I am getting problem while intercepting HTTPS requests in Burp (intercepting tool) from android emulator ,
I am successfully able to intercept HTTP (not HTTPS) requests via BURP in android emulator ,
I saw lot of tutorials, to first grab the .cert certificate from BURP in firefox , then convert it into android supporting format and copying it to android system .
This is the exact problem I am facing :
1. I am unable to convert that SSL certificate .
2. I tried just copying a dummy certificate just to test if copy pasting is working fine or not , I got error privileges error , I also tried
running command , "adb shell" and run that command adb push but still having problem to define the path of converted Certificate path , as my certificate is on main machine .
Hoping the solutions for both problems, Also it would be helpful If someone
can give me the exact command needed to convert that SSL Certicate .
Thanks
Related
After downloading Termux from the Google Play store, FDroid, and Github, I got the error
Unable to Install
Termux was unable to install the bootstrap packages.
Check your network connection and try again.
I looked through Github and found this this reply saying to try to connect to http://termux.net/bootstrap/ in a browser. I tried with the phone I'm trying to put Termux on (Galaxy s5 with Android 6.0.1) and got a response saying 'connection timed out'. I tried on my desktop which is on the same network, and got the same response. I made a simple python script using the requests module on a Replit server and got the same response with error 522.
It seems like the Termux.net website isnt working for some reason, maybe because of a WiFi setting that has to get changed? What else do I try?
Issue is that old links for bootstrap package for Android versions 5 and 6 are not available anymore, for example domain https://termux.net is down and you can not access it.
You can fix this issue by following this wiki:
https://github.com/termux/termux-app/wiki/Termux-on-android-5-or-6
You can install artifacts from this link:
https://github.com/termux/termux-app/actions/runs/2619084610
*Zipped APK file termux-app_v0.118.0+605dd6c-apt-android-5-github-debug_armeabi-v7a can be downloaded from this link:
https://github.com/termux/termux-app/suites/7230045376/artifacts/289921940
*Note: Direct APK link will only work if you are signed in with your GitHub account
works great, just download the apk from link above and install
Thanks nexayq, just make sure you allow installation from unknown sources in your android settings.
Tested on two phones the ones with armeabi64-v8a works to know this just download device info hw from playstore
I am trying to setup CI/CD for android application and publish APKs to Firebase and I am behind proxy
I was able to generate APK successfully by executing the command mentioned below on Ubuntu 20 (server NOT client) - 10.22.xx.xx
Note: I connect to Ubuntu Server from my Windows Desktop using PuTTY
root#android:~/android-ur-app#./gradlew appDistributionLogin
and it provided me the following link to sign in.
Please open the following address in your browser:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=5849e6.apps.googleusercontent.com&redirect_uri=http://localhost:42319/Callback&response_type=code&scope=https://www.googleapis.com/auth/cloud-platform
I opened the link my Windows Desktop Browser and I was able to sign in with the firebase account but it failed with "localhost refused to connect" on redirect_uri
Note: I understand that NO process is listening on port# 42319 on my Windows Desktop
But, how can I change the redirect_uri in gradle from 'localhost' to '10.22.xx.xx'
We also created a DNS mapping and tried hitting the URL with 'ourdomainname.com' instead of 'localhost' in redirect_uri which failed with
Error 400: redirect_uri_mismatch
Kindly let me know how to set redirect_uri correctly in GRADLE to get the firebase_access_token
I was able to resolve the proxy issue by adding the following to 'gradlew' command
root#android:~/android-ur-app#./gradlew appDistributionLogin -Dhttps.proxyHost=10.xx.xx.xx -Dhttps.proxyPort=8080 "-Dhttps.nonProxyHosts=localhost" --stacktrace
Note: We should add "-Dhttps.nonProxyHosts=localhost" and just adding https.proxy did NOT resolve the issue
I followed this guide on how to create my own CA and end entity certificates. My certificate authority (localhost) openssl config looks very similiar to this. According to this post I've set
[ v3_ca ]
basicConstraints = CA:TRUE
On my desktop devices there are no problems at all and https works fine.
Problems occur when I try to install the root certificate on my android device.
At first I installed the root certificate via the inbuilt 'install from storage' option (Settings / Security / Credential storage). Https works now but I always get the network may be monitored warning.
Following this article I took the certificate hash, renamed the rootca.pem file to {hashid}.0 file as suggested and moved it to /system/etc/security/cacerts/ using ADB on windows powershell (also set chmod and chown).
After rebooting my phone I can see that my authority certificate has been successfully added to android native trusted certificate storage. It's active by default.
Now I got rid of the networking monitor warning but ssl is not working anymore. Android chrome on remote debug throws:
broken https certificate missing net::ERR_UNEXPECTED (firefox on android says SEC_ERROR_UNKNOWN_ISSUER)
Is there a way to get around this/install it correctly? Did I forget something?
For those interested I'm sharing the solution:
Here's what I did to solve this:
(1) flashing my sm-g900f with odin v3.12.4-4 and latest twrp 3.3.0-0-klte
(2) backup relevant data, wipe system/cache/... with twrp afterwards
(3) flash 16.0-nightly-klte addonsu-16.0-arm open_gapps-arm-9.0-nano-20190428
(4) install certificate via security settings options. Shown as 'user cert' but no warning message and ssl works now :)
Thanks to JW09I4 from XDA-Developers for helping me out and guiding me through the process of updating my phone.
I'm behind a corporate proxy and everything that access the internet needs a special configuration regarding Proxy. I'm on a CentOS 7, using CNTLMD to handle proxy tunneling, developing for mobile with React Native. And I'm using the Android Emulator provided by Android Studio.
I first noticed that my emulator can't access any HTTPS protocol when I tried to open Google in the Browser. Internally google redirects to HTTPS and I always get that "Connection Refused" error. Later (this week), trying to use Axios and Fetch to make HTTP/HTTPS requests, this has become a serious problem, since the APIs I'm trying to connect to are under the HTTPS protocol.
A friend of mine who is working in the same project but using Mac has no problems with HTTPS. I have also tried to start the emulator with the following commands:
emulator -avd myemulator -http-proxy http://127.0.0.1:3128
And
emulator -avd Marshmallow86 -http-proxy http://<network username>:<network password>#<ip>:<port>
And they do nothing.
I tried setting up HTTP and HTTPS proxy on Android Studio but this don't seem to be the way (and also didn't work).
#edit
I set the http_proxy on my host and started the emulator without parameters. Didn't work as well.
What am I missing?
I haven't used the software above that isn't android avd or androidstudio,
but it looks like a proxy or CA certificate problem.
Since the difference seems to be by OS, I would guess CA certificate first.
This android page has advice on using openssl from the command line to
explore that and consider importing certificates.
https://developer.android.com/training/articles/security-config.html
This android page has current suggestions for proxy configurations:
https://developer.android.com/studio/run/emulator-networking.html
Note, that the above instructions are updated for new features.
In the past I needed a proxy to a non-ssl appengine development server
which is slightly different from your problem but here's what I used:
For an SSL proxy, used the apache web server, and configured it to use SSL
by installing a self-signed certificate, then added a ProxyPass and ProxyPassReverse
in httpd.conf and a ProxyPass in the httpd-ssl.conf.
ProxyPass / http://127.0.0.1:8080/
Apache as an SSL proxy receives connections to https://127.0.0.1:443 and
passes them to http://127.0.0.1:8080
Then in the application, code that will be running in the emulator
can use address
10.0.2.2 to use android subnet routing table to connect to the dev. OS localhost.
I'm working on a project that retrieves images from different servers (http and https).
I found this usefull Q/A to avoid the problem of No peer certificate error in Android 2.3, but i can't understand why in Android 4 (>3) this problem ("No peer certificate error") was not presenting.
Please, correct me if I'm wrong:
In Android 2.3 an HTTPS connection performs the whole certificate checks (and handshakes);
In Android > 3 the HTTPS connection is established even if the handshake fails (Ex: my app, as the peer, has not the certificate).
What are the differences between these version of Android?
Why I need to Trust all in Android 2.3 and not in Android 4?
Why in Android 2.3 I receive the following Exception: "javax.net.ssl.SSLPeerUnverifiedException: No peer certificate error"
while in Android 4 everything works fine and the connection is established?
Is everything related to SNI Server Name Indication, introduced in Android Honeycomb?
Your certifying authority probably is not listed in the 2.3.3 version of Android, but is in the 4.x version. To find out for sure check the keystore on both devices.
Using ADB from the command line you can dump out android's keystore to a file and check to see if that issuer is available in your keystore (may need to be root).
adb pull /system/etc/security/cacerts.bks cacerts.bks
Download and install Portecle (from: http://portecle.sourceforge.net/)
Select File / Open Keystore... and choose the cacerts.bks file.
Select Tools / Keystore Report and copy that information into a text editor to look for the CN specified in the certificate found from the web browser. In my case I couldn't find one from "Cybertrust Public SureServer SV CA".
Browse to the website you are interested in using https://example.website.com/ on your computer web browser and find out who the CN is. Compare that to the keystore as shown above. If it is not in the keystore you will need to add it.
NOTE: Android 4.0 phones have a different method for storing certificates and don't use the cacerts.bks file mentioned below. For them you should be able to open the desired https site in the web browser and add the desired certificates that way.
I had connection issues to facebook and redbox. To fix my problem and update my android 2.3.3 phone certificates I copied the one from the android 3.2 emulator and put that on my phone:
Create and start an android 3.2 virtual device.
Copy the cacerts.bks file from the emulator (make sure your other device is not connected).
adb pull /system/etc/security/cacerts.bks cacerts.bks
Disconnect the emulator.
Connect your device to be updated (must be root). You may need to remount the /system folder as rw for read/write capabilities. For mounting issues, see: this link
Save a copy of the old cert file from your device:
adb pull /system/etc/security/cacerts.bks cacerts.bks.old
Put the updated cert file on your device
adb push cacerts.bks /system/etc/security/
Reboot the device
Reconnect and verify the new cacert file was loaded.