I am trying to implement kind of android firewall via vpnService. So far I managed to get all the incoming packets to my VPN service. I need help to parse the packets and get destination IP address and source IP address with their ports! in order to open new socket connection and forward the packet to it's destination.
In addition, Is it enough to forward only the data of the packet to the destination or I need to forward it as is with the headers?
Any
You help is much appreciated.
Always try to post your current code if you want better answers.
As for your question, I understand so far you only have all the traffic routed into your application but you haven't been able to read it. You will need to decode the headers of TCP, UDP and even IP to get that info. Read a bit about the protocols. Wireshark is a good tool.
Have a look at this question: "Android firewall with VpnService"
Your application will essentially need to be able to interpret and construct IPv4 and IPv6 headers and options, and as the IP payload, the UDP headers and TCP headers and options.
Related
I created a VPN using android's VPNService class. Now, I want this VPN to also handle packets from the device's hotspot interface. So in the VPNService Builder, I called the addRoute("0.0.0.0",0). This made sure I got all outgoing packets including the Hotspot.
The problem I am currently facing is that when I get packets redirected from the hotspot, the packets seem to still have IPs from the hotspot network. 192.168.43.... both in the source field and destination fields of the IP packets and the payload doesn't seem to contain a TCP packet either.
My questions are:
Why does the hotspot packet I receive from the VPN interface not have the same source IP as that of the VPN interface created by VPNService class?
Is there another layer the packets from the hotspot are packaged for since I can't seem to get a remote Address for the real request in the IP headers?
Is my VPNInterface setup wrongly?
My interface was setup correctly.
Apparently, what I was getting then were DHCP packets. DHCPOFFER Packets from Android's Local DHCP Servers.
Even though android's VPN interface is setup to get all outgoing packets on a device, it doesn't seem to get broadcast packets but for some reason, it gets replies to broadcast packets.
I wonder why it was designed that way.
Understanding this helped me solve my problem.
I've searched for a solution for 2 days.
The problem is: i need to create the app for encrypting (with some custom algorithm) all internet traffic from a device.
I've found that I can use vpn and android provides me a class VpnService. I don't understand how to encrypt the tcp packets with VpnService class.
Could anyone help me please?
By using VpnService, you can get all the IP packet routed to your interface.
What you get here, is IP packet, which takes TCP/UDP packet as payload.
The the IP packet should be tunneled to remote server.
Encrypt the traffic with remote server is what you need.
I am working on an Android app that uses VpnService to receive all packets coming from the interface (IP packets).
Once I receive a packet, I look at the IP header to check the protocolm source IP, destination IP. If its TCP, then I look at the TCP header, take the port numbers and try to send the packet to the destination IP.
My question is, do I have to strip away the IP and TCP headers when sending the data through a Socket() in java? Or do I leave the TCP header intact?
For more information, I count the offset from both IP and TCP headers so that I send the data right after the headers are finished. Thanks!
do I have to strip away the IP and TCP headers when sending the data through a Socket() in java? Or do I leave the TCP header intact?
You don't have the TCP header to strip. You just send and receive data.
I tried plain socket, but it was not connecting ... So then I tried using a blocking SocketChannel
There's no difference for this purpose between Socket and SocketChannel. If you're using either of them you are only concerned with the data payload, not the IP or TCP headers.
Also if don't mind answering another question for me. When I get the payload I try to search for "GET" in hex values (0x47,0x45,0x54) to find the HTTP header, but I never find one. Is this right? I check the IP address requested and its asking for google.com. One thing though is that the port is 443 which means encrypted connection, so I was thinking this is probably why I can't find the Http header.
That's correct. It's encrypted so you can't read it. But if you're writing an HTTP proxy, as you seem to be, all that should be preceded by a CONNECT command line in plain text, which you can get the target from.
I am trying to make a sip call by using android.net.sip but have registration problem.
All responses from the server (I tried multiple servers) correctly reached UDP port number that is described in the Via and Contact headers of the Register.
However, all of responses got ICMP port unreachable.
I am using AVD running on XP machine and I verified both isAPIsupproted and isVoipSupported.
I would appreciate if you can provide a solution.
Does the response packet reach the port which REGISTER packet sent from?
It seems the emulator only listens on the loopback interface (check with netstat, etc.), so if you want to get incoming connections, you need to port forward incoming connections on the host machine's LAN interface (eth0, etc.) to the corresponding ports on loopback. I haven't tried this though, so it's all theoretical.
If you were to implement a persistent tcp connection on android what port number would you choose?
This is the sort of connection used by Google's C2DM service.
Use any port really. It probably doesn't really matter so long as it's above 1024. Let's say you choose port 5000.
I'd recommend using a second ip address and forward all traffic on ip2:80 to ip1:5000. That way you can get around any firewall restrictions on your network.
If you want more details about adding a second ip address and adding a NAT to your iptables to forward traffic from port 80 on ip2 to port 5000 on ip1, I can share my notes with you.
How about 1764? (42*42). Or possibly 3141?
Technically it really doesn't matter what port you choose. You just can't use a port that is needed for another service if you also want to run this service. So if you want to run it on a mail server, port 25 is a bad choice.
But since there are sometimes firewalls in place that may filter traffic, I'd recommend port 443 (https) where you have a slightly higher chance of getting your traffic through.