Intercepting FireTV traffic using Burpsuite

 If you need to intercept Amazon FireTV traffic over Burpsuite, just follow these steps:

1. Create a new cert from Burp

2. Convert the cert to a pem file.

openssl x509 -inform der -in cacert.der -out cacert.pem

3. Push the cert to the device

adb push cacert.pem /storage/emulated/0/Download

4. Install the cert

adb shell am start -a "android.intent.action.VIEW" -d "file:///storage/emulated/0/Download/cacert.pem" -t "application/x-x509-ca-cert"

• Note at this time Amazon fire stick will prompt you to login to your Amazon Account, things may not working properly i.e. the typing stuff etc, so use SCRCPY to navigate the screens on your laptop.

5. Enable the proxy by using this view. 

adb shell am start -n com.amazon.ssm/.ControlPanel

Thank you - hope this post is helpful.

Comments

My kindle support said…
I am pleased that this article provided me with some important information. Thank you so much for sharing it. Keep up the good work. Amazon Fire Stick Not Registering
10:01 AM
Rockgeek said…
This kinda worked until the end. It prompts for the username/password, I press ok, and it says the certificate can't be installed, without allowing me to do anything
10:18 PM
Post a Comment

Popular posts from this blog

The correct way to install Jython (for Burpsuite)

You need to install Jython the correct way in order to ensure some of the Burp plugins work correctly. Some of these Burp plugins depend on Python libraries for e.g. requests, so installing Jython and then using  $ wget https://repo1.maven.org/maven2/org/python/jython-installer/2.7.2/jython-installer-2.7.2.jar $ java -jar jython-installer-2.7.2.jar -s -d /path/to/install/jython -t standard Further for e.g. if you need requests install it like this: Download requests-2.25.1.tar.gz from the official repo ( https://pypi.org/project/requests/#files ), then go to that directory in terminal, and type the following command, java -jar /Users/brutus/Downloads/jython-standalone-2.7.2.jar setup.py install
Read more

RFID cloning with Proxmark3 Easy

Image
In this post, I would like to explain how in a recent Red Team engagement, I successfully managed to clone an RFID Access Control card and gained entry into the premise. #TheKit The client was using HiD 125khz cards. I used "Proxmark 3 Easy" which is a low cost RFID cloning kit, is a stripped down version of the real “ Proxmark 3 RDV 2 ”. The "Proxmark3 easy" does not support several things like battery, relaying and doesn't have an amplifier, also it has a smaller memory. But the device is quite sufficient during a Red Team Physical engagement. It looks something like this when you order on Amazon. I wanted to build a mobile RFID cloning kit and use it for my Red Team engagements, but note with this setup the scanning distance of 6cm is useless in real engagements, I'm not that brave enough and you really have to get up close to clone a card so the setup initially didn't work, however I got lucky and me and my partner found a lost targe...
Read more

Extracting an IPA; App distributed through Testflight

So in one of my iOS app pentest the app was distributed on TestFlight, I needed a clean IPA to makesure, I review the app after unpacking it. The option was for me to use a Jailbroken device and use Ext3nder, which allows the app to be re-packaged. Once you do that you could use SCP to download the IPA and use it to analyse or side load through xCode.
Read more