Variants of this question exist, but I can't seem to understand something.
If you read at the end of the features in ICS / 4.0, there is mention of
Enterprises can also take advantage of a standard VPN client built into the platform that provides access to L2TP and IPSec protocols.
My assumption here is that since it's not under the "Developer" section, that we didn't get a developer API access other than the VpnService API. I've looked at ToyVPN and this is just useless, since I need a REAL IPSec IKEv1 XAuth connection to connect to enterprise firewalls.
I've found several solutions which require root and VPNCilla which apparently doesn't though I haven't been able to successfully have it establish the connection.
Does this mean that there really is no way to PROGRAMMATICALLY create a profile for or connect to an IPSec IKEv1 XAuth gateway/firewall unless we implement the protocol in Java or using the NDK (like StrongSwan did with IKEv2) ?
It's extremely unlikely that there is a way to create a VPN profile without root or system app privileges. You can take a look at how this is implemented in AOSP settings here.
Related
I have an Android mobile app, and I can't see some requests of it's, when trying to sniffing (this mobile app doesn't require any type of auth from user)
I've tried to use Proxyman on iOS and I've catched requests and responses (even HTTPs), but I can't see all of them. For example, I can't see request with the details of product, or with list of them. Proxyman developer answered me:
Maybe the app doesn't use URLSession (Apple Framework) to make a networking request. If it's an online app, it can be a React Native, Flutter app, which (by default) doesn't go through the VPN.
Thus, Proxyman could not capture it.
I've tried Wideshark / Charles / Mitmproxy on my Android emulator (tried Android versions 5.1 - 11.0) but it also didn't work
I've tried decompile APK of this application (with apktool) and I've found many .java files, but it's too hard to find API paths there, because all names are unreadable (but I've found some, but it's not enough)
Can you tell me, what can I do, to get API of this mobile app?
I really don't know, how it can be so hard, why can't I get a simple API calls, because my app somehow knows, where should it go and which type of data it should get (in browser it so much easier!)
Do you have root access? To intercept an Android app really your only options really are root access (and changing the device system configuration) or modifying the app APK. For most apps (all apps that aren't specifically configured to allow user certificates/be debuggable) there is no other possible way to intercept the traffic.
I've written a detailed breakdown of how android HTTPS trust works, and the low-level details of how to intercept it, here: https://httptoolkit.com/blog/intercepting-android-https/. That might provide more context, but the conclusion is the same: you need to modify the system, or modify the app.
If you don't have root access, so you can't modify the system, apk-mitm is usually your best option, and if that doesn't work then you will have to manually investigate the Java code yourself.
Be aware though that you can always use an emulator to run the app, and most emulators (all except the official 'Google Play' emulator versions - e.g. the official 'Google API Services' & vanilla images are root-accessible) will allow root access, so this is normally possible. You can also use emulators like Genymotion which has a free personal use edition.
If that's practical for you, I'd go that way - I've written a full walkthrough to emulator setup & 3rd party app interception here: https://httptoolkit.tech/blog/inspect-any-android-apps-http/
Last possibility: if interception for most HTTPS is working, but just some requests are failing, then you need to disable certificate pinning. You can do this using Frida, I've written a general-purpose certificate unpinning script for Android you can use Frida here: https://github.com/httptoolkit/frida-android-unpinning
I would like to be able to read traffic of my Android phone to see what data it's sending. It is running Android 9.
I have been able to use Charles but it can only read traffic that doesn't have SSL. It seems that if I was testing my own application there is something that I can set so it trusts the certificate, but I'm trying to get all traffic (all apps etc). I also have used the apps Packet Capture and NetCapture but they have the same limitation.
Is this video the guy is able to do it, but it appears to be an older version of Android where all apps would've trusted a user installed certificate.
Anyone got any ideas?
On Android 9 installing a custom root certificate usually does not affect the apps, therefore HTTPS connections performed by apps don't trust the certificate from Charles that you have installed. To change this you would have to manipulate every app or modify the Android system itself. Additionally some apps (e.g. Google services and PlayStore) perform certificate/key pinning which totally prevents breaking the HTTPS traffic unless the system is heavily modified:
You have to root your device and install XPosed + multiple modules to allow SSL/TLS interception like TrustMeAlready (or the older projects Just Trust Me and SSL Unpinning).
Another possibility is using Frida in combination with some anti-TLS checking/pinning script(s).
More possibilities are described in this Answer.
WARNING: Doing so totally eliminates the security of each and every SSL/TLS/HTTPS connections on your device Therefore not only you but everybody can intercept the connections made by a device modified this way!
To answer simply... No.
There are ways to look into the traffic but it won't show you much of anything worthwhile. You might be able to take a guess here and there but nothing will satisfy what you are after. I would not waste your time TBH.
Source: Had to do this for my job. Analyzed our app as well as many many others.
Check this out:
https://security.stackexchange.com/questions/83028/possibility-to-sniff-https-traffic-on-devices-without-installing-a-certificate/83039
I need to implement an Android app that would allow the user to configure a VPN connection without having to access the native menu of the Android device. With this I have two problems:
in Android 4.0 + (api level 14 and above) I have found there is a new component called VpnService which provides a hook for creating a virtual network interface, configuring it and intercepting / forwarding pachets from it to a VPN server, but there are no built in vpn protocols like PPTP or IPSec, there is just the possibility of implementing them. My question is is there any ready made solution for PPTP and IPSec to work with VpnService?
In earlier versions of Android, from what I have found so far, it seems the only way to use VPN is to access and configure the built in vpn solution of the device by wrapping (using reflection) some hidden apis in android but this is a cumbersome solution since the device needs to be rooted, also the hidden api implementations may differ from device to device, and from OS version to OS version. Is there a better way to programmatically configure the built in VPN of the underlying linux OS?
1) I don't know of any open-source PPTP or IPSec implementations for the Android 4.x ICS VpnService. VpnService is designed for creating custom-protocol VPN applications (which could in theory be pptp or IPSec). The only open-source implementation I have found that leverages this new API is one for OpenVPN:
https://github.com/schwabe/ics-openvpn
This provides one potential VPN solution that you are fully in control of (the server is open-source also), but it is not PPTP or IPSec. If you understand the PPTP protocol, it should be possible to use this as a model to implement such a VPN client.
2) Yes, it is true that in earlier versions, the only way is through private APIs. In fact, even if you want to do it in later versions using the built in VPN support (i.e. built in PPTP or IPSec support), you have to leverage these hidden APIs. It maybe be possible to do it at a lower-level using the underlying linux kernel, but this would require rooting the OS and circumventing the Android application paradigm. This is not necessarily a better alternative to using private APIs.
For some info on howto configure VPN using those APIs:
http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/2.2_r1.1/android/net/vpn/PptpProfile.java
(example of a PPTP profile object, needed to pass into the API)
How to programmatically create a new VPN interface with Android 4.0? (Explains how to store this new VPN profile on the system)
I am not sure how consistent and reliable these APIs will be. I would expect them to work on most Android devices as vendors are unlikely to re-implement the basic VPN implementations, although they may have added their own. They also may have altered the APIs necessary to enable such profiles, or have extended their capabilities.
I want to Programmatically create vpn profile; somehow i figure out how to access android.net.vpnmanager and android.net.vpn.vpnprofile (they are not part of offical API and are part of hide APIs) but they have no function create new vpn profile. any suggestions?
Using Hidden APIs is not a good idea as there is no guarantee that with an update they will still work as intended, moreover there is no guarantee that they will work in a consistent manner across different devices manufactured by different vendors.
Android 4.0 ICS has a VPN client API but again it allows you to create your own VPN client.
The only reason I can think of as to why you cannot access VPN settings just as you will access wifi settings is the inherent nature of VPN connections. Here is a link to the VPN features in ICS4.0. The first part of the document discuss these risks. You can still write your own client for your app.
http://developer.android.com/reference/android/net/VpnService.html
Another approach can be to use a third party VPN client and check if you can pass any actions to it via an intent. My recommendation if you are targeting ICS only will be to go with the client API as that you know how your code is working.
I thinkt that VPN Android isn't yet on a stable release, there are a couple of other clients besides the built-in there. But there's so many changes between the last versions of Android regarding the VPN and proxy settings. At the beginning there aren't any VPN support at all, then you can only get that rooting your device and now there's a kind of stable native VPN client inside Android but like you noted, lack of documentation in many aspects and other bugs too.
My recommendation would be to wait to create your code after we have a slightly more stable VPN Android and documentation. If you can't or don't want to wait, go forward with that undocumented API, it could change in the future but I don't see any better option right now.
If You are using a phone from Motorola look into using this as it has code to create working vpn connections using L2tp and Pptp
http://developer.motorola.com/docs/Motorola_Enterprise_Device_Management_SDK_Getting_Started/
The Settings on Android provides an option to add VPN manually.
Can this be done programmatically through some kind of an API?
I'm not looking for a way to connect to a VPN. I'm only concerned about configuring a VPN profile.
Please see this answer, it is not possible with the Android SDK.
This is not possible with Android SDK. However, some manufactures like
Motorola have their own flavor of android and in their SDK they have
made it possible.
See also this question -- Create VPN profile on Android. Briefly, we came to the conclusion that it's not only not possible with the Android SDK, but it's not possible even with a hacked SDK unless you have a rooted device (because the VPN profiles are stored via the system KeyStore, so you would need to be running as a system process to add / modify them).
However, there does appear to be a third-party VPN app that at least claims to do this without a rooted device, but it doesn't appear to be open-source and I can't vouch for it (see the comments here: http://code.google.com/p/android/issues/detail?id=8915).