I got a task at my job to reverse engineer an application.
I've been using Charles Proxy several times with other applications without any problems and have also tried Fiddler. I've always been able to monitor the request/responses made.
But the application that I'm trying now does now show any activity in either Charles or Fiddler. First I thought that they check the certificate and kill the connection but the application works as normal without any hiccups.
Is there any way for an application to be able to avoid the proxy settings or what am I missing?
I've been using apktool as well as dex2jar and found this peace of code. Probably not 100% correct but it can give you some clues of what happening.
public final void a(int paramInt1, int paramInt2)
{
this.b = paramInt2;
InetSocketAddress localInetSocketAddress = new InetSocketAddress(InetAddress.getByName(this.a), this.b);
while (true)
{
try
{
SSLContext localSSLContext = SSLContext.getInstance("TLS");
X509TrustManager[] arrayOfX509TrustManager = new X509TrustManager[1];
arrayOfX509TrustManager[0] = new c(this);
localSSLContext.init(null, arrayOfX509TrustManager, new SecureRandom());
this.e = ((SSLSocket)localSSLContext.getSocketFactory().createSocket());
this.e.connect(localInetSocketAddress, paramInt1);
this.d.clear();
if (Arrays.asList(this.e.getSupportedProtocols()).contains("TLSv1.2"))
{
this.d.add("TLSv1.2");
String[] arrayOfString1 = (String[])this.d.toArray(new String[this.d.size()]);
SSLSocket localSSLSocket1 = this.e;
if (arrayOfString1.length > 0)
localSSLSocket1.setEnabledProtocols(arrayOfString1);
this.c.clear();
if (!Arrays.asList(this.e.getSupportedCipherSuites()).contains("TLS_RSA_WITH_AES_256_CBC_SHA"))
break label374;
this.c.add("TLS_RSA_WITH_AES_256_CBC_SHA");
String[] arrayOfString2 = (String[])this.c.toArray(new String[this.c.size()]);
SSLSocket localSSLSocket2 = this.e;
if (arrayOfString2.length > 0)
localSSLSocket2.setEnabledCipherSuites(arrayOfString2);
e.a().a(this.e.getLocalAddress().getAddress());
e.a().a(this.e.getLocalPort());
a(5000);
this.e.startHandshake();
a(0);
return;
}
}
catch (Exception localException)
{
throw new IOException(localException.toString());
}
if (Arrays.asList(this.e.getSupportedProtocols()).contains("TLSv1.1"))
{
this.d.add("TLSv1.1");
}
else if (Arrays.asList(this.e.getSupportedProtocols()).contains("TLSv1"))
{
this.d.add("TLSv1");
continue;
label374: if (Arrays.asList(this.e.getSupportedCipherSuites()).contains("TLS_RSA_WITH_AES_128_CBC_SHA"))
this.c.add("TLS_RSA_WITH_AES_128_CBC_SHA");
else if (Arrays.asList(this.e.getSupportedCipherSuites()).contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA"))
this.c.add("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
else if (Arrays.asList(this.e.getSupportedCipherSuites()).contains("DES-CBC3-SHA"))
this.c.add("DES-CBC3-SHA");
}
}
}
Don't know that much about TLS 1.2 but I know its suppose to be more robust? But can it avoid the proxy?
I've also dumped the traffic using Wireshark, that worked but the information is encrypted, as expected, so its not much of use.
Any help would be appreciated.
This code will probably avoid proxy because is making direct socket. If you are using some higher level api, like HttpURLConnection, it respect proxy settings.
http://developer.android.com/reference/java/net/HttpURLConnection.html
You can try using SandroProxy to find out on which port communication is made.
http://code.google.com/p/sandrop/issues/detail?id=76
Go to HTTP tab and pres play button on acction bar
SandroProxy will listen on two new ports 8020 -> web , 8021 -> websockets for chrome devtools
start chrome from PC with url http your_device_ip:8020
Check Connection tab, last two columns are process uid and names(can be more than one)
To capture data you can also use SandroProxy and force iptable redirects. You will need rooted phone.
btw: send by sandroproxy support :)
You could try using something like adb forward 80 3456 against the device or emulator to have all port 80 traffic redirected to 3456 on your workstation. Then have your proxy listen on that port.
Related
I can able to fetch all device ip addresses in Local Area Network with inetaddress class. What I need to do is reverse lookup ip-address and find as device name in network like : "Jimmie's Macbook"
My Code block which able to fetch all IP address over Local Network Range:
private ArrayList<String> scanSubNet(String subnet) {
ArrayList<String> hosts = new ArrayList<>();
InetAddress inetAddress;
for (int i = 1; i <= 255; i++) {
try {
inetAddress = InetAddress.getByName(subnet + String.valueOf(i));
if (inetAddress.isReachable(1000)) {
hosts.add(inetAddress.getHostName());
Log.d(TAG, InetAddress.getByAddress(inetAddress.getAddress()).getHostAddress());
Log.d(TAG, InetAddress.getByAddress(inetAddress.getAddress()).getCanonicalHostName());
}
} catch (Exception ex) {
ex.printStackTrace();
}
}
return hosts;
}
And i am calling my method as;
ArrayList<String> subnetList = scanSubNet("192.168.1.");ArrayList<String> subnetList = scanSubNet("192.168.1.");
in Log.d(TAG, i am trying to get device name with reverse dns. But both of line gives me output as ip-address ( Not Device-Name as string)
Is there any chance to succeed it ?
Regards,
Onder.
I just do it with fetching MACID and match first 3digits which belongs manufacturers.
https://macvendors.com/ this website also provide api (Post/GET) to resolve MAC Address.
Instead of resolve fullname of MAC, you need to do Handshake peer to peer.
This is probably happening due to router misconfiguration.
Within a LAN, there are no crucial functions that depend on successful reverse DNS lookups, so a misconfiguration of that kind can easily go undetected for a long time.
It is kind of hard to tell what is wrong in your particular case without a lot more information about your LAN, but the first thing that comes to mind is configuring a proper "DNS Suffix" on the router. This is usually found under DHCP settings.
I am new to android development, and trying to call local .NET web api service in android via retrofit library. After starting my web api on IIS I am getting this error failed to connect to localhost/127.0.0.1 android.
When I did same thing as suggested http://themakeinfo.com/2015/04/retrofit-android-tutorial/, It's working fine, But my localhost service is not calling up from android
My service url is,
http://localhost:52511/api/Values/getAllStudents/5
and it is giving me output in XML format in browser too.
I have also try to call it with,
public interface gitapi {
#GET("/api/Values/GetProduct/{id}") //here is the other url part.best way is to start using /
public void getFeed(#Path("id") int id, Callback<gitmodel> response);
}
public class gitmodel {
public int studentId;
public String studentName;
public String studentAddress;
}
String API = "http://10.0.2.2:52511";
public void CallService(View view){
RestAdapter restAdapter = new RestAdapter.Builder().setEndpoint(API).build();
gitapi git = restAdapter.create(gitapi.class);
int id = 5;
git.getFeed(id, new Callback<gitmodel>() {
#Override
public void success(gitmodel gitmodel, Response response) {
Toast.makeText(getApplicationContext(), "Success", Toast.LENGTH_LONG).show();
}
#Override
public void failure(RetrofitError error) {
Toast.makeText(getApplicationContext(), "Errors", Toast.LENGTH_LONG).show();
}
});
}
but no luck.
Please tell me where do I need to change to make it work. ?
Response I am getting in browser is,
<ArrayOfstudents xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/APICall.Controllers">
<students>
<studentAddress>valsad</studentAddress>
<studentId>1</studentId>
<studentName>Keval</studentName>
</students>
<students>
<studentAddress>Hyderabad</studentAddress>
<studentId>2</studentId>
<studentName>Honey</studentName>
</students>
</ArrayOfstudents>
Instead of using 127.0.0.1:<PORT> use your local IP
There's nothing to do with retrofit library in your case.
It's about your network settings,
your phone and IIS server must be the same LAN.
You can follow as below.
Launch an AP on you IIS server;
Connecting the AP with your phone.
Sometimes you need to close security firewall on your IIS server.
I had the same problem as u (failed to connect to localhost/127.0.0.1).
First of all i recommend u to read this:
android developer's guide (main part of this on the image↓)
I had all of this, mean A, B and C. As C(emulator) i used a Genymotion.
And i solved my problem by changing Network Configurations on it.
IMPORTANT: my adress in baseURL were: "localhost:8099/"
Let's see it:
U should click on Settings → Network → check Use HTTP Proxy → input your IP adress and Port(in my situation it was 8099) → close. See it more details on image ↓
I have the same problem, and I resolve it by changing the IP address instead of 'localhost':
open cmd(if you are using windows): type 'ipconfig' and see your computer's ip.(make sure that your computer and your android device connect to the same network).
remove 'localhost' in the url and use the ip(ip of your computer in step 1).
run the project again and check
Actually this helped when using 2 apps on the same Android device (Android 9)
android:usesCleartextTraffic="true"
You can try this in androidmanifest.xml
android:usesCleartextTraffic="true"
In an attempt to bypass Box file/folder IDs and supporting a number of other services as well I decided to implement with WebDAV since I'm somewhat familiar with it on my linux box. I chose a library based on JackRabbit modified to work on Android which seemed to suit my needs. However, it wasn't long until I ran into a problem.
When attempting to list Box's root entries, multiStatus.getResponses() returns an empty array. When accessing another webdav server I get the responses as expected. Both servers return status code 207, as expected.
My code is below, any thoughts?
EDIT: I can move a file, though listing a directory's entries won't work :/
String host = "https://www.box.com/dav/";
//String host = "http://demo.sabredav.org/";
hostConfig = new HostConfiguration();
hostConfig.setHost(host);
HttpConnectionManager connectionManager = new MultiThreadedHttpConnectionManager();
HttpConnectionManagerParams params = new HttpConnectionManagerParams();
int maxHostConnections = 20;
params.setMaxConnectionsPerHost(hostConfig, maxHostConnections);
connectionManager.setParams(params);
client = new HttpClient(connectionManager);
Credentials creds = new UsernamePasswordCredentials("BOXEMAILADDRESS", "MYBOXPASSWORD");
//Credentials creds = new UsernamePasswordCredentials("testuser", "test");
client.getState().setCredentials(AuthScope.ANY, creds);
client.setHostConfiguration(hostConfig);
try
{
String propfindUri = host;
DavMethod method = new PropFindMethod(propfindUri, DavConstants.PROPFIND_ALL_PROP, DavConstants.DEPTH_1);
client.executeMethod(method);
Log.i("Status: " + method.getStatusCode());
MultiStatus multiStatus = method.getResponseBodyAsMultiStatus();
MultiStatusResponse[] responses = multiStatus.getResponses();
Log.i("Length: " + responses.length);
for(MultiStatusResponse response : responses)
{
Log.i("File: " + response.getHref());
}
}
catch (Exception e)
{
Log.printStackTrace(e);
}
While Box has some support for WebDAV, we only officially support it for iOS at the moment. Our testing has shown that our implementation of DAV works pretty well with the Windows native DAV client, as well as the Panic-Transmit Mac-specific client. Though the interactions there are not completely perfect.
Box WebDAV does not work well with the native osX (Mac) webDAV client. Expect huge delays as it looks like that client tries to load the whole tree before it displays anything.
Linux users may be able to tell you here on StackTrace which of the various OS webDAV clients/libs they've tried and which ones have worked better than others.
We do have plans to turn the crank and 10x improve our webDAV support sometime later this year, but we do not have a specific date, and just the nature of webDAV clients is such that even when we fix many of the issues with it, some client experiences on webDAV may still suck. For that reason we may only officially endorse a couple webDAV clients/libs per platform.
Hope that helps.
I'm using Eclipse to (try to) build an Android client to get reuse a restlet service I developed using GAE and GWT.
My service is running at
http://127.0.0.1:8888/abc/audits
I can test this by going directly to this url, and by using my GWT client - both work.
However, the following code returns a communication error
private AuditsResource resource;
private Audits audits;
ClientResource cr = new ClientResource("http://127.0.0.1:8888/abc/audits");
resource = cr.wrap(AuditsResource.class);
try {
// Get the remote contact
audits = resource.retrieve();
// The task is over, let the parent conclude.
handler.sendEmptyMessage(0);
} catch (Exception e) {
Message msg = Message.obtain(handler, 2);
Bundle data = new Bundle();
data.putString("msg", "Cannot get the contact due to: "
+ e.getMessage());
msg.setData(data);
handler.sendMessage(msg);
}
I have no idea where to look next. I've instrumented the server implementation of AuditsResource, and it is never touched (by the Android application).
The AuditsResource class has one method, to keep things simple for now
#Get
public Audits retrieve();
It appears the problem is that the Andriod Emulator cannot connect to either 127.0.0.1 or 10.0.2.2. The solution is to use your PC's IP address.
I am able to connect from Android to my local Google App Engine through Android/Restlet using 10.0.2.2 instead of localhost.
I am new to both Android and Java so I beg your pardon if my question
is asked at the inappropriate group or forum. I made a .Net
application for my company and recently they asked me to port it on
Android so as to install it on Samsung Galaxy Tabs.
First of all, I am using Eclipse, JDK 6, target platform android 2.2
and an Emulator with the GalaxyTab plugin. My operating system is Windows 7.
This application, sends and receives messages to and from a certain
controller on the network using UDP.
In short my application uses a "DatagramSocket", binds it to a local
"InetSocketAddress" and then launches a thread that listens for
datagrams, while another thread sends requests to the controller upon
the user's request. Here is a some code snippet:
This is where I assign the local address and the socket:
try {
loc_addr = new InetSocketAddress(
Inet4Address.getByAddress(
new byte[]{(byte) 192,(byte) 168,1,(byte)240}), 0xBAC0);
//192.168.1.240 is the IP of my machine on the network
} catch (UnknownHostException e) {
.......
}
try {
soc = new DatagramSocket();
soc.setReuseAddress(true);
soc.setBroadcast(true);
soc.bind(loc_addr);
} catch (SocketException e) {
.......
}
This is where I listen for incoming datagrams:
try{
buf = new byte[1024];
receive_pac = new DatagramPacket(buf, 1024);
soc.receive(receive_pac);
if (receive_pac.getData() != null){
.......
}
}
This is where I send data:
try {
addr = (Inet4Address) Inet4Address.getByAddress (new byte[]
{(byte) 192,(byte) 168,1,(byte) 255}); //The message I am sending should be broadcasted
} catch (UnknownHostException e) {
......
}
sendPacket = new DatagramPacket(buf, buf.length, addr,
loc_addr.getPort());
try {
soc.send(sendPacket);
} catch (IOException e) {
......
}
Well when I use "soc.bind(...)" I receive the following exception:
cannot assign requested address
Then I receive a debug message (I don't know if it is relevant):
DEBUG/SntpClient(58): request time failed: java.net.SocketException: Address family not supported by protocol
The application is working, I verified through "WireShark" that when I
ask from the emulator to send the data to the controller, the
controller replies back with the expected data correctly. However, the
socket, in the application, on the emulator doesn't receive anything and stays blocked on
the "Receive" call!
Can anyone help me figure out what problem or error I have committed with the receiving part of my application!
Any help is much appreciated,
TMI,
[Edited: If you saw my other answer, please disregard, I made the classic mistake of changing two variables in one test and it was the other variable that made the difference.]
In regards to this:
I tried binding it to the socket and it resulted with the "SocketException: Invalid Argument". Still the program delivered the same operation! Do you have any idea what this exception might mean?
You may have solved this by now, but I just had the same question and answered it myself here.
What got rid of this exception for me was to change the way I was creating the DatagramSocket.
From:
sock = new DatagramSocket();
To:
DatagramChannel channel = DatagramChannel.open();
DatagramSocket socket = channel.socket();
Usually you see that error message if you're trying to bind to an IP address that you don't own. Are you sure that the IP address of your Android emulator is 192.168.1.240? The emulator IP can be different from your host machine IP.