I am new to the mitmproxy world. I need to write a python script that would log all the requests made from a certain app on Genymotion emulator. Now, I learned that mitmproxy can be helpful for my requirement. So I have successfully set up mitmproxy and now I am able to monitor all the traffic HTTP/S from any app on Gennymotion through the mitm client.
However, what I want is :
The app would be explored manually by the user and there should be this Python script running that would simply log all the requests being made while the user is exploring the app.
I have tried going through the Github examples of mitmproxy APIs, but have not been able to understand them. Could someone please point me to a more detailed explanation/usage guide for these APIs ?
Through some more digging, I figured out that I need something similar to https://github.com/mitmproxy/mitmproxy/blob/master/examples/flowbasic but I do not understand what is happening inside the script in the above resource.
Like
what is f.reply() ?
what is flow.State() ?
what is m.run() ?
what is flow.FlowMaster ?
And more importantly, is there a place i can learn about these various methods and others used in the above ?
Similarly, found this as well : get a "raw" request\response from MITM Proxy
Can someone please explain how to or where do I call the request() from ?
What is the context and flow parameters there ?
mitmproxy -w log_file.txt
should work for what you want. As for the docs, mitmproxy --help gives you some insight on the available options.
Related
I have read quite a few resources and tutorials so far, and I still haven't found the solution I need.
The problem is that my application using Retrofit 2 does not send requests to my own server. Empirically, it was revealed that requests are not sent only to addresses using http. Requests were sent to https.
As a solution to this problem, I added the SSL key to my server (My server is written on Spring). Now requests are at least being sent. However, due to the fact that the key that I generated is not confirmed, the application still does not want to make requests for the links I need.
Question: how can you configure Retrofit 2 so that it works with http?
UPD: there is repo with some code from project:https://github.com/Parocq/AuthScreenApp
Problem was solved with enabling cleartext traffic in manifest.
Two strings was added:
xmlns:tools="http://schemas.android.com/tools"
and
android:usesCleartextTraffic="true"
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.xxx.xxx.xxx">
<application
...
android:usesCleartextTraffic="true"
...
</application></manifest>
I took a look at the retrofit documentation https://square.github.io/retrofit/, and also did a quick look at their source code, and as far as I could see there is really nothing in there that cares about HTTP vs HTTPS.
I would suggest trying your app on a device or emulator running a pre-Pie version of Android, just to verify that everything works as expected with your plain HTTP requests. If it does, then I think the next step is to double-check your network security configuration, as suggested by #Bek. In case you have not found this article yet, here is a good place to start: https://developer.android.com/training/articles/security-config
I'm know this is at best a 'partial answer' (if even that) but I decided to post it based on the SO answer tips. I hope it can at least help you get unstuck or help you improve your question, and can be updated at some point with actual specific information on your question.
Update:
Looks like you found the real answer, that was quick! https://stackoverflow.com/a/65751722/1245561
i'm trying to setup SSH Client on my android phone (HTC) to connect and manage my laravel application via command line, running artisan commands and composer on the run.
i successfully did this using putty on my laptop computer, but i cant seem to find one suitable for android - that accepts private keys, e.g .ppk files.
please is there any better alternative that can do this, or if anyone has achieved this i'd be glad if you let me in.
Regards.
have you tried jsch?
http://www.jcraft.com/jsch/
it has support for private keys
How to get complete logcat from remote users phone?
I came across BUGFENDER and www.REMOTELOGCAT.com ... (didnt use yet.)
I need advice what professionals use for remote logging?
What is the industry standard?
How can I get complete logcat from my client's phone living in another country?
In iOS it gets saved in the phone itself so client can email that log file but whats the solution in android ?
P.S by 'complete logcat' i mean COMPLETE logcat rather than specified logs in code like log.e("some exception occured") as in crashlytics...
I'm not sure how to get the full logcat in Android.
What I can answer is that I'm professional and I use Bugfender for remote logging in iOS and React Native and I know many colleagues using Bufender for Android as well.
friends I am new in mirrorlink common Api.I don't know to enable mirror link service in android application.Please anyone tell me steps and any tutorial link.
I already do following things :-
I get developer account from mirrorlink.com.
I attached certificate with my app(that get from software that available from https://causeway.carconnectivity.org) Documents.
I saved device EMI number in my ACMS account (https://acms.carconnectivity.org)
Now I know I missing mirror link code for launching and terminate all this code and permission in manifest file.
Actually, I don't know how to code in the application for mirrorlink. please help me for step no.4
The launch and terminate UPnP code should be placed in the MainActivity. For certification purposes, your app needs to handle the Terminate intent without coming to the foreground (if it is in the background). Even if you don't respond to the intents, the app should be usable in MirrorLink.
You don't need to do anything extra to enable framebuffer streaming, or audio streaming. (Though providing context information via IContextManager.setFramebufferContextInformation and IContextManager.setAudioContextInformation is needed to make sure that the head unit knows what is being provided to it.)
I try since a few days to connect one of my android app to an oauth service. I have found a few really good articles like http://blog.doityourselfandroid.com/2011/04/12/oauth-android-google-apis-client-library-java/ or marakana.com/forums/android/examples/312.html but even with those papers I can't manage to make It work.
Well, here is my current code packaged in a tar archive : http://braindead.fr/oauth-warrior.tar.gz
So the problem is that each time I attempt to retrieve an access token I got an OAuthCommunicationException (respectively line 26 and 39 of OAUthTokenValidator.java) after user validation on oauth server and url callback.
I anybody know why signopost/oauth does not accept to make this last call I'll be really grateful :)
Sincerely, Daroth
this might be a bit late to answer, but still.. for folks still searching:
check your menu->settings->date/time, sometimes an emulator's timezone won't match the real timezone. thus, the server denies it. they usually have a 3-10 minute variance.
check your manifest for INTERNET permission ;)
another tip: not many elder wizards would unpack a tar from an unknown source.. you should use a pastebin service, or an open git/svn/hg repo.