Is there a way to make a faked http post request from desktop, but looks like from a real iOS/Android hardware(i.e. iPhone 5s 6.7 square inches, Samsung Galaxy 5.1-inch)?
I have no clue what’s the difference between the requests from deferent device(header,body...), how can a server know where the request from?
Thanks a lot. Merry Christmas.
The only difference is User-Agent.
You should easily be able to change it in your request, whatever the request is.
When your browser makes a request, among different headers there is a "User-Agent" header containing details of your browser and your OS. Take a look here and here.
I would use a REST Client like Postman for Chrome to send a POST Request along with the "User-Agent" string of my choice.
You can also use Chrome Developer Tools (opens with ctrl+shift+i in Windows) for the emulation feature that lets you emulate among a variety of devices. More info about that here.
With the emulation method in Chrome you can easily hit your server/webpage like you would normally by typing the URL in your browser (GET requests) from any of the available devices.
Related
I'm developing an Android application, it is like a browser, has a web-view and sends http(s) requests. For debugging purpose, I want to be able to see the requests sent and received by the application (in particular the headers), but I'm unable to do so.
What i tried
I mainly debug the app with Chrome on PC, and use the Network Inspector in Chrome. The problem is that my app uses the ShouldInterceptRequest to intercept the requests an then manually sends a request with cronet. Chrome, in this case, shows some "provisional headers" that are from the original request, an not the headers of the actual request i sent manually.
I tried to use Fiddler and HTTP Toolkit, but the server I'm communicating with, doesn't like the certificate they use, so they can monitor correctly, but, if active, i cannot reach the page i need to monitor.
I also tried the Android Studio network inspector, but seems it work only for HttpURLConnection and Okhttp(1)
Thanks for your time.
If you're using a WebView, set a custom WebViewClient and override shouldInterceptRequest. That will pass in a WebResourceRequest object that will include all headers.
I am Android developer, my application uses a bunch of http REST calls and it gets responses from servers. I use Charles to inspect the data (so I have to install Charles certificate onto my device so that https traffic can be read by myself).
Are there any tools out there like Charles that will allow me to modfiy that response packet before sending to the client ??
Depending on what exactly you want to modify, Charles' inbuilt Rewrite Tool might be what you are looking for. You find it in the Tools menu. You can specify which requests shall be modified by protocol, host, port, path and query, and you have the following modification options:
Add, modify, remove headers (request and response)
Modify Host, Path, URL, Response Status
Add, modify, remove Query Parameters
Modify body (request and response)
Another option is Fiddler. Like Charles it can be configured as a proxy for android, decrypt HTTPS traffic and modify request and response.
Charles itself has the functionality. Follow the steps:
enable break points by right click on individual request or a path
Before sending the request, Charles will give you a change to edit it. See below. Click "edit request" to fill in whatever you want and click "execute" to send the request.
Before posting the result back to your mobile phone, you have a change to edit the content. See below.
You may try OWASP ZAP or Burp Suite. OWASP ZAP is completely free and provides a number of features.
See also Android : Capturing HTTP Requests with non-rooted android device.
I've recently tested HTTP Toolkit on Android emulator. It works and allows to capture and edit response from a server. Some functions are paid (in Pro version). Requires root priviledges on real devices.
You can also use Burp Suite or Fiddler.
Is it possible to make HTTP request from iOS / Android Application to look for the Server exactly the same as if it came from PC Browser?
So, it would be impossible for the Server to detect that it is not actually from PC but from Mobile.
Yes, you can alter the User Agent header to make it look like the request was made by f.ex Internet Explorer.
Here is some clues on how to accomplish this on Android:
Android HTTP User Agent
iOS:
Change User-Agent and remove App Name and defaults iOS
Set the user agent on the request to other than the default to fool the server into thinking the request is coming from other than a device. One list of user agents is at http://www.useragentstring.com.
I have set my Google Nexus 4 device to the Français (France) setting, and am browsing a site that is localized via the Accept-Language HTTP header from the client.
However, when I look at the Accept-Language settings arriving at the server, I see is is just en-US.
If I use the Dolphin browser to view the same site on the same device, the header comes in as fr-FR,en-US;q=0.8, and the site displays correctly in French.
The Nexus 4 is a development device, running Android 4.4.2; Nexus 4 Build/KOT49H. The version of Chrome is 32.0.1700.99.
Does anyone know how I get Chrome to honor the device's Language setting?
I am developing an Android app, and was expecting that the HTTP client org.apache.http.client.HttpClient would honor setting the Accept-LanguageHTTP header when calling my web service. However it doesn't, and I'm trying to figure out why.
The Chrome browser also exhibits this behavior, so I thought I would see if anyone else has this issue (posting my code is a little convoluted, and not really appropriate).
Do I really have to explicitly set the HTTP headers based on what I get back from Locale.getDefault().getLanguage() ?
It seems that is not the intent of being able to set the user's language via the Android settings.
So are you doing the following steps? (I'd imagine from your question that you already are, but I want to check because this works for me)
HttpClient client = new DefaultHttpClient();
HttpPost request = new HttpPost(webServiceUrl);
request.addHeader("Accept-Language", "fr");
HttpResponse response = client.execute(request);
We have discovered a strange bug in on of our Android apps in that the app cannot connect to the internet over cellular on certain Android Models/Mobile Networks (connecting via WiFi works perfectly). The URL which the app is trying is to reach is however accessible using the device's normal browser, which rules out the URL being blocked upstream. Any ideas what could be causing this would be appreciated please.
which rules out the URL being blocked upstream
Not necessarily. As one of the commenters pointed out, you do not indicate how you are using this URL in your app. If this is an HTTP request, and it works in a browser but not your app, try changing the User-Agent HTTP header of your request to match the one from the browser.
You have provided no error log, but from experience I have run into a few inconsistencies when connecting to a server.
Using HttpsUrlConnection a SNI header is set on HoneyComb and above but not on previous versions, which can alter how the server responds. To add to this there are some general SSL handling inconsistencies between API levels, such as handling of wildcard domains in a certificate is buggy in some api levels.
Second some phones/api levels add a header to HttpUrlConnection requests that specifies time the request was sent like so:
X-Android-Sent-Millis=1353085024868
Some servers seem to use these headers to detect mobile traffic and alter the response.
I had problems when using a dual-simcard. Do you have more devices connected? Try to shut them down.