EvilZone
Hacking and Security => Mobile Hacking => Android => : vektor October 03, 2012, 01:15:21 AM
-
Has anyone here ever messed around with ANTI before? It's the best Android pentest application I've seen so far, and I was wondering how one might be able to upgrade to the Platinum version (freely of course) which has plenty of credits.
The application utilizes a server-side token type authentication scheme for validation which seems to be a fairly secure way of protecting android apps nowdays, so I was kinda hoping some of you android programmers would offer up some ideas, tips, or pointers which would be greatly appreciated.
Thx!!! -- br0k3n
http://www.zantiapp.com/anti.html (http://www.zantiapp.com/anti.html)
-
Bro try something like dSploit, it's completely free. And it's functions are just like anti. Don't waste time finding crack for anti, use dSploit.
Oh and are you sure that Mitnick is on their team?
-
ANTI fucking sucks, dSploit is better, and hopefully better over time.
-
dSpoit has issues with large amounts of traffic..
zAnti does just fine with hundreds of IPs pinging..
I like them both equally because of that... If dSpoit could handle better with large amounts of traffic then it would quickly take the upper hand in my books.
I love them both nevertheless :D
-
dSpoit has issues with large amounts of traffic..
zAnti does just fine with hundreds of IPs pinging..
I like them both equally because of that... If dSpoit could handle better with large amounts of traffic then it would quickly take the upper hand in my books.
I love them both nevertheless :D
I abandoned zAnti in favor of dSploit immediately after my first test-run of dSploit! But like you, I also had issues with dSploit being slow and buggy on heavily populated AP's until I switched from SuperUser to SuperSU which made a huge difference in the performance of dSploit. Also, make sure you have the very latest versions of BusyBox and SuperSU installed...
Hope this helps! -- br0k3n --
-
zAnti is crap unless you have the money to pay for credits, then it becomes an invaluable tool. dSlpoit on the other hand uses your device so of course its going to have more trouble than zAnti as it uses their servers (which is why you buy credits and can't just crack the app for unlimited credits, you would have to hack it server side.) To be fair I keep both zAnti and dSloit on my device but do use dSloit more, especially for MiTM attacks. I just love fucking with the Script Injection and password sniffing (as long as its not through https) gets the job done without using and zAnti credits ;)
However zAnti is a powerful app and as said the reason being they do the more process intensive cracking server-side and not client-side. I just wish MiTM was free on zAnti, or make a zAnti thats client-side and then a premium that's server-side. I think it would be used a lot more!
-
well just like the faceniff we need to crack the heck app to make it usable.. agree?
-
well just like the faceniff we need to crack the heck app to make it usable.. agree?
I did not understand.
-
I did not understand.
This dude thinks faceniff is a paid app that needs to be cracked in order to use it, also he thinks ANTI is the same? This is what I understood from his post.
-
FaceNiff is a PoC app. Compile Droidsheep for better functionality
-
l got zanti and dsploit installed. l like them both and l have credits for zanti so it's worth it. You do have to pay a credit for sniffing Pictures aka driftnet but it does work. l'm not sure how to sniff https on it through MITM, though. BTW, there is a new version of zanti out any day now according to the e-mail l had from them.
) To be fair I keep both zAnti and dSloit on my device but do use dSloit more, especially for MiTM attacks.
DeepCopy, not sure what you mean by free. lt looks like it is free on my device..
l do a MITM attack and nothing comes up in the log screnn..
-
l got zanti and dsploit installed. l like them both and l have credits for zanti so it's worth it. You do have to pay a credit for sniffing Pictures aka driftnet but it does work. l'm not sure how to sniff https on it through MITM, though. BTW, there is a new version of zanti out any day now according to the e-mail l had from them.
DeepCopy, not sure what you mean by free. lt looks like it is free on my device..
l do a MITM attack and nothing comes up in the log screnn..
You would need to use sslstrip for the easiest way to get rid of https
-
Thanx Factionwars, l'm not quite sure how the MITM attack is working on zanti, yet [haven't used it much. lt has some options [filters] when using MITM - one is 'Drop HTTPS to HTTP]. But nothing appears in the 'log entries' screen when l try it. l think the new version which will be out soon is going to have an improved sslstrip:(http://zantiapp.com/fancybox_zanti_02.png)
-
Looks like Mitnick has become one of their advisors too. Though 'worlds greatestl hacker' might be a slight exaggeration..
(http://www.zimperium.com/images/products/quotes_sidebar.png)
-
Mitnick seems to have been reduced to a marketing gimmick. His books are good, but his whole notoriety has made him sort of a cashcow. Not that most people (including myself) wouldn't do the same in his place, but just saying.