I just discovered this program and the only thing I can say is "HOLY ****!" I'm amazed at this and freaking out a little right now, lol.
Anyone know how secure this is??
Phateless said:
Anyone know how secure this is??
Click to expand...
Click to collapse
Not very. In fact, just from guessing your WebKey username from your XDA username, I'm on your phone right now.
On a side note, judging from the files in your download folder, you seem obsessed with goats and midgets. Scary.
sohr said:
Not very. In fact, just from guessing your WebKey username from your XDA username, I'm on your phone right now.
On a side note, judging from the files in your download folder, you seem obsessed with goats and midgets. Scary.
Click to expand...
Click to collapse
Hahaha, I thought about using my XDA name but decided against it for obvious reasons.
In all seriousness though, do you have any idea?
sohr said:
Not very. In fact, just from guessing your WebKey username from your XDA username, I'm on your phone right now.
On a side note, judging from the files in your download folder, you seem obsessed with goats and midgets. Scary.
Click to expand...
Click to collapse
LOL!!!
/10char
Phateless said:
I just discovered this program and the only thing I can say is "HOLY ****!" I'm amazed at this and freaking out a little right now, lol.
Anyone know how secure this is??
Click to expand...
Click to collapse
Hi! I'm one of the developer of Webkey. The webserver uses a standard digest authentication, there is no security leak that I'm aware of. The digest method uses a hash function, which glues together the current time and your password. The browser sends over only this hashed mess (and not your password), which is only good for authentication for an hour.
If you use http method then the data is sent trough an unsecured connection, and it can be sniffed by those who has physical access to your connection. Unfortunately the https method is only available if you can directly connect to your phone, if you use our server (androidwebkey.com) to proxy the request, then you have to use http. We don't read and don't save your data, we only read the first line of the http request, which contains the phone's name that you want to connect to. The phones and the browsers are connected to our server, and it has to pair them, so it has to know the nickname from the browser's request. We are working on a solution which uses DNS subdomain (like yourname.androidwebkey.com), if this can be read from an encrypted https stream, then we will implement it, this way the connection will be entirely encrypted between your phone and your browser.
Related
Is there a app that sniff packets sent by cell phones, my whole goal would be to intercept text messages or the data thats sent by cell phones. I came up with this idea when I was messing around with packet sniffer and thought about the idea but on cell phones. Is there something already out like this?
Wireshark at a "router"
While not an on-device solution, I use this setup when I want to watch the traffic between my phone and the network:
"sorry, apparently I can't post a link to this forum, it's at my site droidhacks.com, click on the wireshark tag in the sidebar and you'll find the post"
Having a full Wireshark install running on the desktop is great for poking through the data. I think some folks do the capture on the device and then just move the capture file across. Also helps sometimes to pull the SIM to make sure all the traffic goes through the laptop and not through the network. Sharing on OS X with an handset can be a bit fidgety when first starting up.
Find shark for android and sharkreader. Both of which can be found in this forum.
Sent from my Nexus One using XDA App
can this be countermanded? stoped, disabled somehow? encrypted packets? someone's safety could be at risk.
Are you looking to capture the communications of other phones, rather than your own? If so, good luck, it's encrypted traffic.
Sounds pretty stupid and no, it is not possible. I would rather want a network sniffer for android. Connect to your local coffee shop network and start sniffing.
rTiGd2 said:
Are you looking to capture the communications of other phones, rather than your own? If so, good luck, it's encrypted traffic.
Click to expand...
Click to collapse
no, i'm just curious how this can be done.
if its encrypted how can you read the packets with your program then ?
some kind of id or serial number?
tmpmailone said:
no, i'm just curious how this can be done.
if its encrypted how can you read the packets with your program then ?
some kind of id or serial number?
Click to expand...
Click to collapse
Ok, I think we need a rather large dose of reality here. You'll not manage it, simple as that, certainly not from a consumer device. I suspect you are thinking along the line of WiFi wireless, where you can monitor what other devices are sending. If you really wish to know more then google 'usrp' and you'll soon see you'll need far more hardware and software to start capturing GSM traffic.
ok so you're saying with my router i can't capture my text messages, like those sent and received with the YMesenger app ?
so its possible to sniff datalines?
tmpmailone said:
ok so you're saying with my router i can't capture my text messages, like those sent and received with the YMesenger app ?
so its possible to sniff datalines?
Click to expand...
Click to collapse
Yes, it's possibly to sniff datalines, as well as WiFi.
I think you should break out with you gf
this thread is too funny ( lol )
encryption - lol
cant sniff - lmao!!
link1
I am a network security specialist and you people are just too funny saying "cant" "impossible" "illegal" .. .. ..
morning_wood said:
link1
Click to expand...
Click to collapse
Nice info.
Packet sniffing over public wifi is well known, but I learnt something new today
Chris Paget hapens to be a personal friend of mine
I'm pretty sure intercepting phone calls would still be "illegal", regardless of the fact that you're a network security specialist.
But yes, nothing is impossible, that's pretty much a given. Give someone enough expertise and resources, anything can be hacked. Encryption is actually important, so the general, uninformed riff-raff can't access anything they want. Like my previous statement, it can still be hacked, but it's better that not being encrypted at all.
morning_wood said:
this thread is too funny ( lol )
encryption - lol
cant sniff - lmao!!
link1
I am a network security specialist and you people are just too funny saying "cant" "impossible" "illegal" .. .. ..
Click to expand...
Click to collapse
So, my ex husband is using a packet sniffer to read all of my info that I txt over my phone. He is living with me until he closes on his new house (30 days out). I have installed a VPN on my phone. What else do I need to do? He says he can see all messages that I send, both txt and messenger as well as my calls?? He is a programmer, so I know he knows what he’s doing, how can I get my privacy back? I’m afraid that he will always be spying on me and it’s very frustrating.
Sunshine08 said:
So, my ex husband is using a packet sniffer to read all of my info that I txt over my phone. He is living with me until he closes on his new house (30 days out). I have installed a VPN on my phone. What else do I need to do? He says he can see all messages that I send, both txt and messenger as well as my calls?? He is a programmer, so I know he knows what he’s doing, how can I get my privacy back? I’m afraid that he will always be spying on me and it’s very frustrating.
Click to expand...
Click to collapse
Do you use Google Messages app for text messages? If so check if it is connected to Messages for web. Also if you use Whatsapp check if it is connected to Whatsapp web. I recommend to change password for all the services, Google, Facebook and so on and reset the phone to factory defaults. I don't think this has anything to do with packet sniffing.
Hi,
I was at Panera today and could see their Wi-fi, said "connected", but was grey, not blue in status.
Would try to find the Panera page accepting their terms, but stopped halfway loading.
It looked like the stats were DHCP and that's all I could tell.
any help?
Thanks
Adam said:
any help?
Click to expand...
Click to collapse
Yes...try the chocolate brownies...they are great.
seriously...no...I haven't had a chance to try Panera's but it does the same thing on my laptop sometimes...not sure if it's the TF...
Thanks!
Never had an issue with win XP Pro on my laptop....
Addictive place to hang out at
I have actually used my transformer at panera. Once you connect, you have to open up the browser and accepts their TOS. Then you are set!
Sent from my Droid using XDA App
And sorry, meant to add that you might need your browser set to a desktop string. To fully load their TOS
Sent from my Droid using XDA App
You can also try setting a static DNS (not any other part of the IP, let it DHCP that) of 8.8.8.8
Those are google's DNS servers and this often lets you skip the web browser login aspect of many free or even PAY wifi at hotels.
shawnbuell said:
And sorry, meant to add that you might need your browser set to a desktop string. To fully load their TOS
Sent from my Droid using XDA App
Click to expand...
Click to collapse
Thanks Shawnbuell... Being a Noob, I am not sure what you mean. Little help?
shawnbuell said:
And sorry, meant to add that you might need your browser set to a desktop string. To fully load their TOS
Sent from my Droid using XDA App
Click to expand...
Click to collapse
Ahhhh... Whenever I typed about:debug into the browser nothing happened..
But, then I went to settings and found that more options were there.
It's now under advanced - set it for desktop rather than tablet so that the browser won't load the pages as mobile.
I'll try it later today!
crater said:
You can also try setting a static DNS (not any other part of the IP, let it DHCP that) of 8.8.8.8
Those are google's DNS servers and this often lets you skip the web browser login aspect of many free or even PAY wifi at hotels.
Click to expand...
Click to collapse
Thanks for the tip about 8.8.8.8. I never knew that.
SoCalTiger said:
Thanks for the tip about 8.8.8.8. I never knew that.
Click to expand...
Click to collapse
Yeah can you guys elaborate on this? I am not following this at all?!
Me too please!
interesting.
the 8.8.8.8 DNS setting made my Xperia X10 disgustingly fast from home....the only issue is that i had to assign a static IP to the phone itself...I just chose a random one that I knew was part of my home network...
do you think that will cause a problem later on?
npompei said:
Yeah can you guys elaborate on this? I am not following this at all?!
Click to expand...
Click to collapse
I tried to find some more info or settings on my TF and couldn't find how to do this. Any help?
Thanks!
for the future, when the wifi icon is grey instead of blue, your still connected, but you don't have direct access to google servers which means syncing is down.
This is normal with any internet that requires a log-in page.
For example at my school i have to log in through the browser like you do at panera, and gmail won't update because the google sync dosn't have direct access. You can do a manual check, but it won't do it on it's own.
just so you know.
Hello everyone, so I recently finally got blocked from tethering by T-Mobile after a long time of sucking it out of them by being rooted and on a custom ROM like all of us here.
The way they know you are tethering on their network is by the User Agent that is sent to them by your desktop/laptop computer browser. When they see that a regular browser is accessing their network, that's when you get the infamous T-Mobile Hotspot Screen we all hate.
I've recently discovered a Firefox Add-On called User Agent Switcher found here: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/?src=search
Download it and install it to Firefox. Then download this (right click, "Save as") http://techpatterns.com/downloads/firefox/useragentswitcher.xml
Go to Tools>User Agent>Edit User Agents (a window pops up) click on "Import.." and add the .xml file you just downloaded.
Then pick a User Agent that resembles the Sensation webkit and BAM! Free tethering for all of us.
I'm using it right now
NOTE: If you use a Googlebot User Agent, you will be able to tether and always load up full webpages instead of mobile versions. - Thanks to The Archangel and chadwick3nser for discovering this!
You can also do the same with chrome.
Been doing it for since the day they released it.
The Archangel said:
You can also do the same with chrome.
Been doing it for since the day they released it.
Click to expand...
Click to collapse
Hell yeah, go Chrome! I've never used it so I wouldn't know
FiddleGoose said:
Hell yeah, go Chrome! I've never used it so I wouldn't know
Click to expand...
Click to collapse
I actually take it one step further an either completely hide my IP on the computer or switch it so they can't try to block it.
Nice!
Is that how att detects also?
Sent from my SAMSUNG-SGH-I747 using xda premium
They detect by sniffing packets an the extra Mac address
The Archangel said:
They detect by sniffing packets an the extra Mac address
Click to expand...
Click to collapse
Damn, AT&T is on point. Bastards.
I hate T-Mobile for pulling that move as well.
FiddleGoose said:
Damn, AT&T is on point. Bastards.
I hate T-Mobile for pulling that move as well.
Click to expand...
Click to collapse
just about every major cell company does the exact same thing to detect it. Maybe different variants but still the same.
I am doing this right now as well, but all the desktop pages are in mobile. I have found the desktop button on the bottom of the youtube site but cant find it on most sites. any workaround for this?
chadwick3nser said:
I am doing this right now as well, but all the desktop pages are in mobile. I have found the desktop button on the bottom of the youtube site but cant find it on most sites. any workaround for this?
Click to expand...
Click to collapse
Use a Google spider UA. Everything will be as normal
The Archangel said:
Use a Google spider UA. Everything will be as normal
Click to expand...
Click to collapse
do i create a custom UA and edit the string to a spider or how would be the best way? or what would be the best one to use?about going about this? sorry, have no experience with user agents
---------- Post added at 05:54 PM ---------- Previous post was at 05:43 PM ----------
nevermind, i used googlebot 2.1 new version and its working great, thanks for this!!!
Glad you got it working.
Hey op. Heres a suggestion, put in the your first post. Use a Google bot user agent. Using that will load all the web mail pages normally.
The Archangel said:
Glad you got it working.
Hey op. Heres a suggestion, put in the your first post. Use a Google bot user agent. Using that will load all the web mail pages normally.
Click to expand...
Click to collapse
You got it!
The Archangel said:
I actually take it one step further an either completely hide my IP on the computer or switch it so they can't try to block it.
Click to expand...
Click to collapse
What are you using to block the IP address? I was thinking just changing the IP to not be the standard DHCP that the phone would give you still shows it coming from another MAC address on the same connection and would be obvious to the write sniffing rules?
I realize this isn't a requirement I've been using the UA for a while from canary but I easily see them stopping this workaround w/ better sniffing rules.
SurfCityCom said:
What are you using to block the IP address? I was thinking just changing the IP to not be the standard DHCP that the phone would give you still shows it coming from another MAC address on the same connection and would be obvious to the write sniffing rules?
I realize this isn't a requirement I've been using the UA for a while from canary but I easily see them stopping this workaround w/ better sniffing rules.
Click to expand...
Click to collapse
i use platnium hide ip. it switches to another ip when im on windows an sometimes ill use smac to change that also. havent found any programs for linux yet (havent really looked)
The Archangel said:
Use a Google spider UA. Everything will be as normal
Click to expand...
Click to collapse
This is a very bad advice as pretending to be a googlebot may get you either blocked or banned from many websites (especially if they use ZBBlock) as this behavior is rated as a spammer/bot activity.
tobitege said:
This is a very bad advice as pretending to be a googlebot may get you either blocked or banned from many websites (especially if they use ZBBlock) as this behavior is rated as a spammer/bot activity.
Click to expand...
Click to collapse
I've been doing it for a while, never got a ban on my end
Okay I've been tethering fine for a while on FF, but T-Mobile finally blocked me yesterday... I figured out that it was the second I started to watch a YouTube video. Guessing they're able to see activity on my cell account at the same time as my login is accessing YouTube and put 2&2 together...? (That may be obvious to some...)
Anyway... I may try the user agent spoofing but this is really aggravating since I'm traveling right now and the internets in my hotel are $10/day.
Sent from my Galaxy S 4G
Anyone figure out how to use netflix while spoofing in Firefox? I've been settling for Amazon Prime instant video, but I'd love to have Netflix back. With the UA spoof, Netflix won't play movies. At least I haven't figured out how.
This method no longer works for me
It may be that I am not entering the right keywords, but I can't find the answer on the forums here. It's not a big deal, but I'm curious. When I connect via VPN on 2.3.6 through L2TP ipsec, I get a warning in Gmail saying that someone from a different IP was trying to sign into my account and google prevented it. (Because suddenly a different ip address from hundreds of miles away is attempting to sign in). I don't care that it's not letting it sign in (this isn't my daily driver, I just use it as a media player basically), but the choices I get are to click " No it's not me, change password" or " yes it's me" ( which I don't really want to say either). So is there some simple solution that I am totally missing? Or do I just ignore this everytime I connect to vpn?
Thanks
The simple solution is, if it's you, tell it that it's you. Why wouldn't you want to say it's you if it is?
Theraze said:
The simple solution is, if it's you, tell it that it's you. Why wouldn't you want to say it's you if it is?
Click to expand...
Click to collapse
Point taken. I suppose my first impression is that since Google services pretty much thrives on its users data, I don't necessarily want to admit that I'm encrypting it. I mean it's obviously legal, but I somehow feel that there will be a red check mark next to my account now. Or.... Maybe I should just take off the tin foil hat.
I put this out there to see if I'd get a response from anyone else who came across the same thing in the past.
Sent from my SGH-T889 using xda app-developers app
Well, if you want it to work, tell it that it's okay to work. If you don't want it to work, then you can keep telling it not to work. But if you tell it not to work and it does... that's a bug or security flaw.
Hi All,
Would you like to know what app is using network in your phone? Would you like to know what address is the application connecting?
My friend wrote a tool named Network Monitor. The link is https://play.google.com/store/apps/details?id=com.jmm.networkmonitor Would you like to try?
The tool could help you below:
1. Monitor current data activity and uplink/downlink throughput.
2. Monitor external IP address.
3. List all package which using internet currently.
4. List all socket link including destination IP address and source IP address of per package.
5. Query where is the destination address of the link connection and show it in map.
It is a fun tool if you want to know what application using your internet connection background.
My friend welcome any comments and he could add function if it would helpful.
Thanks.
Would this be helpful in analyzing what kind of intranet traffic is causing high wlan_rx_wakelocks?
Useful tool.
Works good on my N7100.
Thank you.
much needed as many are taking up lots of data without knowingly.
thanks
Nice app. Keep up the good work :good:
I almost installed this as it looks to be very helpful, but.....then I reread the thread and the fact that you say "My friend" made this app and not you makes me very nervous....why isn't your friend posting this up?
The way I see it if this app was found to be stealing data or compromising networks who would we have to turn to? You? All you are going to say is "my friend did it not me".
No insult intended but have him\her post this themselves would be my request.
I mean dude....you have less than 20 posts. Not like you have been on here for years....or even a year.
As an IT professional with 46 companies relying on my judgement....I simply can't risk their security
The tool will let you know which application is using your network, even for intranet.
tylerdurden83 said:
Would this be helpful in analyzing what kind of intranet traffic is causing high wlan_rx_wakelocks?
Click to expand...
Click to collapse
I think your concern was reasonable.
I am the author and using my friend's account. Let me explain what was going on. I wrote the tool part time and shown to my friend. My friend said you should publish in google play. But as you know, it is hard to let more person know there is software named "network monitor". My friend said he has a xda account and could help me to post. I will apply a account or just use this account.
One thing I could guarantee, there isn't back door in the application. Thanks for everybody's reply, it encourages me to add more functions.
One function I am considering to add is WIFI control/diag function.
Thanks
nerdslogic said:
I almost installed this as it looks to be very helpful, but.....then I reread the thread and the fact that you say "My friend" made this app and not you makes me very nervous....why isn't your friend posting this up?
The way I see it if this app was found to be stealing data or compromising networks who would we have to turn to? You? All you are going to say is "my friend did it not me".
No insult intended but have him\her post this themselves would be my request.
I mean dude....you have less than 20 posts. Not like you have been on here for years....or even a year.
As an IT professional with 46 companies relying on my judgement....I simply can't risk their security
Click to expand...
Click to collapse
he_arslan said:
The tool will let you know which application is using your network, even for intranet.
Click to expand...
Click to collapse
So it won't I guess, I need to know analyze the broadcast packets originating from somewhere else on the intranet and waking up my device from deep sleep (wlan_rx_wakelocks).
You are correct. Currently the tool doesn't support packet analyze. It needs root right to capture the packet from network.
tylerdurden83 said:
So it won't I guess, I need to know analyze the broadcast packets originating from somewhere else on the intranet and waking up my device from deep sleep (wlan_rx_wakelocks).
Click to expand...
Click to collapse
One way to alleviate fears is to open source your code.
Sent from my Nexus 4 using Tapatalk
:good::good::good:
ph37rd said:
One way to alleviate fears is to open source your code.
Sent from my Nexus 4 using Tapatalk
Click to expand...
Click to collapse
nice app... would be nice if it also shows wi-fi TX/RX along with the total and mobile... I take it total is the combo of wi-fi and mobile?
Yes. Total TX/RX combines Wifi information.
The reason I didn't list wifi TX/RX is most person only care about mobile data and there is limited space to show information.
Maybe need to provide a way to configure the display items.
BTW, I have upgraded the software and added floating window and process view. Please enjoy it.