NOTE: If you have no idea what TOR or Orbot is, check out this links below:
https://www.torproject.org/
So, I was wondering if possible to add TOR support to my app. This would save the user alot of stress looking for a working proxy and besides, TOR is one of the most safest proxies out there.
Im aware that the The TOR team made an app called "Orbot" which allows Android devices to proxy apps using orbot. The problem is, the only way for Orbot to proxy apps is if they have ROOT and some users do not like taking techy approaches, especially when it has "THIS COULD BRICK YOUR DEVICE!" so I thought if its possible to rip out the Orbot source and add it to my app so my app gets proxied.
This can save lots of people from downloading multiple apps and cut time on setting this up (since my app has to have proxy support to be proxied through TOR which I havent seen much of so i really have no idea on how to have something like this) but im not sure where in the source code is the actual routing to the TOR network and thought i could get a little boost in this.
Im not trying to make my own Orbot, i will give credit
So, does anyone know where to start? I decompiled the regular Orbot app and skimmed through the source but not much rings a bell.
Thanks!
Use ORlib, which "is an Android Library for use by any application that wishes to route its network traffic through Orbot/Tor".
If you want to avoid forcing user to install Orbot, you can include Tor in your application using this project which includes Orbot's tor binary and allows full control over it.
Related
I have an Android mobile app, and I can't see some requests of it's, when trying to sniffing (this mobile app doesn't require any type of auth from user)
I've tried to use Proxyman on iOS and I've catched requests and responses (even HTTPs), but I can't see all of them. For example, I can't see request with the details of product, or with list of them. Proxyman developer answered me:
Maybe the app doesn't use URLSession (Apple Framework) to make a networking request. If it's an online app, it can be a React Native, Flutter app, which (by default) doesn't go through the VPN.
Thus, Proxyman could not capture it.
I've tried Wideshark / Charles / Mitmproxy on my Android emulator (tried Android versions 5.1 - 11.0) but it also didn't work
I've tried decompile APK of this application (with apktool) and I've found many .java files, but it's too hard to find API paths there, because all names are unreadable (but I've found some, but it's not enough)
Can you tell me, what can I do, to get API of this mobile app?
I really don't know, how it can be so hard, why can't I get a simple API calls, because my app somehow knows, where should it go and which type of data it should get (in browser it so much easier!)
Do you have root access? To intercept an Android app really your only options really are root access (and changing the device system configuration) or modifying the app APK. For most apps (all apps that aren't specifically configured to allow user certificates/be debuggable) there is no other possible way to intercept the traffic.
I've written a detailed breakdown of how android HTTPS trust works, and the low-level details of how to intercept it, here: https://httptoolkit.com/blog/intercepting-android-https/. That might provide more context, but the conclusion is the same: you need to modify the system, or modify the app.
If you don't have root access, so you can't modify the system, apk-mitm is usually your best option, and if that doesn't work then you will have to manually investigate the Java code yourself.
Be aware though that you can always use an emulator to run the app, and most emulators (all except the official 'Google Play' emulator versions - e.g. the official 'Google API Services' & vanilla images are root-accessible) will allow root access, so this is normally possible. You can also use emulators like Genymotion which has a free personal use edition.
If that's practical for you, I'd go that way - I've written a full walkthrough to emulator setup & 3rd party app interception here: https://httptoolkit.tech/blog/inspect-any-android-apps-http/
Last possibility: if interception for most HTTPS is working, but just some requests are failing, then you need to disable certificate pinning. You can do this using Frida, I've written a general-purpose certificate unpinning script for Android you can use Frida here: https://github.com/httptoolkit/frida-android-unpinning
So I made a small Android App for inhouse use in my company.
The App is supposed to run on dedicated Android 6 devices (portable computers with bar code scanners attached) to scan bar codes and talk to our servers within the company wireless network.
This inhouse wireless network does not allow internet access for security reasons.
Now I am looking for a simple way to roll out version updates of my Android App. With no internet available, the normal app stores are ruled out.
I would prefer, if version updates could be installed silently without user interaction.
I am aware of F-Droid Server, a custom App Store Repository. As far as I understand, it would be quite some effort necessary to get that up and running in my environment. Maybe too much, considering that the devices need to run only one single app.
Is there a more simple way?
Maybe like programatically downloading a new version of my .apk from a url and then autoinstall?
Any ideas are appreciated.
Is there a more simple way? Maybe like programatically downloading a new version of my .apk from a url and then autoinstall?
Yes, it seems more simple (25 lines of code) to programatically download an apk from your own server and launch an install. Here is a question with lots of details (and checkout the 2 questions it links along to):
Android: install .apk programmatically
The install may require user interaction; a prompt where the user clicks ok or cancel.
Also you have to host the APK somewhere. If you don't want to build a web service for this you could host static files and use a naming convention or timestamp to decide what/when to download and install.
Any ideas are appreciated.
A suggestion about programatically updating is to write a separate simple and robust app that only does that, vs having code in the main app to self-update.
I need to utilize both a barcode scanner and a USB port on something handheld. I figure a small Android Tablet is my best option.
I've spent some time researching and I cannot find anyone who has implemented a NativeScript App w/ Serial Port communication on Android.
I am concerned this means it is not possible, or prohibited for some reason.
I have the Serial Communication functional right now using Nodejs and the serialport module via NPM.
Does anyone know if this module will work in a NativeScript app?
I am going to attempt to make this work over the weekend, but before I waste a lot of time I figured I would ask in case this is simply not possible -- I've chased simple bugs for days so I could waste a long time on something that's not possible. :)
Thanks for your help!
Anything you can do with a pure Java-only app (or Swift/Object C for iOS) you can do with NativeScript as you can access all the underlining APIs. This is one of (if not the) key differences between NativeScript and other technologies. See the NativeScript docs.
Most probably, you'll want to use some third party code to communicate with the serial device (such as usb-serial-for-android). Here's a great blog post on how to use third party code in your NativeScript app.
I know this is not programming question but i really want to know what internet protocol is used by google play store, as of know i am thinking they are using HTTPS but i am not sure about whether they used it for searching or downloading, i searched but not find satisfactory answer.
I also how i will protocol used by different apps installed in android.
I tried to find different protocol used by different application and i sort of find about some apps like Whatsapp, FB etc but i need to find about mostly used protocol.
This information is need for my literature survey for my research.
I would ask this kind of question on http://android.stackexchange.com more than here. If you want to find it out directly, use Wireshark or Charles (OS X). With one of these tool, you'll be able to see all out outcoming and incoming connections of your android device (and then able to study the different protocols).
But the standard in the industry is definitely HTTPS and all the companies, even the small startups use HTTPS.
I have an app in Android Market which is a standalone app that's essentially a full conduit to an SQLite Database(add, change, delete, inquiry). Some of my potential clients have asked to see a sample of my work, but they don't have an Android device.
Other than just showing them screenshots etc., is there a way I could have them go to a website where they can actually run it & check it out.
I'm thinking there would be a programming element involved (convert app to a mobile website essentially?), hence posted this question here.
Not quite sure where to get started. Any help would be appreciated.
You can use one of the patterns like MVC/MVP/MVVM to create your core library and then develop additional UI variants for different clients: Android, java applet etc.
Alternatively you can develop a mobile web site as you suggested and use simple android app to navigate built-in browser to it. This might be somewhat transparent to most users. I think Android MSN client uses such an approach.
I see 2 relatively easy options.
Give them an .apk designed to only
run on the emulator (you can check
the ID, the emulator ID is 00000...)
and they can boot up an emulator and
run it. If you're worried about them
reverse engineering your .apk you
probably shouldn't go down this
route. Or if you don't want them to
have to install the emulator
Set up a virtual machine and let
your clients remote desktop into it.
Give them permissions to only run
the emulator or however you want to
set it up