Test CLI and CA on Kali Linux

[baltpeter]

We've been asked to do a session on how to use CLI on Kali Linux. So, I've downloaded a Kali 2023.1 ISO and am going to document my steps and whether I run into any issues.

[baltpeter]

I'm running in a live environment. Some first observations:

• The live user is member of the plugdev group by default.
• openssl comes preinstalled.
• Node and adb don't.

[baltpeter]

To install Node:

sudo apt update
sudo apt install nodejs yarnpkg

That gave me Node 18.13.0. Great, no PPAs needed!

[baltpeter]

Then, I installed CLI using (because the andromatic changes aren't released yet):

yarnpkg global add ./tweasel-cli-v0.1.0.tgz

That failed with:

The virtual environment was not created successfully because ensurepip is not
available. On Debian/Ubuntu systems, you need to install the python3-venv
package using the following command:

    apt install python3.11-venv

So, I did that:

sudo apt install python3.11-venv

Then, it worked.

[baltpeter]

But unfortunately, yarn's bin path is not part of $PATH by default. So, I tried npm instead:

sudo apt install npm
sudo npm i -g ./tweasel-cli-v0.1.0.tgz

With that, I could run tweasel without updating the $PATH.

[baltpeter]

Then, I ran tweasel autocomplete and followed the instructions to setup autocomplete in the shell (zsh).

[baltpeter]

I plugged in a phone and downloaded an XAPK from APKPure and an APKM from APKMirror (isn't that convenient? :D).

I ran:

tweasel record-traffic app.xapk --bypass-tracking-domain-resolution-check

The phone prompted me to accept the USB debugging connection, which I did, opting to always trust the computer.

After a while, the command failed with "Could not start analysis with invalid app". Seems like we do need some more work for XAPK support in CLI.

[baltpeter]

Same thing with the APKM. Actually, I just remembered that I already created an issue for that (https://github.com/tweaselORG/appstraction/issues/67). :D

Well, I'll use a regular APK for now.

[baltpeter]

With an AliExpress APK, it worked just fine and produced a 17MB HAR file that I was able to open in the Firefox dev tools without issues. Notably, I didn't install any udev rules and android-sdk-platform-tools-common wasn't installed by default, either. Might just be the particular device I used, though.

Running tweasel detect-tracking on the app produced no results. But I had PiHole activated and rejected the consent dialog, so that's to be expected.

[baltpeter]

With PiHole disabled, we do get a few requests to facebook/graph-activites-qs (despite the still rejected consent dialog, of course). :D

[baltpeter]

Ugh. I wanted to test iOS support but my jailbreaking setup has suddenly broken. Great.

[baltpeter]

Huh. It only worked without the sudo systemctl stop usbmuxd && sudo usbmuxd -f -p. With that, the bundled libimobiledevice would never recognize the device. shrug