[Q] Debugging Applications' Network Traffic? - Android Software/Hacking General [Developers Only]

Sorry if this has been answered earlier.
Recently I have been paying great deal of attention to reversing and debugging applications on the Android platform.
Coming to the point I'm interested in reversing the android apks but don't want to get lost in the creepy smali instructions. For a start I want to begin with some big social apps (you know what I'm talking about) and get a starting point, to begin look into its code, based on any interesting strings in the network traffic.
What I realized so far is that if set a network proxy (I'm using the Windows Emulator) in the Settings>Wirelesss & Networks>Mobile Networks>Access Point Names>your-apn-name>Proxy & Settings>Wirelesss & Networks>Mobile Networks>Access Point Names>your-apn-name>Port, only the traffic generated by the browser (both HTTP/HTTPs) is redirected though my proxy (Fiddler, in my case, 10.0.2.2:8888).
However when I try to debug traffic generated by any other app (say Yahoo Mail), the app doesn't respect the proxy settings and it seems to be a transparent network.
I'm using Android SDK Rev. 11 with SDK Platform ver. 2.2 API 8, rev. 2 on Windows 7 x64. One solution I can guess for is to do a iptables based redirect to my dev machine IP. But where do I get the ARM binary of iptables?
In short all I mean to do is vulnerability research. When I say I want to sniff network traffic on my own emulator, on own machine I'm basically sniffing data that belongs to me, in full, and the intention is purely for research purpose.
Please share your thoughts.

Just install Shark for Root to capture all your network traffic and view it with Wireshark on your PC.

Related

Direct Wi Fi Connection between Android and PC?

Hi guys! After searching for months on google I decided to ask it to pro developer of this awesome forum. Is it possible to have a Direct Wi Fi Connection between my Android device (Lg L5 e610) and my PC (Win7, Ubuntu 13.04, Mac OSx Snow Leopard)? Is there any tool or program to do it? Or at least a developement project (I like to be a tester)? I found some solutions for my question but they need to a router to work :crying: and i haven't it
Sorry for my very bad english and applauses to this awesome community!
ZiO312 said:
Hi guys! After searching for months on google I decided to ask it to pro developer of this awesome forum. Is it possible to have a Direct Wi Fi Connection between my Android device (Lg L5 e610) and my PC (Win7, Ubuntu 13.04, Mac OSx Snow Leopard)? Is there any tool or program to do it? Or at least a developement project (I like to be a tester)? I found some solutions for my question but they need to a router to work :crying: and i haven't it
Sorry for my very bad english and applauses to this awesome community!
Click to expand...
Click to collapse
Not exactly what you are looking for but could work
http://virtualrouter.codeplex.com/
I search for something that could use the direct wi fi technology between PC and android without router or internet
+1
Yes there be plenty of ways. If you want commanding access thru the command line and you're running root, then try wireless Android debugging bridge (usually found under developer settings I think) or download an ssh server app from the market place (some don't require root and you can find a good list of apps to test herehttp://android.stackexchange.com/questions/9905/is-there-some-ssh-server-for-android from Android stack exchange) further more if you are running root and you want the screen and all the GUI there are apps that let you do this too such as Droid vnc serverhttp://www.google.com/url?q=https:/...dycANA&usg=AFQjCNGQZqmOFJI8BJfOYyjJ9Gi1sjm_Rg
One weird word of warning about some of these; if you're on a nice network service provider, then some of the above apps work over 3G or 4G too. sooooo set a good password and don't forget to turn it off when you're done with it
So that's something for android what about the other end of the connection? The client side of things
On my laptop I've access to Vista and Ubuntu 12.04
For Vista I use Putty to connect via ssh and it works fine over wifi. I have yet to figure the GUI side for Windows but I've been working on it.
For Ubuntu I use remia to view the GUI of linux running on Android, works fine but have yet to test droid VNC server for the android GUI. And sshing in through command line wasn't a problem over wifi.
For more info on the android linux to pc connection see section 7 in the bellow links to the guide I maintain for such things.
Edit- I see that the formatting using mobile XDA app still leaves me wanting better functions, I'll see about fixing it when on a PC. In the meantime try this app
[APP][2.1+] SSH Server - SFTP, SCP, multiple users, per user public key auth, no root
http://forum.xda-developers.com/showthread.php?t=1896428
Looks like it'll have some good options on connections and such
Sent from either my SPH-D700 or myTouch3Gs
Debian Kit/QEMU Linux Install guide for all android devices that I'm writing:
http://forum.xda-developers.com/showthread.php?t=2240397
Now have working Installers for ARM Java 7 JDK + Maptools + jMonkey
+1 Nice But How To make Direct Wi Fi Connection between android and other android
alaa1988 said:
+1 Nice But How To make Direct Wi Fi Connection between android and other android
Click to expand...
Click to collapse
Well I've been able to run server and client services on either side of the following setup;
1 turn wifi tethering on one device (I'll call this device Wabafet)
2 connect to Wabafet with another device (I'll call this device Q)
3 run what's my IP searches for Q and for Wabafet
4 start server service on Q and client services on Wabafet
5 connect to server on Q with Wabafet and enjoy
Note; this set up keeps Q from being seen over the rest of the net, and some kind of port forwarding is needed to make it viable outside of the local wifi network
Note 2; if you connect a third device to Wabafet as a client you can still access the server on Q
Note 3; if you run a server on Wabafet and on Q then both can also run client services too and connect to one another
Note 4; if you've got a wireless router then you can skip the part about wifi tethering and instead connect Wabafet and Q to the router instead, however, this may require port forwarding to be set up on your specific router.
As far as wifi to wifi without a router or hot spot... I think setting a static IP in your wifi settings on Wabafet and on Q and then turning on but not connecting to a router should allow the devices to scan and connect to one another... But this will require some kind of client server set up again and will require that the apps being used don't require an active network to start. Droid vnc is a good example of this and has been reported to work over bluetooth too and even when the device is in airplane mode when the app starts.
You can find more info on this here: [Q] is theirs any app or way to share a screen? http://forum.xda-developers.com/showthread.php?t=2422782
Update 08312013 11am- found this short and sweet guide for connecting to your device from a linux pc
http://shujinkou.blogspot.com/2009/04/how-to-vnc-from-android-phone-to-linux.html
likely you can use the same apps and set up on the device side of the guide and then modify the pc side of the guide to suit your needs, such as mac, vista and such. For windows I would suggest putty; its very friendly and there are many good guides for how to use putty as a client on the web, but let me know if you need help with that too oh and hit the thanks or something if this is at all helpful or let me know how better to help.
Sent from either my SPH-D700 or myTouch3Gs
Debian Kit/QEMU Linux Install guide for all android devices that I'm writing:
http://forum.xda-developers.com/showthread.php?t=2240397
Now have working Installers for ARM Java 7 JDK + Maptools + jMonkey
WiFI Direct is supported out of the box for Win8 as well as JellyBean. However, they way they are supported, even thought you can "pair/connect" over WiFi Direct, you need an application to take advance of this "pipe". As far as I'm aware there are currently no apps that can directly connect a Win8 device and an Android device over WiFi Direct to share a file.
Coincidentally, I'm working on an app that at least can do so with Android. Based on the OP's post, he seems to be describing AirDrop. I think what I'm doing is "better", but users will tell =) I am putting it out on limited Private Beta soon, so if you're curious to what all the buzz/fuss is about, go to www.get-drop.com.
S0AndS0 said:
Well I've been able to run server and client services on either side of the following setup;
1 turn wifi tethering on one device (I'll call this device Wabafet)
2 connect to Wabafet with another device (I'll call this device Q)
3 run what's my IP searches for Q and for Wabafet
4 start server service on Q and client services on Wabafet
5 connect to server on Q with Wabafet and enjoy
Note; this set up keeps Q from being seen over the rest of the net, and some kind of port forwarding is needed to make it viable outside of the local wifi network
Note 2; if you connect a third device to Wabafet as a client you can still access the server on Q
Note 3; if you run a server on Wabafet and on Q then both can also run client services too and connect to one another
Note 4; if you've got a wireless router then you can skip the part about wifi tethering and instead connect Wabafet and Q to the router instead, however, this may require port forwarding to be set up on your specific router.
As far as wifi to wifi without a router or hot spot... I think setting a static IP in your wifi settings on Wabafet and on Q and then turning on but not connecting to a router should allow the devices to scan and connect to one another... But this will require some kind of client server set up again and will require that the apps being used don't require an active network to start. Droid vnc is a good example of this and has been reported to work over bluetooth too and even when the device is in airplane mode when the app starts.
You can find more info on this here: [Q] is theirs any app or way to share a screen? http://forum.xda-developers.com/showthread.php?t=2422782
Update 08312013 11am- found this short and sweet guide for connecting to your device from a linux pc
http://shujinkou.blogspot.com/2009/04/how-to-vnc-from-android-phone-to-linux.html
likely you can use the same apps and set up on the device side of the guide and then modify the pc side of the guide to suit your needs, such as mac, vista and such. For windows I would suggest putty; its very friendly and there are many good guides for how to use putty as a client on the web, but let me know if you need help with that too oh and hit the thanks or something if this is at all helpful or let me know how better to help.
Sent from either my SPH-D700 or myTouch3Gs
Debian Kit/QEMU Linux Install guide for all android devices that I'm writing:
http://forum.xda-developers.com/showthread.php?t=2240397
Now have working Installers for ARM Java 7 JDK + Maptools + jMonkey
Click to expand...
Click to collapse
try to put a wifi dongle in your pc and use an program like... ah i forgot the name! but it is use to let the dongle release a signal like router
U can also use airdroid.
Sent from my Galaxy Nexus using Tapatalk 4.

Hamachi alternative for WinRT

Is there any alternative to Hamachi for WinRT (with the WinRT device being the client)..
Because RT doesn't run x86 apps, I need to VPN into a machine that sits behind a firewall with no port forwarding for RDP (remote desktop).
Therefore I want to run some VPN server on the machine so that the Surface RT can connect to the local LAN over the internet for an RDP session.
RT has the standard Windows VPN capabilities built in, I think (haven't actually tried). Third-party VPNs aren't supported without jailbreak, and won't be until Microsoft officially makes it available; WinRT apps simply do not have the permissions to create a network interface or re-route traffic (remember the days when Android VPN apps needed to be run as root? That's basically where RT still is).
Out of curiosity, if you can't forward the RDP port, why do you expect you'd be able to hit a VPN server behind the firewall? If it's just a matter of them specifically blocking port 3389, you can change the port that Terminal Services (RDP server) listens on in the registry.
You could try teamviewer, they can route the traffic through their servers so you don't need to forward a port to your pc in a firewall
hberntsen said:
You could try teamviewer, they can route the traffic through their servers so you don't need to forward a port to your pc in a firewall
Click to expand...
Click to collapse
I am planning to try that but was hoping there was also a service like Hamachi available ...
GoodDayToDie said:
RT has the standard Windows VPN capabilities built in, I think (haven't actually tried). Third-party VPNs aren't supported without jailbreak, and won't be until Microsoft officially makes it available; WinRT apps simply do not have the permissions to create a network interface or re-route traffic (remember the days when Android VPN apps needed to be run as root? That's basically where RT still is).
Click to expand...
Click to collapse
GoodDayToDie said:
Out of curiosity, if you can't forward the RDP port, why do you expect you'd be able to hit a VPN server behind the firewall? If it's just a matter of them specifically blocking port 3389, you can change the port that Terminal Services (RDP server) listens on in the registry.
Click to expand...
Click to collapse
Look up Hamachi and reread my OP
Fair point. You're not actually VPNing *into* your machine, but into a Hamachi-operated central management server. That has... interesting... security implications, but I suppose it does provide convenience (it would also be an immediate termination offense anywhere I've worked that had a firewall configuration like you describe, but that's your problem, not mine). Why can't you set up port forwarding in the firewall? Also, you did expressly state "Therefore I want to run some VPN server on the machine" where "the machine" presumably means the one behind the firewall...
The only time I've tried using Hamachi before was for "LAN" gaming over the 'net, which I decided not to do after looking at how it worked. That was long enough ago I'd forgotten the details of how it worked.
My first post still stands. There are at least two things Hamachi (or similar) would need to do that are impossible for a WinRT app (or for any software on RT without a jailbreak, really): create a network interface (we haven't even managed that *with* jailbreak, because except in the case of the semi-official driver from Pluggable we don't have any NDIS6 driver we can compile for ARM) and control a network interface from an app (there are possibly some rather hacky ways this could be done, but nothing we have right now).
Good Thank you:fingers-crossed:
Maybe someone will port Zerotier? It's too complicated for me, please help me make my life little easier

app development for LAN and internet

I am new to today's device apps. However have taken a big project which I am not sure is deliverable!! I want to develop two cross-platform application (desktop-windows/mac/android, mobile-windows,iOS/iPAD/IPOD etc), lets call them site-access and remote-access.
LAN(Option1, site-access) Front end: HTML/CSS/JavaScript Database:H2 Database access language:GO programming language webserver/web application server: Go programming language server running on a pc in company (company server). I am hoping that I could use JavaScript to trigger some functions/libraries in GO to query H2 database? Will it really work like that?
LAN(Option2) Front end:HTML/CSS/JavaScript Database:H2 webserver/application server:Apoche Tomcat database access language: Java servlet/Node.js
In this case, I am hoping that I would use javascript to communicate with node.js running in back end that will then communicate with Apoche Tomcat over servlet. Will it work?
remote-access (hosted on google app engine) Front-end:HTML5/CSS3/JavaScript Employee seamlessly easily use remote-access icon on devices to connect to company server- backend running under architecture 1/2 above- and access files off company server? I am hoping that I could use some additional database access conditions for remote-access app using GO programming language to design simple login features? I am sorry about my naivety in web-development. But your input will surely put me in the right direction. Thank you

[Completed] [app]List of hacking app for android

*** ROOTED PHONE *** is required.
Faceniff
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It's kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).
dSploit
dSploit is a penetration testing suite developed for the Android operating system.dSploit supports all Android devices running on Android 2.3 Gingerbread or higher.dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
Network Spoofer
Network Spoofer lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.
Please note that there is no intention for Network Spoofer to include any malicious features.
Shark for Root
Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too).
To open dump use WireShark or similar software, for preview dump on phone use Shark Reader.
Based on tcpdump. Please leave comments/send e-mail if you have any problems/suggestions.
DroidSheep
DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
Penetrate Pro
Penetrate Pro is an excellent Android app for WiFi decoding.Penetrate gives you the wireless keys of Discus, Thomson, Infinitum, BBox, Orange, DMax, SpeedTouch, DLink, BigPond, O2Wireless and Eircom routers.
WPScan
WpScan is the WordPress vulnerability scanner for Android devices. It used to scan a WordPress based website and find all the security vulnerabilities it has. WPScan also has a desktop version of the app that is much powerful than the Android app.
Nessus
The Nessus Android app, from Tenable Network Security Inc., enables you to log into your Nessus scanners and start, stop and pause vulnerability scans as well as analyze the results directly from your Android device.
WifiKill
you can disable internet connection for a device on the same network.WIFI Kill will show you the Ip addresses of those machines which are connected from your network and if you click on kill or stop this will stop their access to your network .
Network Discovery
This app has a simple and easy to use interface. It views all the networks and devices connected to your Wi-Fi network. The application identifies the OS and manufacturer of the device.
Dont forgot to give thumbs up!!:good:
Sir
Here isn't the right place for this type of thread. Please see our sticky threads where is something writted:
Please share your search here: xda-developers -> Android Development and Hacking -> Miscellaneous Android Development
Thread closed, thank you.

How to Watch HTTPS Traffic from Android: Emulator vs phone? Charles vs mitmproxy?

What is the best way to watch HTTPS traffic from apps now? I will collect what I have found so far, but hoping someone more knowledgeable will add some points. Feel free to correct or point out other ways of accomplishing this. It feels like regardless of the options, the root of the problems are how to get around certificate pinning.
Emulator vs Phone
This is the first question and probably the most dependent on what you want to achieve. Working on a real device gives more space between your device and the proxy which makes things easier. The extra space is costly in other ways. For example, I would prefer to have a single instance running on the computer to collect information, but using a phone is easier but has the physical requirement of a device connected to the network.
Phone
Physical separation allows for clearer testing. Fully functional device means your input and output work as expected.
Emulator - Waydroid
Emulator running on the same computer causes more complicated networking to ensure you don't block your own traffic. Troubleshooting is trickier as it's more difficult to easily access parts of the emulator that a phone is easy to access. For example, I spent much more time than I would have expected to move a VPN configuration file from my computer to the virtual machine emulator than I would have ever expected. Adding the same configuration to the phone was a simple QR code scan.
Emulator running in a virtual machine allows for a future use case of running the whole thing in the cloud without a physical device.
Proxies
As far as I know, the only way to capture the HTTPS traffic is to use a proxy. This is in the form of an application running on a separate (virtual or physical as mentioned above) device. The hardest part here is the Certificate Authority which signs the HTTPS traffic when it leaves the app. More sophisticated apps, to prevent fraud, do a variety of actions to prevent the user or 3rd parties from capturing the data in each HTTPS request.
mitmproxy
open source, link
I tried this first as it comes with Python library which would make capturing data for later analysis much easier. Mitmproxy has a few different modes, and ultimately I found that `mitmproxy --mode wireguard` which runs via VPN captured a good amount of traffic, but still had target SDK traffic unable to be opened. Mitmproxy has a built in tool to help installing the certificate in Android as a user certificate. This will capture some HTTPs traffic, but for some apps and many SDKs this does not capture their traffic. Traffic can be captured in several ways: CLI tool for analysis of live traffic in memory, CLI dump to file and in memory live in browser of choice.
Charles Proxy
free for 30 days, shareware, link
I first used Charles nearly 10 years ago, and it doesn't feel like it's changed much, but is actively maintained. When I first started using Charles it was a breeze to use, CA was less of a problem. But as Android changed it also now has the problems of CA needing to be installed, and helps the user by providing it's own signed certificate which can be installed as a user certificate. Charles is a standalone program that you run and as such it does have a fair amount of issues on my linux environment related to it's display sizes. .
Burp Suite - Community Edition
paid/free, link
Community edition that is free to use. Runs in browser and comes with it's own CA tool.
Android Certificate Authority
These are the certificates used to sign HTTPS traffic to keep it secure. In Android there are three levels: User, System (root) and App Pinned Certificates. In Android settings you can add a CA which will be considered "user". Apps can choose whether to ignore this certificate. System CAs can only be set by a root user. While a user can install user CA's, apps do not have to use these. CAs can be set by users as root certificates. I believe this must be set regardless of device or VM. The majority of the certificates provided by the proxies don't seem to open a lot of HTTPS traffic. This is likely because Android N (API level 24) certificate pinning was introduced in 2016 and at this point most SDKs and Apps use this for transferring traffic.
JustTrustMe
open source, link
This is installed on a device or emulator. An Xposed addon that can be installed to force apps to use root authorities and prevent them from pinning their own CA.
apk-mitm
open source, link
This can be installed in a separate linux environment and is used to modify an app's apk before being installed into a VM emultator or phone. It attempts to get around the app's certificate pinning by patching the APK to disable certificate pinning.
This is just my notes on what I'm looking into. I figured I'd post here to see if anyone has some advice or pointers. Please feel free to correct / add to this! Meanwhile I'll also keep my notes here if it helps anyone.
To anyone later who is interested in this topic, I was able to finally get a working solution using Magisk + LSPosed and two certificate modules which unpinned certificates and set my user certificate to system. I wrote my detailed steps here if anyone needs the help.

Categories

Resources