To those who first use PentestSuite

on

You maybe is the first time to use this app, PentestSuite. Some important things you have to keep in mind before using this app are here. 

What is this app used for?

Currently it's mainly for manually attacking http web server. Remember, it's attacking web server and it's not mobile app and some other things else. (But if I have enough time and energy, it will πŸ˜€)

If you are developer, you can still find it useful if you are debugging your web app. You know, it can be called as debugging tool seriously. 

Can I 100% successfully attack web server by using your tool?

Nope. This is not a tool for you to start attack like you have seen in movies. It's a tool for you to start manual analysing, which is normally hard to implement in mobile devices and that's why I have devoted to it. By using this tool, you can find a lot of things can be done easily ever than before. 

How can I setup and start to use this app quickly?

Now if you just need to intercept plain HTTP traffic.

Toggle on the TCP server and click the internal browser entrance button. 


You might be confused where the entrance of internal browser entrance is if you are using Community version of PentestSuite. 

Because this app is not totally free so that quick entrance and some other convenient features are only available in Premium version of PentestSuite. But in Community version, you can finish this task by this way:


By input your target url in Code Analyzer and selecting(Longclicking) it, you can notice that there is an option called Browse

By clicking that option, you will be navigate to the internal browser directly. 

Once you start internal browser, and everything should be well setup for now. 

The internal browser will be configured to using the proxy server in PentestSuite and all the traffic can be seen and modified freely. 

Now, let's talk about the situation when you want to intercept websites which use SSL(they often start with https://). 

1 Toggle on the ssl parser before toggle on the server. 

2 Install the certificate. 

Just click the button shown in below picture and follow the dialog should work. 


But if you are using Android 11 or higher, then you just have to save this certificate and install the certificate in Androd System Setting page. 

Sorry for the inconvenience, this policy is from Google I just can not change your system code to make you convenient, right?πŸ˜‚

For more serious usage information, you can browse this blog deeplier and check my twitter for some essy and funny things😎



Best, 
gulizhiguhao

Comments

  1. Anonymous1 November 2022 at 11:45

    Good ✌️😁

    ReplyDelete
  2. Anonymous1 December 2022 at 03:14

    Hi. Is there anyway I can contact you via messenger? I have serveral questions about your pen test suite. Thanks

    ReplyDelete
    Replies
    1. gulizhiguhao2 January 2023 at 02:02

      I recommand using telegram. Ah... https://t.me/pentestsuite
      Here it is

      Delete

Post a Comment