The use case is that:
all the applications on the android phone would connect to internet through a wifi.
And I want to have an application that eavesdrops on the http traffic from all apps so that I can find what sites they visit.
This application would be distributed as an apk and users would install this app on their phone.
How do I achieve this ?
I will tell what I tried:
Used a Custom Vpn Service application where an activity triggers a service derived from VpnService.
The Custom VpnService calls builder and sets Mtu, addRoute, addAddress, and then addDnsServer.
Then the service reads from the file descriptor associated with the interface generated from builder's establish() call.
Now if the addRoute is called with ("0.0.0.0", 0), Iam able to intercept the traffic and see packet contents. But Iam not able to route the packets without creating udp tunnel to an external server which I dont want to do.
If the addRoute is called with the Wifi router IP, then routing automatically happens for all packets generated. But I am not able to intercept the packets on the file descriptor associated with the virtual interface. It simply doesnt receive any data on read() call.
What I want to do is:
intercept the traffic to inspect the http headers
at the same time, do routing as usual like a normal wifi connection does.
Have everything self contained in the phone. There should be no external server.
this appliction should not require any rooting or such. It should install the way a normal app does.
I would suggest 1) setting a proxy and 2) running an app which acts as one. The combination of these two won't require root privileges.
SETTING THE PROXY
This first point is probably the most tricky one. The only way of setting a software-level proxy (without requiring root) is by navigating to the Wi-Fi connection settings and manually set the proxy. However, there is an open-source application that can eventually bypass this particular step: ProxySettings.
INTERCEPTING THE TRAFFIC
In my opinion, your best bet is using SandroProxy, an open-source proxy application for Android. It is extremely well written, currently maintained and supported, and will allow you to intercept the HTTP traffic and even modify it. The code can be found here, while the example application can be found here.
This solution should fulfil all of your requirements:
Intercept the traffic (even edit it): thanks to the proxy setting, all the network traffic goes through the proxy address, which corresponds to your application
Edit is optional: everything will keep working as no proxy is set
Everything is local: no need for external servers, your proxy is the installed application
No root is required
Related
In web browser we are able to detect network call in devTool/Network, So similar to that is there anyway to detect network call made by third party apps in my android/iOS device?
I have total control over my network as well as my device. Lets imagine two cases.
1) I don't have any idea about reverse engineering the source code of an app, and just wanted to capture all network calls happened in runtime environment. Is there any possibility to use network sniffer/packet sniffer like wireshark?
2) I know ways to reverse engineering an app to certain level using libraries/tool like this and want to extract the possible network calls which may happen when I would run the app. Is there any way or someone has done it?
The motivation behind this activity is to detect network calls done by third party apps which contains payload which is not given permission(my browser cache/history/cookies etc).
Also let me know in comments if I need to add anything more in the question text.
There are various tools like wireshark and charles proxy that can help you with intercepting the calls.
Basically, for this, you would need to set up a proxy to your computer on your mobile device which will redirect all your network calls from your mobile device to your computer and then to the internet. Thus, your computer will be able to get the network call data.
Some apps have implemented SSL pinning. So when your laptop will act as a proxy in between, those network calls will fail, but I believe you will still get the data they wanted to send to the server.
We have set up our own VPN Server and want to route all the traffic from our VOIP android app through this server.
But all the solutions I have seen thus far use the vpn service class http://developer.android.com/reference/android/net/VpnService.html, which creates a vpn tunnel for the whole device and not just my application. I want the other apps running on the phone to use the internet as normal while the traffic from our app is routed through our VPN server.
Is there anyway to do this? I am very grateful for any suggestions. Thanks
VpnService does not need to apply to the whole device. See: VpnService.Builder.addAllowedApplication (available with API 21 - 5.0):
Adds an application that's allowed to access the VPN connection. If this method is called at least once, only applications added through this method (and no others) are allowed access. Else (if this method is never called), all applications are allowed by default. If some applications are added, other, un-added applications will use networking as if the VPN wasn't running.
can someone confirm, that it is possible to create a web server on android device ( which uses 3G or 4G internet ) and access it via internet ( from the remote PC connected to the internet, not from the same local network ).
I know there already are some web servers for android ( iJetty, nanohttpd ) and the programms like ksweb, so it seems, that it should be possible.
However, I've done some searching in the internet and some people warn, that mobile devices work using NAT protocol, so it would be impossible.
Can somebody resolve the ambiguity?
Thank you in advance.
No, it is generally not possible. The dealbreaker problem is not with Android, but rather that just about any mobile network provider is going to block incoming connections.
For special purposes, you can do things like have the phone contact a publicly visible remote machine and create a tunnel with something like ssh through which inbound connections can then be sent if there is a server program listening on the loopback interface of the Android device. But this tends to be only useful for things like remote testing.
Were you using wifi you could do this, but you'd need to accept that Android is not designed to promise a high availability of any 3rd-party program. You would need a wakelock to keep the processor running. And you may even need to do things like periodically initiate outbound traffic from the device in order to keep the wifi stack/radio in a fully active mode so that it can accept connections.
Generally speaking, data you want to make remotely available from the device should be proactively uploaded to a mutually visible server. If you want to send requests to the device, look at using something like Google Cloud Messaging which is designed to wake up the device and a recipient application on it in order to deliver a brief message.
This is going to sound strange, and please don't judge the impracticality of doing something like this, but I need to add support for controlling out bound network traffic from an Android device. Doesn't have to be selective. I basically need to put the device in a mode where out bound communication is silenced over WIFI. (primarily) The reason for this is I have a networked application that's remotely controlled and I need to be able to put it to "communication sleep" on-demand and then "wake it up" after a period of time, or on-demand. The on-demand aspect is controlled remotely. Hence the need to put the device in a state where it'll only accept in bound communication.
I'm primarily interested in TCP/UDP blocking of out bound traffic. I'm not interested in a separate firewall app. My application includes a service that's already implementing all the communication code required. I just need some suggestions on how to control out bound communication.
FYI, I have a mix of 2.3 and 4.0 devices to work with.
Could I have my service implement some basic firewall support? Maybe a simple proxy that the device is configured to use? (similar to the Ad Block app)
Thanks in advance for any suggestions. If it's at all possible, I'll try to share the code for it here.
UPDATE: Sorry, I have and require root on these devices anyways.
On the proxy idea, really I just need a black hole listening on a port. If I can set the system proxy settings from my app, when the out bound communication needs to be disabled, I can enable the proxy and drop all connections.
If I can't set the system proxy settings, I'll have to implement a working proxy, require the user configure the proxy, and control it's behavior accordingly when connections are received.
I might as well answer my own question. With root you can include iptables and make some command line calls to control the traffic flow. Note that you should have some experience with stateful firewall concepts, as mucking with outbound DENYs will lead you to confusion unless you know exactly what the system/app is supposed to do. (random response ports, etc...)
A proxy service would work for Android devices and versions which allow for network proxy support. Unfortunately not all my devices allow for it. (my Ginger Bread devices don't have proxy support, it's just not present in the UI, and the API is read only for the HTTP_PROXY System setting)
So there's no example code to offer. I'm playing with iptables on my devices. I'll likely include it in my application, which requires root anyways.
I wanted to implement the application specific VPN client in android, that is vpn connection once established should be only available to our application and rest of the apps in android device should make use of normal internet connection.
To elaborate my need more, i have an application already which connects to corporate email, files and other data from internet normally but for some security reason we need it to be go through tunnel within our application and access everything within via tunnel basically want we are looking here is security while accessing company corporate network.
Since we are new to something like this we don't have a hint on how to start what protocols to use etc (we are assuming ipsec l2tp for now), any information, hint or redirects to useful resource will be really helpful.
And between we are just looking to send and receive data over tunnel, there is nothing more or need to control computer on the network all we need is to route data through corporate firewall and should support multiple vpn servers such as cisco, microsoft etc. Can any one say how complex or how feasible to implement it.
Manjunath
As your question comprises of several parts so i will start putting my input one by one on each of them.
I wanted to implement the application specific VPN client in android,
that is vpn connection once established should be only available to
our application and rest of the apps in android device should make use
of normal internet connection.
This is the case of split tunneling and i don't think that there is any personal vpn provider that offers such feature in android app / phone. However, it does not mean that their is no solution for your query. CISO client Juniper SA2500 SSL VPN Appliance split tunnels has this feature which allow android users to work through split tunnel which enable them to route the traffic through different channels.
You just need to Just go to Roles > Network Connect Role, then Split Tunneling Options and disable split tunnel.
Or> Push" the proxy settings so the web traffic is diverted to the proxy via the tunnel as the end user will no longer be able to go the the Internet directly:
Users --> Resources Policies --> Network Connect --> NC Connection Profiles then filter for the role bound to your NC enabled realm. Make sure that under the "Proxy Server Settings" section
Elsewhere, there is another client named as QuickSec VPN 2.0 which also enables user with split tunneling.
And for all such things SSL VPN Connection is the most reliable one as it is feature with strong encryption and security.
The split tunneling concept for Personal VPN has been introduced by well stabled VPN providers like PureVPN and Ivacy which has described the concept of split tunneling through their client software.
Go for SSL connection it is as good as Tunneling if you just wanted to exchange packets, integrating a VPN Solution within you application will become another project which is not recommend and takes time.