp suite in order to perform the dynamic tests. In this part:

After completing the necessary installations on the mobile side, we need to connect to IPSEC VPN from our computer to view the relevant traffic over the burp suite.

Connect to the IPSEC VPN address from your computer, and then use the “ipconfig/ifconfig” command over “cmd/terminal” and keep in mind the address under the “PPP adapter Your_Name” heading.

Go back to your mobile device, enter the “WLAN” section, click your Wi-Fi network you are connected to, enter the IP address you have in mind in “Proxy”, enter any value you want in the Port section and save it. (For Android)

Go back to your mobile device, enter the “VPN” section and click on the VPN you are connected to and click on the “edit” section, then mark the “Proxy” section as “Manual” and enter the IP address you have in mind in the “Server” section and enter any value you want in the Port section and save. (For iOS)

Now, let’s go back to our Burp Suite tool and click on the “options” section from the “proxy” tab, select the IPSEC address we have in mind by saying “Add” over the “Proxy listeners” section, and add the port we entered into the phone in the port section.

7. Now that we have completed the IPSEC setup both on the mobile side and on our computer and made the necessary adjustments to display the relevant application traffic over burp suite , we can now easily start the tests.

In summary:

It is a living example that we need to read the scope form carefully. If we had installed and tested the application by rote, we would have noticed that there was no request.