Testing from a smartphone

[robertray 41]

Recently I got myself a smartphone. I need one to keep on top of the messages I recieve daily.

Just wanted to start a discussion on the use of smartphones as a test platform and ask for input and suggestions from the community.

My model is a HTC desire Z

Running Android 2.2

So far I have tried out:

Wifi Analyzer

Found this very useful, in terms of detecting APs, providing channel details, security configuration (WEP, WPA etc), Mac detection.

OscanO

Simple port scanner. Not quite nmap but seems to work ok with non-firewalled devices.

ConnectBot

SSH connection tool.

Android VNC

Still to test this out but have read reviews that suggest this works well.

[Bluntlee 1]

I have been looking at the Nokia N900 because of the ability to have full control of the phone, its fully unlocked from what I have read, there is a community building a mobile pen-testing OS, called NeoPwn its a interesting project here are the links to the phone and project site.

Neopwn site

Nokia N900

I would love to have this Tool

[MindOverMatter 0]

Vibrant here, rooted and currently running Nero V3 with Voodoo (2.2/ginger combo).

I have all the apps you mentioned, they work great to an extent of course. After you've rooted your phone though, increasing or maxing out your wifi card capabilities really helps for pen testing on the fly.

I like wifi analyzer, also plenty of telnet/ssh apps work great as well as RDC.. I'll go through some I've tried this week and chime in on specifics..

[MindOverMatter 0]

Got a couple extra tools today I highly recommend.. Root Explorer (need to have phone rooted), so you can browse through all the file systems, add, modify and delete the good stuff.

Shark and Shark Reader, which Shark is just like WireShark (not as good of course) and the Reader allows you to open the file Shark outputs.

Quadrant Standard (which I've had for few days) to benchmark and verify all the optimizations you may make on your phone. For example the benchmark for my phone is like 780, Nexus One 2.2+ is tops with like 1250 (not sure though cuz I think uses same cpu and ram as my Vibrant, didn't get it though, because it's limited to the 16gb space, no extsd support..). HTC Evo 2.2+ is about 1100 (these are stock).

So I am currently at about 1700, 1000 more than the supposed stock. QS let's me know the changes I make are real, because if I turn off features such as Voodoo or don't fileswap and setcpu higher, it does report the lower settings or "benchmark". Goes through CPU and GPU tests shows fps with modeled 2d and 3d, tests CPU with some type of arithmatic.

I mention these things, because IMHO to get the most out of our mobile phone pentests, for fun or work, the most juice we can get out of it of course is best..

For those who haven't rooted I'll save you some trial and error, because I "bricked" and unbricked it several times in the process.. So just ask and I'll post the best tools and processes, because even though instructions are out there, I found that they were mostly a basline idea.. Had to figure it out all myself for certain things.

Cheers, more to come on real pentesting apps and optimizations.