How can I direct all android data traffic excluding calls and SMS through a proxy server before it actually reaches its destination, I was able to retrieve and edit some system information like the net.eth0.gw. Will that help and if so, what exactly should I do with it? I'm very new to android and networking, any help will be appreciated.
Thank you.
You can direct your Android to use a Fiddler proxy. Or any HTTP proxy for that matter.
I do this from time to time on my Android phone for debugging HTTP network traffic. And that covers about 90% of everything you could think of needing to capture.
Setup Fiddler on your PC and enable it as a proxy server for other nodes. From the Fiddler Tool's menu, select Fiddler Options, and then Connections Tab. Then enable the "allow remote computers to connect" checkbox.
Then configure your Android device's Wifi settings such that a manual proxy setting is specified for the current Wifi connection. (You give it your PC's IP address at port 8888).
Then browse some websites on your phone. You should see the request/response flows in the Fiddler window.
This obviously only works for HTTP traffic - for code that uses the typical class libraries built into the connection. It doesn't work for code using sockets. Anything over HTTPS will be hard to view since its encrypted, although Fiddler has a few options that you can try (YMMV).
Related
I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages).
Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I try turning it on, the whole emulator restarts (probably crashes).
So how do I sniff/trace/inspect sockets traffic on Genymotion/Android emulator?
You might have better luck by doing it on the host side, ie from the Windows/Mac/Linux machine running Genymotion.
The basics
Install Wireshark
Start Wireshark and select the network interface which connects you to the Internet (or to the server you are interested in). For me it is wlp1s0.
Tell Wireshark you only want traffic going from your device to the server you are interested by entering ip.dst == <server-ip> in the filter line. Now go back to your device and use the application which communicates with the server. Traffic should appear in Wireshark. Here I am browsing my web site, whose IP address is 5.135.144.176:
Note that if Wireshark knows about the protocol used by the server, you can filter it. Here is the same output with the http filter:
Watching only traffic from the device
With the current setup, if you access the server from your host, this traffic will be logged by Wireshark as well. To avoid that you need to do the following:
Configure your device in Bridge mode: stop the device, open its settings dialog and select Bridge:
Get the device IP address: restart the device, open the "Settings" application and go to "About phone > Status", note the IP address:
Add this IP address to the filter line in wireshark, like so: ip.src == <the-device-ip> and ip.dst == <the-server-ip>.
I'm working on some test project, basically I want to route all traffic when I'm in hotspot mode into a fixed address. I have the IP range for example 192.168.0.0/24 I don't know if I can use iptables without root or JNI functions (can't find any that match what I want)
Thinking out of the box is very welcomed (DNS, low level packet broadcast on client connect etc...)
Any Idea?
EDIT: How Android and iOS detect a Network Portal?
source : https://sudoroom.org/wiki/Mesh/Firmware/Splash_page
They try to HTTP GET on
iOS: http://www.apple.com/library/test/success.html and expect a 200 if not behind portal
Android: http://clients3.google.com/generate_204 and expect a 204 status when not behind portal, any other status is a portal
So, how can I respond correctly to those detections?
The easiest approach is to enable a socks proxy when configuring the wifi AP you are connecting to. This varies depending on the version of android, but it is typically something like:
Touch and hold the wifi network you want to connect to.
A dialogue box should pop-up. In that dialogue box, select advanced.
Find the proxy option and enter in the IP and port of the server you want to forward traffic to.
Android speaks SOCKS and so long as your proxy speaks SOCKS as well, you are good to go. If you root the device you can (depending on your version of Android), configure this proxy automatically. See, for instance, AdBlock Plus for Android which does exactly that.
If you don't want to go the proxy route you may be able to manually set ebtables rules if your device is rooted. This is significantly more work as you have to be careful not to mess up the NAT'ing that your device is already doing.
I'm trying to capture traffic from an app on an Android phone and although I've set the proxy on the phone and can capture all other internet traffic coming from the phone (using Charles Proxy), I can't see any traffic for this one app.
How is this done, and how can I capture the traffic?
UPDATE:
If you need help setting up a wifi hotspot from your computer, so you
can connect your phone to it and Wireshark the traffic, just look at
the following link for directions:
http://www.wi-fiplanet.com/tutorials/article.php/3849841/How-to-Create-Wireless-Hosted-Networks-in-Windows-7.htm
If you want help decompiling an IOS app to assembly, look at this
link: http://www.infointox.net/?tag=arm
If you want a better Dex to Java decompiler than dex2jar, check this
out: https://github.com/skylot/jadx
There're several ways:
Connect your phone to your internal wifi access point (before connecting check advanced options and set a manual proxy).. Note: this method do not work for all network data.. some connections ignore this setting.
(works on rooted phones only) Install 'Shark for Root' application on your device... it will capture ALL traffic.. it will generated dump files that can be analized on your PC using Wireshark software
The best way: Setup your PC as a wifi access point and make your android device to use this wifi connection, then sniff the traffic using the same Wireshark application.
I strongly recommend you use something like "CharlesProxy" (or similar). Be aware of 2 things when u setup the proxy (I hope it is an application you are developing, otherwise be sure of what you do cause it can be ILEGAL):
1 - If you want to attack from your Android/iOS phone to the proxy installed in your local computer, you need the proxy to be configured to use the local IP:PORT (which means CharlesProxy needs to be configured as an address as 192.168.x.x if using a normal wifi network). Then, the Android/iOS phone needs to be setting the proxy to the same IP:PORT
2 - If the app uses https, there are several ways to manage HTTPS connections:
a) If your application accepts ALL Certificates, then it is not a problem for whatever proxy to capture and decrypt the information.
b) If your application accepts only system (and trusted) certificates, you have to export the charlesproxy certificate to your Android phone and to add it into the list of user's trusted certificates.
c) If your application is correctly doing "Certificate pinning", you won't be able to capture the traffic, unless you have the private certificate of your server and you add it in both (your phone) and the proxy configuration.
Hope it helps!
I have my device connected to debug Android apps, but I need to see the HTTP requests and responses (inc. header info).
I've seen a similar question asked on how to do this for an emulator, but how to do this when a real device is connected?
You can use Charles, is a really powerful tool that does exactly what you need.
Charles allows you to sniff the packets sent through HTTP from your actual device, the way you use it is simple:
Download and install Charles, run the program and specify the proxy port
Connect the Android Device to the very same network of the computer running Charles
Go to Wifi-Settings in Android Device and long tap on the network connected, then go to Modify Network-> Show advanced Options
Set Proxy as Manual and in Proxy Host name set your computer IP "192.xxx.x.x" and in the Proxy port add the same port specified in Charles Proxy Settings.
And that's it, all the traffic from your phone will be proxy to charles and it will show you headers, parameters, etc...
Hope it Helps
Regards!
I got this crazy idea that I don't know is possible or not... what I want to do is set up my phone as wifi access point, then allow people to connect to it, but handle all incoming http traffic myself.
So:
phone wifi in access point mode; open wifi network (this tidbit works - yes I know it's not officially supported but then I have no intention to distribute put this app on the open market or so, it works on my phone and that's good enough for me).
client can connect to the phone (e.g. my laptop: this also works).
when client tries to open an http connection to any random server, this has to be intercepted by my app and handled by a local web server. This is the point that I'm stuck on.
The web server part shouldn't be too hard; there are (open-source) web servers available. But getting the traffic to that web server, there is the problem.
The behaviour I'm after is a bit similar to what you get when connecting to some open hotspot, like hotel hotspots, that then redirect you to a login page. This intercepting of the connection request (I suspect I have to look at DNS requests?) is what I'm after.
I have seen an app that is doing this but they require the phone to be rooted. I'm hoping to find a way to do it without rooting the phone.
Wifi hotspots would usually use IPTables to redirect port 80/443 traffic to a local web server.
I have run squid on linux machines in the past on port 3128, then sent all port 80/443 traffic to squid. Then I used squid redirect any url that I didnt explicitly allow to a local web server.
IPTables is accessible on rooted android devices only though.
And I doubt there are many proxy servers available on android, so you would have to send HTTP traffic to a proxy server over the network connection.
Like has been said, you'll need IPTables, but you'll also need a proxy server, like Squid.
Google "transparent proxy with squid", or check here:
Linux: Setup a transparent proxy with Squid in three easy steps
you do not need to have a proxy, you just need a full LAMP stack on your device and IPtables, you can mark all packets that have not been authenticated to forward through to your local page, then using php change the rule for that IP address once the address has authenticated, you could do the same for mac addresses if you wish, you would then also need a daemon that periodically reset each exception