I am creating an application which has to track http requests made by a given application. Android has many widgets like weather report widget, stock market report etc, which often makes request to server to get the data. I want all the request url made by an appklication to the server.
Can we log the url when an application accesses network/wifi or any other data service provider ?
Any help would be appreciated.
Can we log the url when an application accesses network/wifi or any other data service provider ?
Fortunately, no, for obvious privacy and security reasons. Malware authors would be very interested in this capability.
You can use open source proxy servers made in java for example jHTTPp2.It is having good implementation of proxy server logic.
All you need to do is just start the server from any android application and set proxy in your emulator or device to 127.0.0.1 and port as 8088(as by default the jHTTPp2 runs on that port).
You need to make some modifications to the proxy code as per Android requirements.
I hope this might be of some help to you.
Related
I am trying to write a http proxy server that would run on the device itself. In fact, need to find a way to capture the outbound http traffic generated by the device.
The code I have so far is compiling OK, it is based on the code found here: http://www.jtmelton.com/2007/11/27/a-simple-multi-threaded-java-http-proxy-server/
The problem is that the http request to the actual server would block and never return .
Is there a better way to write such a service without rooting the device?
You should check SandroProxy.
Can caputre traffic on non rooted device if os proxy settings are used, or with iptables rules on rooted one.
Traffic is stored it in local sqlite database. Captured data can be also examined by chrome devtools. To capture traffic in your app you should check source code for plugins. It has all the code for iptables redirections and proper settings.
Check out the wiki link on google source code HowToInterceptTrafficOnMyOwn
http://code.google.com/p/sandrop/wiki/HowToInterceptTrafficOnMyOwn
btw: send by sandroproxy support :)
I've been using a piece of software called proxydroid to use my device as a proxy server, and its the only one I've found which doesn't require root. I'm not sure if it will be any help to you, but its an open source project and the code can be found here:
https://github.com/madeye/proxydroid
I have noticed that the application will freeze after a while, or if a large number of request are sent at once, but I've not had chance to find out why this is happening.
Forget about setting proxy, use Facebook Stetho library (http://facebook.github.io/stetho/) to review all http requests and responses from emulator/device
My application need to communicate frequently.
So there are many url: http://abc.php
The question is even if I use proguard, is it possible for people to get the url and hack in the system.
What should I do so that it can hide the link and make my system more secure.
You can't. Any one can get you app and use sniffers to check where your application sends request. You should provide good security on server.
Any URL or web service you are sending them to should only be for uses such as JSON/XML requests. There shouldn't be anything that critical in a wide open base URL. If there is then you have problems to begin with. Plus you may try to hide your URL, but with simple networking tools attached to the application it would be very easy to sniff the IP address and do other public functions to look-up the url. Any URL you have would be public, thus you need to take security measures on another end.
I have created an AppEngine connected Android application, and I'm trying to modify it to be able to store some user data on the server. I do not know what's the easiest way to do so, because I want it to be as simple as possible. I just want to store some basic data for every user. This data is: Name, Email, and some other Strings. I have created a form in the android side which will allow the user to type all the requested data, but I do not know how to send this information to the GAE server and store it in the datastore. I guess I will have to use a Servlet and some kind of RPC service to call the methods. I'm really lost because it is my first time doing this. I'm not experienced neither in android nor in web apps. I hope you can help me.
Update
Well, maybe I did not explain myself well. The system I've been asked to build consists on a web service that store your personal login credentials for most common sites (facebook, gmail, etc). Using a chrome extension, you ask the server for the credentials on the website you are navigating, and then the server asks to your phone for authorization. It will ask (do you give me permission to send your credentials to "some user"), and you have to ansewer yes or no and then the server will act in consequence. The point is that you have to store your credentials in the server in some way, maybe from the android app (which is what I was trying) or from somewhere else. I will also need authentication.
Pd: I use java for the server side.
Since you already started with AppEngine connected Android application, it makes sense to continue customizing it: App Engine Data Access: Adding Entities and RPC.
Update:
There are of course many ways to exchange data between client and server. The most simple would be a servlet handling GET and POST requests with some query parameters.
Also, most popoular lately is REST:
Android REST client: http://appfulcrum.com/2010/08/20/android-how-to-call-rest-service-using-asynctask/ (try using GSON instead to parse JSON)
Server: use a REST framework. My personal choice is RESTEasy. An example: http://ankiewsky.blogspot.com/2010/08/resteasy-on-googleappengine-corerest.html
Update 2:
The simplest possible way - making/handlin a simple POST request:
Android client - making POST request with parameters: http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient
Server handling POST (or GET) and extracting parameters: http://www.exampledepot.com/egs/javax.servlet/GetReqParam.html
Find and follow thoroughly the Topic Index on this page. Gud luck
I have an Android App which uses http communication for nearly every operation. I want to be able to demo without connection to the internet by somehow replaying the http exchange. How can this be done? So I want to somehow almost like mock objects but really mock http session so I can always demo the app on or offline. This is really a very cool thing to be able to do. Since you can demo the app easily and reliably. Does anyone know how I could do this. Replicating the whole server side is just not an options its got too much stuff. Its important not to just show screencast but the real data exchange. I just want to be able to run thru the app and replay. Maybe debug as well. Thanks
Here's a hybrid solution using similar ideas from other answers:
You could write a dead simple HTTP server that listens on "localhost:80" (or whatever the port is on the server you're targeting) and point your application to this host instead by factoring out the host name from requests. Your local server has a reference to the actual remote server and does the following:
If ONLINE, forwards the request as-is to the real server, gets the response, saves it locally either in an in-memory cache keyed by the request URL or a file named with the URL as its identifier (munged appropriately)
If OFFLINE, looks up a request in its (in-memory or file system) cache and returns the contents from the cache instead
This is kind of like the record/playback mode that #nicholas.hauschild says.
Now you can just run your app once when ONLINE, causing your localhost server to save away requests that it issues against the real server. Then when you run your app OFFLINE, it just returns these cached contents instead whenever the same URLs are issued.
Hope this helps.
If you're device is rooted, you can use tcpdump as explained in this post: http://www.vbsteven.be/blog/android-debugging-inspectin-network-traffic-with-tcpdump/
or use AndroShark (get if from xda-developers here: http://forum.xda-developers.com/showthread.php?t=725692)
or this one (wifi only): http://www.9bitlabs.com/default.aspx
I would create a "Record Mode", and a "Playback Mode" for my app.
While in Record Mode, I would write out a file each time an http request was made. The file would be named by the endpoint the request is made. The contents of the file would a collection of serialized http requests/responses broken up by line. You could then deserialize lines from this file until you find the proper request, and play back the deserialized response.
This approach would also allow you to create Record/Playback profiles, where you could record multiple different sessions (by placing the files into a different directory) and then playback from whichever profile you choose.
This whole approach could be done with a small wrapper class around the HttpClient object you are using.
One way would be to use an HTTP proxy. Redirect all web traffic to the proxy, which can be running locally on the phone. This could be done with little or no source code change.
find a way using fiddler on pc,and android app take fiddler as proxy.So the http traffic is record.
http://blog.csdn.net/grhunter/article/details/5830199
Simples solution lies in faking it when there is no connection. If there is a error in connection, make sure ur app throws some preset data rather than an error in connection thing.
I am looking for reading resources or sample applications that can help me hammer out the following application workflow:
The client application establishes a connection to our server
The client application scans for updates on a regular interval
If an administrator has posted a new message, the new message is displayed in a widget.
I currently have 2 concerns:
I want to ensure that the monitoring service is not a major battery drain.
What is the most secure and simple method to establish the connection to retrieve data?
....There are a lot of suggestions out there... I need to know what method I should be researching over all others. Currently, all options are on the table because I have yet configure our server.
There are a lot of questions here, I'll try to give a succinct answer.
For the infrastructure I would go with HTTP REST calls to retrieve JSON data reprsenting your messages. Here is a decent link about writing an HTTP REST client for android, there are many others online.
For security, I would definitely start with SSL, but if you need to authenticate the requests I would also look at OAuth to secure you remote API.
As far as A, Have you considered using C2DM (aka "push") to trigger the updates? Then there's no client bandwidth beyond what is being used anyways for the Market/GMail/Talk connection. If you need to support Android versions below 2.2 it's not really an option at the moment, though.
Otherwise there's a few good examples of being a good citizen when polling from a widget; Jeff Sharkey's android-sky is probably the oldest, best, and most authoritative.
For B, unless I'm misunderstanding your need it's pretty hard to beat HTTPS; rolling your own "secure" transport over vanilla HTTP or anything lower-level is just asking for a disaster.