I am trying to gain access to an API from an Android application, so I can extract the GET request and use it on my PC instead. I have verified that this is indeed possible, however, I have one problem: Their Firebase integration gives me a 403.
The app works like this:
Open app
Enter your address and select it from a list
Press "Add address"
App sends a POST request to Firebase (probably registrering a session or something)
App succeeds and returns to a "view" page, that contains the info I want to extract
I've extracted the app using adb pull /data/app/....apk and then used AddSecurityExceptionAndroid to enable debugging via Charles Proxy and so on, from my computer. Once I've built a new APK, simply install it with adb install application.apk.
Once I launch the newly installed app, I am once again greeted with the same "Enter your address" popup, like it completely forgot I already entered it once. Is there a way to bypass this, so the APK I extract already has this data? Or keep it on the device for future use, so when I install my patched APK, it's already "signed in"?
The problem is, if I only enable SSL proxying for *.apiwebsite.com and let my phone handle everything else, it works great until I need to send a POST request to firebaseinstallations.googleapis.com, where my phone just hangs and eventually the app crashes. It happens right after I press the Add address button, after searching for my address and selecting the correct one.
So I either need to find a way to make it not fail with Firebase, or somehow extract the APK, so I can "sign in" beforehand, pull the APK, patch the APK, and then install the APK, so the app already knows I am "signed in".
The Firebase error is:
Requests from this Android client application correct.url.here are blocked
Okay, I managed to get something working. First I installed Genymotion, then I booted up a rooted Android 8.0 virtual machine, to which I then installed the app I needed to "debug" and HttpCanary.
Logged every TLS/SSL request perfectly and I was able to retrieve the URL for the API I needed.
Related
To intercept the api and modify the api response locally, I was setting up ProxyMan to my android device Pixel-4a and faced this popup Install CA certificates in Settings after I tried to hit http://proxy.man/ssl to install the CA certificate from ProxyMan to my device I face the error popup as attached, earlier in my older device it worked fine however for my new device I'm facing this issue, when I click CLOSE on the popup window, a toast message appears : Failed to install certificate.
I'm facing the issue in Pixel 4a, however the same works fine in Moto X-Play, attached is the screenshot of the popup.
Similar question I found is here, however this doesn't helped me, or I was not able to understand the exact issue, since I'm facing this specifically with ProxyMan and the question asked is for VPN.
If anyone using proxyMan for intercepting the api on real android device and faced the same issue please help, I'm blocked on this issue and can't move anywhere in my android device, my precise question is:
Is there any option to reach to the settings where the device certificates are present and how can I add the proxyMan certificate with those certificate?
I got the solution here,
Once I hit the api http://proxy.man/ssl, the certificate were downloaded in my download package however it was not installed automatically since from Android 11 certificate can not be install automatically and user have to install it manually by following steps:
Install a certificate
Open your phone's Settings app.
Tap Security And then Advanced settings and then Encryption & credentials.
Tap Install a certificate And then CA certificate.
In the top left, tap Menu .
Tap where you saved the certificate.[in my case it was downloads]
Tap the file.
If needed, enter the key store password. Tap OK.
Enter a name for the certificate.
Tap OK.
I'm using a Google Client Library to verify a token that is returned using Single Tap Sign In (google-api-client-1.32.2). I need to setup a proxy on my device in order to test my Android app locally. This works for a Pixel 2 device running Android 11. But it doesn't work if on a Nexus 6P running Android 8.
It is clear that the proxy is preventing the authentication from succeeding because if I disable the proxy, it works. I tried adding the domain googleapis.com to the list of domains that the proxy will ignore but that didn't help. It is possible that some other domain is also being used for authentication other than googleapis.com.
I use Charles as my proxy, but it doesn't show any domain other than googleapis.com.
Is there anything else I can try?
There was nothing wrong with the code, the proxy or anything else. This problem is the result of the same crap that has been happening for years with Android. If the app is already installed on a different device and you clear the app's cache before running the app, you are mistaken to believe that the app's setting are all cleared. Android stores the settings in the cloud in your Google Drive under the device's backup. So when you clear the cache or even reinstall the app, Android retrieves the app's settings from the backup. As a result, the JWT token that get created when you peform a sign-in use API keys that are part of the backup. But if the API keys have changed in the updated app, they will be overwritten by the backup keys.
The solution is to delete the device's backup in Google Drive. I seriously believe that this feature of storing device settings in the Cloud is one of the dumbest things I've encountered. This is not the first time this has happened.
I want to install my apk (my own application) to an android device, but this apk should be installed only if user is allowed to install (i.e. login needed)
I know that adb can be used to install an apk but I couldn't find any information about if I can protect adb port by a password. And, I don't know whether are there other methods or not.
You can't prevent the installation of an APK on a device. However, you can make the app working only on the devices you want, by adding a login form or a check on the unique ID of the device.
Keep in mind that a third person can bypass this protection by patching the app.
I'm trying to install client certificate on android programmatically, using the following code :
Intent clientCertInstall = KeyChain.createInstallIntent();
clientCertInstall.putExtra(KeyChain.EXTRA_PKCS12, clientCert);
clientCertInstall.putExtra(KeyChain.EXTRA_NAME, "Client Cert");
MyActivity.this.startActivityForResult(clientCertInstall, REGISTER_CLIENT_CERT);
When the installation activity launches, android requests the user to enter password for the certificate (although there is no password and just clicking ok works)
More over, after clicking OK the user is requested by android to enter a name for the certificate, although i gave him a name in the "KeyChain.EXTRA_NAME" parameter.
This behavior annoys my users, they don't understand about certificates and just want it to be installed automatically without dialogs, how can i achieve this ? avoiding even one dialog would be very helpful.
Thanks,
This is "by design". Allowing apps to install certificates without user approval would open up the possibility of man-in-the-middle attacks on SSL-secured communication channels, such as online banking. That said, the dialog tells you none of this and users would undoubtably press OK regardless of what it said.
My objective:
Create an EAP WiFi configuration - including the CA Certificate - in Android programmitcally.
Problem:
How do I install a CA Certificate programmatically (and then reference that certificate in the EAP WiFi configuration)?
I found a very useful link already that allows me to create and save EAP WiFi configurations here:
How to programmatically create and read WEP/EAP WiFi configurations in Android?
However this assumes that you have already installed the CA Certificate on the device. I would like to install the certificate within my app - either from the resources in the app, or sent from a server.
Is this even possible? (Rooting is not an option in this case.)
If so, how?
Additional info...
I also found a way to add a certificate to a KeyStore:
https://stackoverflow.com/a/4490543/1172101
However this is used specifically for creating a secure socket and connecting via HTTPS. I want to use the certificate for WiFi.
Unfortunately, I have yet to find a way to install a CA Certificate programmatically - from within the app.
However, it is possible to install a certificate via the Web browser in Android. Thus, the solution (for now) is to:
Launch an intent to open a URL in the Web browser that goes directly to the CA certificate.
This works but there are some challenges:
The user must name the certificate. This is a challenge because we are adding the WiFi configuration programmitically. Thus we have to ask the user to give the certificate the same name.
The user must enter a password. If they don't have a password set up, the user will create one and enter it twice. If they have set a security password, the user will have to remember that same password and enter it.
Assuming the user successfully completes these steps, he is left hanging in the browser.
This leads to a few questions:
From my app, is there a way to force a name for the certificate that the user installs via the browser?
From my app, is there any way to know when the certificate installation has completed and then give focus back to my app?
Just let me know if you need any clarification.
You cannot install it directly since non-system applications don't have access to the key store. On ICS, there is an API for this KeyChain.createInstallIntent() that would launch a system dialog asking the user whether they want to install the certificate. On pre-ICS you can achieve the same thing by launching the install intent using the component name directly (this may or may not work on all devices though). Going through the browser is actually a roundabout way of doing the same thing.
As for your questions:
you cannot specify/force a name. Why do you care about the actual name?
Not really through the browser. If you use the system intent, you can return to your activity and will get a callback if you use startActivityForResult().
Update: Android 4.3 has WifiEnterpriseConfig which both creates a profile and installs keys and certificates in the system credential store. You only need the CHANGE_WIFI_STATE permission.
I am currently looking to solve the same issues. The best thing that I have found is KeyChain.choosePrivateKeyAlias() allowing the user to select which certificate to use for the SSL. From there you can retrieve the Alias name and pass it to the enterprise wifi configuration.
I'm looking for the same... as for your question, #Nikolay:
you cannot specify/force a name. Why do you care about the actual name?
The EAP profile needs the name of the already-installed-CA. If you look at the example in part 4, you can specify:
final String ENTERPRISE_CA_CERT = "";
In the example, the profile does not use the CA name, but that could be the case for other EAP profiles.