Hi!
Is there a way that Apache + mysql + php could run on Windows Mobile?
I've searched the forums but I haven't found anything useful.
Thanks.
Not that I've seen. Care to enlighten us with a possible reason you need a webserver in a phone ?
Well... it would be useful in some scenarios
Id put 50euro in for someone to get them working. Means a lot of my Web Apps could work off like and then I just have sync page to save on roaming chargess.
maybe something like this,
but it only support SQLite3 and a subset of all php functions.
http://mobileleap.net/hph/
I remember way back being able to run apache at least.
http://www.rainer-keuchel.de/wince/apache-ce.html
There was also a version of asp http://www.modezero.net/PocketASP/
snachez said:
Not that I've seen. Care to enlighten us with a possible reason you need a webserver in a phone ?
Click to expand...
Click to collapse
Do folks really need a reason why?
I think the answer is, 'cause it would be cool!
Having the ability to test database queries
would be great for students like me.
Imagine while in the bus, or train, or waiting at the doctors and having the ability to create tables and all!
Answer...
Here is your answer..
apache II v1.0 on mobile phones http://www.google.de/search?hl=de&q=apache+on+windows+mobile&btnG=Suche&meta=&aq=f&oq=
apache php mysql would be great to have an always accessible mediawiki as described in my comments here :
http://carrypad.com/2010/02/22/airlife-100-thoughts-6-days-online-battery-and-pricing/#comments
PocketHTML;
http://www.isquaredsoftware.com/pockethtml.php
or
http://www.freewarepocketpc.net/ppc-download-hyperedit.html
For on the fly html edits.
And here an introduction to ASP.NET Mobile;
http://www.geekpedia.com/tutorial120_Introduction-to-ASP.NET-Mobile.html
Have fun,
Senax
How are you going to access the applications deployed on the web server in your phone? I dont think there is a way to get static IP for phones. This is a strange thread.
I was thinking something like bluetooth PAN, Celio Redfly or the phone itself.
But also I am thinking the wiki should be mirrored on the web so that the access to the wiki is not dependent on the 3G connexion. Seems to be doable with mysql, at least from the phone mysql db to the webserver mysql db. I guess I'd need sthg to mirror data from the webserver to the phone, maybe OpenVPN or sthg else with mysql I don't know ...
Use 2D barcodes on your webpage to obtain applications easily via
(Use your phone) http://www.i-nigma.mobi/ 2D Barcode Reader
VPN Mobile;
http://www.pocketpcfreeware.mobi/download-vpn-mobile.html
Total Commander (free for smartphones/PocketPC/handhelds) has inbuild FTP.
This is a GUI interface for WallProxy that can run on RT.
FYI WallProxy uses the Google App Engine as a free proxy server. Useful if you can't visit certain websites behind a firewall and don't have a vpn handy. The concept is that assuming your connection to appspot.com is good, we can create a webapp on appspot.com that fetches webpages you want, even though you can't visit these pages directly (like if they are banned on your network). Technically you can even deploy your proxy webapp to any site that supports php (maybe your own web server)!
Setting up the proxy server can be quite a bore, but once it's done things actually run tolerably well. WallProxy doesn't come with a GUI though, and my app here takes care of that.
If enough people want I m happy to wrote another GUI to make deploying GAE server proxies easier.
Vpn???
I am new to today's device apps. However have taken a big project which I am not sure is deliverable!! I want to develop two cross-platform application (desktop-windows/mac/android, mobile-windows,iOS/iPAD/IPOD etc), lets call them site-access and remote-access.
LAN(Option1, site-access) Front end: HTML/CSS/JavaScript Database:H2 Database access language:GO programming language webserver/web application server: Go programming language server running on a pc in company (company server). I am hoping that I could use JavaScript to trigger some functions/libraries in GO to query H2 database? Will it really work like that?
LAN(Option2) Front end:HTML/CSS/JavaScript Database:H2 webserver/application server:Apoche Tomcat database access language: Java servlet/Node.js
In this case, I am hoping that I would use javascript to communicate with node.js running in back end that will then communicate with Apoche Tomcat over servlet. Will it work?
remote-access (hosted on google app engine) Front-end:HTML5/CSS3/JavaScript Employee seamlessly easily use remote-access icon on devices to connect to company server- backend running under architecture 1/2 above- and access files off company server? I am hoping that I could use some additional database access conditions for remote-access app using GO programming language to design simple login features? I am sorry about my naivety in web-development. But your input will surely put me in the right direction. Thank you
Does anyone know of a good FTP(S) client for Android, preferably a free
one that does not infect ones phone with malware/adware?
I run a home FTPS server using a CA issued cert/TLS 1.2
Most so called Android "FTP" clients actually only support insecure FTP
(suicide in this day and age) and SFTP which is file transfer over SSH
and not actually FTPS which is true FTP just over SSL/TLS.
I have tried looking for a good FTPS client and so far have come short.
I am all about free/open source software and usually there's something
on F-DROID but for FTPS it doesn't seem so. One app (Send With FTP) does
seem to support it but it hasn't been updated since 2016 and is listed
on F-DROID as having an un-patched security vulnerability.
The rest of the FTP clients on Google Play seem to be adware apps,
there's no way I would trust an app that has external servers connecting
to it with my FTP server credentials.
I would be open to paying for an app if no other option exists but it
should be noted that I run a completely de-Google'ed phone without any
Google services/framework/Play Store. My concern is that the DRM or
whatever they use to check if you paid for the app or not might rely on
the Google spyware services which I don't have. I have micro-G to spoof
the Google services should I really need it but I'm not sure if that
would even work in this case.
What is the best way to watch HTTPS traffic from apps now? I will collect what I have found so far, but hoping someone more knowledgeable will add some points. Feel free to correct or point out other ways of accomplishing this. It feels like regardless of the options, the root of the problems are how to get around certificate pinning.
Emulator vs Phone
This is the first question and probably the most dependent on what you want to achieve. Working on a real device gives more space between your device and the proxy which makes things easier. The extra space is costly in other ways. For example, I would prefer to have a single instance running on the computer to collect information, but using a phone is easier but has the physical requirement of a device connected to the network.
Phone
Physical separation allows for clearer testing. Fully functional device means your input and output work as expected.
Emulator - Waydroid
Emulator running on the same computer causes more complicated networking to ensure you don't block your own traffic. Troubleshooting is trickier as it's more difficult to easily access parts of the emulator that a phone is easy to access. For example, I spent much more time than I would have expected to move a VPN configuration file from my computer to the virtual machine emulator than I would have ever expected. Adding the same configuration to the phone was a simple QR code scan.
Emulator running in a virtual machine allows for a future use case of running the whole thing in the cloud without a physical device.
Proxies
As far as I know, the only way to capture the HTTPS traffic is to use a proxy. This is in the form of an application running on a separate (virtual or physical as mentioned above) device. The hardest part here is the Certificate Authority which signs the HTTPS traffic when it leaves the app. More sophisticated apps, to prevent fraud, do a variety of actions to prevent the user or 3rd parties from capturing the data in each HTTPS request.
mitmproxy
open source, link
I tried this first as it comes with Python library which would make capturing data for later analysis much easier. Mitmproxy has a few different modes, and ultimately I found that `mitmproxy --mode wireguard` which runs via VPN captured a good amount of traffic, but still had target SDK traffic unable to be opened. Mitmproxy has a built in tool to help installing the certificate in Android as a user certificate. This will capture some HTTPs traffic, but for some apps and many SDKs this does not capture their traffic. Traffic can be captured in several ways: CLI tool for analysis of live traffic in memory, CLI dump to file and in memory live in browser of choice.
Charles Proxy
free for 30 days, shareware, link
I first used Charles nearly 10 years ago, and it doesn't feel like it's changed much, but is actively maintained. When I first started using Charles it was a breeze to use, CA was less of a problem. But as Android changed it also now has the problems of CA needing to be installed, and helps the user by providing it's own signed certificate which can be installed as a user certificate. Charles is a standalone program that you run and as such it does have a fair amount of issues on my linux environment related to it's display sizes. .
Burp Suite - Community Edition
paid/free, link
Community edition that is free to use. Runs in browser and comes with it's own CA tool.
Android Certificate Authority
These are the certificates used to sign HTTPS traffic to keep it secure. In Android there are three levels: User, System (root) and App Pinned Certificates. In Android settings you can add a CA which will be considered "user". Apps can choose whether to ignore this certificate. System CAs can only be set by a root user. While a user can install user CA's, apps do not have to use these. CAs can be set by users as root certificates. I believe this must be set regardless of device or VM. The majority of the certificates provided by the proxies don't seem to open a lot of HTTPS traffic. This is likely because Android N (API level 24) certificate pinning was introduced in 2016 and at this point most SDKs and Apps use this for transferring traffic.
JustTrustMe
open source, link
This is installed on a device or emulator. An Xposed addon that can be installed to force apps to use root authorities and prevent them from pinning their own CA.
apk-mitm
open source, link
This can be installed in a separate linux environment and is used to modify an app's apk before being installed into a VM emultator or phone. It attempts to get around the app's certificate pinning by patching the APK to disable certificate pinning.
This is just my notes on what I'm looking into. I figured I'd post here to see if anyone has some advice or pointers. Please feel free to correct / add to this! Meanwhile I'll also keep my notes here if it helps anyone.
To anyone later who is interested in this topic, I was able to finally get a working solution using Magisk + LSPosed and two certificate modules which unpinned certificates and set my user certificate to system. I wrote my detailed steps here if anyone needs the help.