I want to intercept packets and get the IP/Port numbers, along with the PID/UID of the connection. Things I'm thinking about and what not below...
VpnService: When using the app tPacketCapture, you can clearly see that they start a VpnService. This is where I think I'll be able to do it. However, what would I search on Google/what do I need to look up about the VpnService so that it just acts as a channel for all the packets to go through so I can read what they contain? I've emailed the company that worked on tPacketCapture, but they've yet to get back to me. If anyone has any idea on this, please say what you know.
/proc/[pid] file system. This area of the OS has valuable information, most importantly, /proc/net/tcp and /proc/net/udp which are both of interest, but I'd rather not constantly read these files and build everything up myself. Hence the VPN solution above.
Their are minor other things, but ultimately, they won't work as well as the VpnService, so if anyone can help me with that and making it "local" only, or even what to search to find other examples in other languages, that'd be great.
So, ultimately, my question is, how do you make a VpnService to just reroute the packets to and from where they were originally going to/from.
Any help on this matter would be greatly appreciated.
Thanks!
Related
Before starting I would like to say that I in general I don't really understand a lot of what's going on so it would be much appreciated if you could move on pass my mistakes/correct me while also providing an answer the the question. I'm just trying to use my current knowledge to do stuff I think is cool and I need help filling in the gaps - I can think of stuff to theoretically do, but I have no idea how to actually do it.
Ok, back to the question. I am trying to analyze the code of some android app (the app is irrelevant) that makes http requests to a server during its runtime.
I would like to try and setup some sort of proxy or something like that would enable me to see the http requests the app is making before they are sent to the server, and maybe modify them (something a bit like what Burp does [I have very minimal experience with Burp and its probably capable of a lot more, but I digress]).
I thought about maybe running some kind of emulator on my PC and actually use Burp but I have no idea how that would even work, and not a clue on how to approach this, and that's where I would like your help.
Thanks in advance for reading this and for your time, and I hope you have a good day.
I'd go with some browser addon. Like Tamper data. It'll ask always before submiting your request to server.
And if there aint no working Tamper Data plugin anymore for Firefox, I bet you can find one from addon "shop".
And then there is always this: https://www.kali.org/get-kali/#kali-mobile
I have been able to avoid database, webserver setting 20 years, but now I face it. I found so much information that I rather ask before messing all around with a broken system.
So, I need to host about 10 discussions that have about 25 messages each, older I want to remove. So this is really light weighted. My first idea is to have data in JSON format only because I have some experience on that. Data will be accessed from android application.
Now I have been boiling my brains with, mongodb, micro_httpd, libmicrohttpd, json-server, nginx, nosql, nodes, mariadb, mongodb... and it is time to make decisions.
While data is accessed from android application I wonder do I even need any webserver, actually, I dont necessary want that people can browse to host and read everything from browser. Idea is to use example Get to get sender, subject, message into android textviews and same to opposite direction. Thats why I started to think some api or database that can be connected from internet, but webserver is also ok, if stuff can be hided.
This is not a tutorial place, but if someone with experience could propose some setup for me and directions? I have googled pretty much all tutorials. In first setup I would be happy just to receive and send messages to database/api/webserver/webservice, but later on it would also be nice to have some authentication, and one important, somepoint there will be spam coming anyway and I read something about putting sender ip address five minutes to halt. Captcha would be very appreciated, I guess I could open one in android webview. And from our team leader, apache is not an option while it can leak some information (though I didnt see that dangerous). And to remind, this seems something really light.
I think Firebase is the best solution for you: easy to use, no server database complications, easy to implement. Watch some up-to-date videos from the web and you are set.
Checked so far : this stack post, this one and official docs
I am not really familiarised with the Bluetooth api, yet I couldn't find something to clarify based on my need.
What I am trying to achieve is: Using my android device (as server in this bluetooth connection) to push data to the other device (which can be on any platform)
Seems simple, and I might think about it in a complicate way (was thinking I might provide some interfaces / callbacks to the client part)
Also, my implementation should not affect the client side.. I am a bit stuck into this, if anyone could clarify it a bit, or come up with a decent sample where the code is described a bit,
Thanks in advance, and Happy Coding !
your phone can act as a master(host) device Here is a example you can implement
https://github.com/bauerjj/Android-Simple-Bluetooth-Example
this example uses Bluetooth to connect with HC-06 module but you can use it with other devices
I am trying to add support for bluetooth devices like headsets/headphones/car stereo to my android app which allows user to make SIP/VoIP calls. I am trying to mostly address the requirements of Answering and Ending of calls using button on bluetooth headsets, other buttons/features handling is good to have.
With the search I have done and all the text I have read so far, I have come across the following-
One common way suggested everywhere is registering to ACTION_AUDIO_STATE_CHANGED. But this doesn't really helps me. Intents for it are sent every time the button on Bluetooth headset is pressed And also when we start the ring tone on bluetooth headset.
A very common solution I found was use of Bluetooth Adapter class. There isn't much you could do with it. So again not helpful.
Another approach I came across is the use of Vendor specific headset events. After some efforts I was able to get this working for specific Plantronics Bluetooth headsets. Supporting Jabra is important.
One more approach I came across is binding with IBluetoothHeadsetPhone.aidl, the way the phone app does it. I could find very little information on it, not enough to go ahead and implement any thing.
If anyone has done such things, I think the problem I am facing is not an uncommon one, I just believe it is not documented well.
Any pointer, approach, link would be appreciated.
I will try to add more info as I find any or any other approaches I try. Please ask for details if you need any more on the solutions I have tried. And please suggest changes instead of just flagging the question.
Thanks in adv.
Sorry about the late post. I was able to find a solution for this issue. It is not simple fix.
You need to use ConnectionService from Android telecom framework. Check out this link here & here. After this your VoIP calls will have cellular call like treatment.
Currently involved in a University project and could use any help from members regarding rootkits designed for Android.
I have little knowledge of Android malware and the project so far has got us decompiling apks to view the java class files (if readable) and the AndroidManfiest.xml file. I have also managed to root a phone in the uni lab using various adb commands and pushing files over to it.
What I would like to know is if it's relatively easy to spot malicious rootkit code within a class file? Is there something I can look out for? Is it a case of getting su status or does it involve adding users? Assume to next stage would be to then contact a server so the developer has remote access..
Also, is there a system or service that can process an apk to spot if it contains a rootkit (not just malicious)?
reply:
hi sorry about late reply - tried responding immediately but wasn't allowed as I'm new, but then forgot!
Thanks for the info! I appreciate that I may sound naive, but I guess I have to be seeing as I don't know anything about rootkits or the way they work..
You're right, they are not asking about 3rd party scanners, that was just my interest. So on that topic, are you saying there are scanners out there that specifically look for rootkits in a sample? Or is this detection all part of the overall AV service they offer.. If specific to rootkits alone, then I would really like to know which ones, so i can research them..
Also, with regards to exploitation of a bug - I assume you mean a bug within the Android OS? Would this mean that when patch updates are pushed out from Google then the rootkit is unable to function?
Thanks
A mallicious rootkit tries its best to get certain access, secretly. So any generalisations you make about how it does its business will probably be already worked around by any good rootkit.
"setting su status" is hardly worthy of being called a 'rootkit', that's just 'using root permissions' that you seem to have given the app. A rootkit would look for a way to actually get this without permission, by exploiting some sort of bug.
Systems of services that spot those things are commonly called virus and/or mallware scanners. Yes they exist.
Not to be negative, but this seems like a naive post about the subject, and probably not a good start for a project: I'd say using a 3rd party malware scanner is probably not wat is asked?
You could, for instance, look for known exploit-methods. One that for some reason comes to mind is the overflow, but that's just a random thing. Read up on rootkits, their methods, heuristics to find them etc.