|Payment Village Issued Credit Card|
There were 3 main goals:
- Steal $100,000 from the card
- Commit other fraudulent operations
- Steal fifteen cards from the SoftPOS
With data flowing through 3 hops in this challenge, I had my choice of intercepting NFC traffic between the card and the POS, modifying the APK itself, intercepting traffic between the POS and the server, and/or directly attacking the server.
I chose to intercept (and modify) HTTP traffic between the POS client and bank server. First I setup the provided SoftPOS.apk on an Android phone (side loaded via adb). Then I setup the interception proxy using Burp Suite.
|SoftPOS main screen|
- Phone 1: Setup WiFi tether to mobile network so all devices can talk to each other
- Laptop: Connect to WiFi tether on Phone 1
- Laptop: Listen with Burp Suite proxy on WiFi IP
- Laptop: Open up firewall to allow incoming connections
- Phone 2: Connect to WiFi tether
- Phone 2: Configure proxy on that WiFi connection
- Phone 2: Restart SoftPOS to pickup new proxy settings
- Phone 2: Run a payment through SoftPOS and it shows up in Burp Suite on laptop