I was wondering whether there is such software for the android that can capture http posts before sending. i.e. like the firefox addons you can get and apps like http analyzer?
This would be really useful for testing purposes.
Cheers.
Gazos
You can try some general traffic capture tools (Like tcpdump or airodump-ng). If You have rooted phone, check out Shark for Root (tcpdump on phone).
Thanks for the update but I guess what I want is real time captures (and manipulation) like its possible in Firefox using only the phone.
I currently use tcpdump to capture data but want to edit the data before its sent out.
You can try to find/write small proxy server application and run it on phone, so you will be in control.
ex87 said:
You can try to find/write small proxy server application and run it on phone, so you will be in control.
Click to expand...
Click to collapse
Or you could run paros (http://sourceforge.net/projects/paros/files/) on a machine on your network and get the android browser to use it as the proxy (which looks like a bit of a task in it's self.)
The only viable way I can think of to do this (given Android's insane lack of proxy support) is to hack a custom firmware for a Linksys WRT54g so it basically routes everything to a transparent proxy (Fiddler2, Webscarab, Paros, Burp, etc) running on a PC. Something like this:
Android =[wi-fi]=> WRT54g -[ethernet]-> PC with proxy -> internet router
It might even be possible to achieve this without hacking the WRT54g.
The only problem you might still have (not sure) is Android's handling of invalid SSL certs since the proxy would basically be doing a man in the middle attack, and the app running on the Android phone would see an invalid SSL cert.
Be warned that trying this with a Windows host PC is almost guaranteed to fail unless it's Pro/Ultimate, and in any case this is going to involve some seriously hardcore manual routing config that goes beyond anything Windows' config screens were really intended to set up.
You can try to find/write small proxy server application and run it on phone, so you will be in control.
Click to expand...
Click to collapse
I'm pretty sure I saw this discussed on the android.security list, and the consensus was that the current API doesn't give any way to do this transparently, and it's questionable whether you could even implement something like WebScarab natively on Android using the NDK. I believe the general consensus was that if you want to host something like WebScarab on Android, it's going to take a custom kernel to pull it off, and some solution that lets you offload the actual proxying to a regular PC would be infinitely easier to pull off, and less cumbersome to use for actual security testing (it's enough of a pain trying to use Fiddler2 or Webscarab with a 1280x1024 display, let alone 854x480... not to mention trying to cut and paste examples into Word Documents for vulnerability assessment reports (shudder)).
^^^ OMG. I just installed AOSP ("Buufed") for the CDMA Hero, and it actually HAS the ability to set proxy for WiFi. I haven't tried it yet, and I'm not sure whether it's purely an "AOSP" feature or something I've just overlooked up to now that was in DamageControl, but it looks like at least *some* Android builds DO have it now
Related
Long time reviewer, first time poster - can't post in the dev forums until I have 10 postings (sigh).
Question for the devs or others in the know - in the ICS (granted very early) builds, I can't get IPtables to work, but an earlier list of changes seems to indicate that this should be working.
Manifests itself with errors starting the firewall in Droidwall. So, am I doing something wrong or is IPtables not available in the current ICS builds (I'm using the 0120 nightly)?
Other than that and the lack of Flash, my experience with the NC ICS builds has been nothing short of amazing.
Many thanks for the answer and for the ICS builds.
I just noticed this last night when Sshtunnel wouldn't work on my nook, but is fine on a Touchpad. I'd rather not compile my own kernel if enough people would find iptables useful.
Apparently not many CM9 users are concerned about IPtables and restricting access to the internet by apps. Hopefully one of the devs will pick this up for a future build. I worry about the info that my apps are sending out to the extent that I might go back to CM7 on my NC...
It ain't that I am unconcerned, it is just that I don't know the answer. I actually consider a working firewall to be of the utmost importance. I am pretty sure we are not alone. I did have trouble with it too, it said that the kernel came loaded with an updated version of (all numbers approximate) iptables 1.4.1.11 instead of the 1.4.1.10 that the droidwall was looking for. I honestly don't know what the issue is, but I am trying to be kinda ok about it, simply because I bet you dollars to donuts that firewalls work on cm9 sooner or later.
Lots of stuff work on cm9, I just don't feel like I can get my panties in a bunch because my pet issue isn't ready yet. I bet if we're patient it wont be long.
Or I just need to learn how to run the software better. If figure it out I will report back.
I guess my issue is that one of the chagelogs indicated that Netfilter was functioning in the upstream builds, but wasn't (apparently) working in the NC version. "Glad" to see it's not just me, but not so good that it seems to be lingering without a Dev comment.
user17600 said:
I guess my issue is that one of the chagelogs indicated that Netfilter was functioning in the upstream builds, but wasn't (apparently) working in the NC version. "Glad" to see it's not just me, but not so good that it seems to be lingering without a Dev comment.
Click to expand...
Click to collapse
PS - Anyone able to post this question in the Dev thread (I can't due to low posting count)?
[Note: I am not addressing firewalls; just iptables and global SOCKS5 forwarding in this post]
I very much need iptables support in the kernel and it appears to be here now. My needs are for a global proxy that all Android apps using the network will use. In theory, it ought to be as easy as loading the relevant, pre-built kernel module, and writing the correct iptables script to route all outgoing connections through your already-running ssh proxy. There are several apps that do this already.
I noticed there's a newer app for iptables maintenance "Iptables (beta)" in the Market by Moroni Granja, who also wrote the Autoproxy utilities. His utility does indicate that CM 7.2.0-RC1-encore (as of 2012-03-24) does have the required modules on it and offers to update the iptables binary for you which may (or may not) be necessary. I did update mine.
Whether it automatically re-routes all your outgoing connections through your already running SOCKS proxy I have yet to find out [edit: see my **UPDATE** below]. I have seen several apps like this in the market but none have worked on my Nook Color CM 7.1.X but I will try to see if they work on CM 7.2.X with Moroni Granja's utility. Another one that claims "global proxy support" is MAX LV's "ProxyDroid." None of them will open an SSH tunnel using SOCKS dynamic proxying and then iptables to it [edit: see my **UPDATE** below].
Dropbear on Cyanogenmod is not built with "-D" option. If it were, you could open a dynamic socks proxy using "ssh" on the device, set Proxydroid to use 127.0.0.1:58080 as your SOCKS5 proxy, set it to global mode (or set up an iptables script for this), and you have your own SSH tunnel. I don't see any app that will do this all at once anywhere in the market but I'm close to putting together a skeleton if only I had OpenSSH or Dropbear with "-D" dynamic forwarding compiled into it. That's the big obstacle here [edit: see my **UPDATE** below]..
Well, I did write that last paragraph a little hastily. There are two apps, "SSHTunnel" and "SSHTunnel (beta)" which come close to these requirements, but the author specifically notes they are intended for people behind the "Great Firewall" and I have had very little luck getting this to work. However, these apps do have interesting internals that can be used to further the effort for a true SOCKS5 tunnel using SSH to a remote host because, as you may already know, all you need is a remote Unix host to get this to work completely.
**UPDATE** I have successfully used SSHTunnel (beta) to connect to a remote host through the SSH SOCKS5 tunnel without setting any browser settings on CM 7.2.0 on my Nook Color. It is working now, though it's cumbersome to say the least. I am observing several connections on my remote SSH host that are being made from my Nook Color to places like Wikipedia and Google Play Store using http and https, among other things. I cannot confirm that all of my outgoing connections are being made through the SOCKS5 proxy but many are.
The executable being used is named /data/data/org.sshtunnel.bat/sshtunnel and it is actually OpenSSH_5.8p2. OpenSSH is very inefficient as compared to Dropbear. Indeed, the author of SSHTunnel says it will significantly reduce battery life. Replacing this with a Dropbear binary with dynamic forwarding may result in significant speed increase, battery life, and decreased memory usage.
In conclusion, I can report that global SOCKS5 proxy via SSH does work on CM 7.2.0-RC1-encore using the "IPtables (beta)" app in conjunction with SSHTunnel (beta).
Hi,
I'm new to this forum and after having a solid look around the site I have been unable to find anything that comes close to what I have in mind.
I am currently a student at Edinburgh Napier University and I am looking into the possibility of creating a local Intrusion Detection System on a Smartphone. One capable of informing a user that an intruder is currently attempting to gain access to their device and carry out malicious activities.
Has anyone managed to find anything I have not as I am under the impression that no such software exists for any type of Smartphone device. My main consideration is with Windows Phone but I would like to hear about anything that is out there that relates to this.
Any help would be amazing.
Thanks in advance :highfive:
I have no input, but this is interesting stuff. Will the hardware be robust enough to support it?
I know people have gotten Ubuntu running on various mobile devices, but it'd be interesting to see how SNORT (or similar) plays with mobile hardware.
The problem you are going to have (not unsurmountable) is that if you ignore the infosec/marketing what you have out there is primarily black box IDS devices, with capabilities to also run as an IPS.
However only the most nieve such as UK Gov & Local Gov have( certainly none of the Tier 1 Inv.Banks I have worked for) have switched IPS on for fear of backlash. It would be something if developed I would be interested in seeing, certainly if it could act as an IDS on a Ad-Hoc VPN there is commercial opportunities there....
So ask yourself - are you REALLY wanting to BOTH Detect and Prevent or merely Detect and Acknowledge. The latter a more easy task, less of a hit on functionality.
Perhaps there is an old Cybertrust source code now opensource....as a thought for you, but it would need reengineering as was a custom image.
In the meantime if what you actually want is Single IP/MAC/Hardware protection - why not root the device, install Synodroid (to control who or what has SU equivalent access) & DroidWall (firewall to limit traffic) & do an audit of the Apps you have downloaded of the rights requested. Perhaps setup a VPN to your university network or local broadband router (if you trust who manages them) so at least there is another layer to go through. However if you someone who opens zip's//tars on the device with install privileges elevated then your accepting the consequences. (Above Android related)
There is bound to be an IP traffic audit tool app - so you could use to Record a 24/26/48 hour period of the address ranges and what process linked back. But as you then start moving down the completely pain in the neck Firewall Rule analysis piece and SIEM world, don't!
Thanks finlaand
Thanks finlaand that is a lot to go on I really appreciate your thoughts.
I will be sure to keep you all up-to-date on how things are going.
Many thanks again :good:
Hi
I'm not entirely sure where to put this question so please move if appropriate.
I have a G900F running Omega v9.
I have been playing with some apps for wireless pen testing such as dsploit and zanti.
Every time I launch a mitm attack the first part of the attack seems to work, I. E traffic is being routed to the phone as a proxy for the attack vector.
However there is some kind of routing issue as no traffic makes it past the device. So client devices have no Internet connection.
Any ideas?
Obviously on a pc it's much easier to troubleshoot but not sure where to start on the phone!
hongman said:
Hi
I'm not entirely sure where to put this question so please move if appropriate.
I have a G900F running Omega v9.
I have been playing with some apps for wireless pen testing such as dsploit and zanti.
Every time I launch a mitm attack the first part of the attack seems to work, I. E traffic is being routed to the phone as a proxy for the attack vector.
However there is some kind of routing issue as no traffic makes it past the device. So client devices have no Internet connection.
Any ideas?
Obviously on a pc it's much easier to troubleshoot but not sure where to start on the phone!
Click to expand...
Click to collapse
Not sure on android specifically, but if it were Linux it sounds like IP forwarding is not enabled or the attack was not setup properly.
Does android have any built in firewalling? The attacks are very simple to set up in all of the apps I have, nothing much to set!
hongman said:
Does android have any built in firewalling? The attacks are very simple to set up in all of the apps I have, nothing much to set!
Click to expand...
Click to collapse
Honestly not sure, but I would assume if you WiFi hotspot app works then IP forwarding should be enabled.
hongman said:
Does android have any built in firewalling? The attacks are very simple to set up in all of the apps I have, nothing much to set!
Click to expand...
Click to collapse
Yes it's called iptables. And an gui is also there, called AFWall+.
I just got a Shield TV, and I love it. I'm probably going to root it tonight to tinker further.
One issue I have with it is how annoying it is to configure, side-load apps, upload files to, etc. I'd love to have a web console for it, and I'm willing to do most/all of the heavy lifting for the front-end and server-side web development perspective. I'm going to need help on other fronts, however.
I'm a full-stack web developer. Most of what I've done professionally is PHP, but I'm not married to that. I'm also pretty good at configuring apache/nginx/ha-proxy/etc. Though once upon a time, I wrote front-end applications in Java and C++, that's ancient history, and I don't really have time to re-learn those skills and the Android SDK. Also, I'm not much of a designer, so unless I'm just using a pretty stock framework like Bootstrap, I'll need someone else to provide the art.
What I'm envisioning is an app that we can have in the play store that has a very simple UI to:
- install an SSH server
- install bash
- install web server/app server
- install DDNS client
- launch server on boot
- check server for new versions of the software it installed
Stuff I want the web interface to do:
- install/uninstall apps (file submission, URLs, etc.)
- 1-click installs of common things people want (Kodi, Amazon Prime Video, etc.)
- start/stop sshd
- manage mounting/unmounting NFS/AFS/CIFS/etc. shares (is this even possible on Android?)
- restart the device
- configure most settings on the device, including some hidden stuff
- file management
So, what I can do:
- script the download/install/upgrade of stuff on already rooted box in bash
- write back-end web code in PHP, Python, or Go
- write HTML/CSS/JS for front-end
What I need help with:
- writing the Android TV app to trigger the install script
- some help understanding/bootstrapping the process (what's installed by default on Android? What's the minimum we can get away with? Do we need Python?)
- someone to design the app (honestly, this can wait until we've got a baseline functionality if we like)
Anyone interested in joining me?
I'm leaning towards Go for the web app, because the binary can (in theory) be deployed standalone, and can be its own web server, obviating the need for apache or nginx or whatever. Also, performance and memory utilization -- PHP and Python are fairly expensive to run, and this is a really minor background thing.
This would be open source on Github.
While I unfortunately don't have a machine to helpwith code, nor the time for the code, I thought I'd give you a dev/modders look on the possibility/dificulty of things. Please don't think that I am discredditing this idea, in fact, I like it. Just want to passibly help you consider dev order and dificulty oy each item as listed, and hopefully add my own as others may have interest.
- install/uninstall apps (file submission, URLs, etc.) <-- Would be pretty easy. Users should provide apks, or you'll need a site that stores a lot of them.
- 1-click installs of common things people want (Kodi, Amazon Prime Video, etc.) <-- Similar to last point. You'll have to have a mirror of updated apks, weather you or another host provides it. You'll probably need a web scraper if going to an external host.
- start/stop sshd <-- I suggest dropbear, even if it's not my cup of tea. It can be easily found in other apps and should find code in open source ones to get you started.
- manage mounting/unmounting NFS/AFS/CIFS/etc. shares (is this even possible on Android?) <-- can be done. Check Kodi or other open source apps for code, though there are usually caviats to each approach. Luckly Android has fuse in most kernels these days.
- restart the device <-- Very easy
- configure most settings on the device, including some hidden stuff <-- Gonna be a long process, but you can probably reverse engeneer the apks and parse the XML files for a shortcut.
- file management <-- Super easy. Use the ssh server, or adb connection.
Over all, I think a lot of this is possible. Luckly these machines have the beef for a web server, and several are ported last I checked, though they may be out of date. Even still, check their codebase for a massive head start as they are mostly required to keep open source by licence (Apache excluded, though some still are). I would also suggest these features as they would be somewhat easy to imprement once the base file management is started, and would broaden the scope to bring in more users, support and interest, and hopefully devs.
-Rom Manager for emulators.
Mass File Renamer based on Filebot (Both are java, so should not be TOO hard to port) as many buy this box for Kodi.
I'll think of more.
I'm not an app dev, though I do rom modding and sometimes porting, and I can offer insite to things, so if you have questions on specifics, please pm me. If I get some free time, and a dev machine, I'll let you know antd get things going in the right direction. May also want to, once this idea is flushed out, post something in a more general android TV/ App Development thread for cleanness and to get devs on board (don't post in dev till there is code to show on github though please.
Something like remix os would be nice, this x1 has a lots of power
Sent from my trltetmo using Tapatalk
This is a great idea. This device is in serious need of developer attention. Im not a dev at all but Ive gotten pretty familiar with this device and Android OS in general, especially after spending so much time digging around trying to make android things happen that apparently were not indended for Android TV. I will be more than happy to be a tester and keep up so as to offer any ideas and some of the ways Ive found to do stuff.
@kdb424 - Thanks for the info. I'm working on a prototype right now. First build is going to list a bunch of stuff from the setting status, and allow you to reboot the device. I'll post the Github repo when I have that.
Great ideas!
There is a tool sorta in development already that does a lot of this (I've mentioned it on the Shield Zone a couple of times)
https://sites.google.com/site/nvidiashieldtvutilityapp/home/
My main needs (personally) is a means to move files to and from and my current solution is a free FTP server that works even when the Shield TV is sleeping.
https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
... works very well despite having to side load, has a terrible interface, etc. Set and forget. What's great is, I can use my file-manager-on-steroids Directory Opus to manage files since it is a standard FTP connection.
@darkuni - Yeah, I saw that, but I've got no Windows PC's in the house -- 2 Macs, a Chromebook, a Linux server, phones and tablets. I'm an old-school UNIX guy, and Windows doesn't strike my fancy. Plus, it seems like the sort of thing a web app is best for. No need for a fat client.
darkuni said:
Great ideas!
My main needs (personally) is a means to move files to and from and my current solution is a free FTP server that works even when the Shield TV is sleeping.
https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
... works very well despite having to side load, has a terrible interface, etc. Set and forget. What's great is, I can use my file-manager-on-steroids Directory Opus to manage files since it is a standard FTP connection.
Click to expand...
Click to collapse
Thanks for that I'll give it a go. I use ES file manager currently but it closes the server when you exit the app. Will also try this on a couple of FireTV Sticks I have dotted around the house as Kodi boxes :good:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
No one?
Beefheart said:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
Click to expand...
Click to collapse
i have the exact same setup on all my devices, including shield tv, although ive only had to allow the openvpn app, wifi/data/vpn access for things to work, ive never had to allow androids vpn ........is their a specific reason you grant android vpn access?does it not work otherwise?
I use the other openvpn app, by the way
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Beefheart said:
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Click to expand...
Click to collapse
I just checked for you, and yes, its there, mind you, im using zulu's full rom, not sure about stock rom but as with all my devices, i havent needed to allow this for vpn to work.
Unless theres a specific reason to do so, try without on your current devices, i suspect, vpn networking may only apply if you use androids inbuilt vpn found in settings
Edit
By the way, i dont know how far you wanna take it, but afwall has tasker plugin support, which i use to apply an afwall profile, i named "secure", that denies everything when screen turns off......aswell as other things in the same vain
Edit
I do it a little differently then what youre link suggests, i only allow the bare minimum of apps, those that i actually need internet for.......if an app has internet capability, but i have no need for that side of it, its denied, i dont whitelist ALL apps for vpn as your link suggests
I also suspect that guide was written for privateinternets method of using vpn on android, so maybe vpn networking applies if using private internet, but as for my openvpn app, its not needed.......neither is "GPS"
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Beefheart said:
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Click to expand...
Click to collapse
Yep, ive said it before and ill say it again, the shields an impressive piece of kit for sure
Xprivacy.........snap
We seem to have a very similar setup........believe me, if you wanna take it further at some point in the future.......tasker.........although, fair warning, theres a learning curve
Just some of the more basic things i automate with tasker with plugins like afwalls
When screen goes off, tasker......
Turns off wifi/3g
Turns of bluetooth
Afwall secure profile
Greenify all preselected apps
turn off "unknown sources" for extra measure, as tasker turns this off after it detects an apk install anyway
Turn of "debugging", incase i turn it on one day out of need and forget to turn off
Media volume set to 4 edit:this ones a bit out of place
Aplly afwall profiles depending on what app you happen to be using
Many possibilities with tasker, VERY usefull for many things
Non security related....kinda......... could potentially be used for such if modified
I have a small bluetooth media remote which has the numbers 1 to ten, with tasker and xposed additions module, i fooled around with it, pressing 1 connects the shields bluetooth to the bedroom speakers, long pressing 1 connects to the living room speakers..........i can imagine my self doing some neat stuff with these combination of apps and future accesories
Also, i use it to turn the shields light led to dim to let me now at a glance if the shields on or asleep, without having to change the channel
food for thought for those with similar setups
Edit
By the way, you mention dns leak, i assume you used a test site to check for the leak, any chance of a link? Incase its something very new
This ones the one i use,
https://ipleak.net/
Detects webrtc leaks on the specific browser you happen to be using at the time
Edit
For those interested
More on webrtc here
https://www.privateinternetaccess.c...ome-and-mozilla-firefox-while-using-private-i
If you use firefox or chrome, you can disable manually following this guide
https://www.purevpn.com/blog/disable-webrtc-in-chrome-and-firefox-to-protect-anonymity/
I think there are addons aswell
Edit
"and not as restricted as I was lead to believe"
Yep, i had the same thoughts, just my own assumption really, that android tv was completely different, internally, to "standard" android , pleasantly surprised, no incompatibilities so far............................good to know that stock is like that too :good:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Beefheart said:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Click to expand...
Click to collapse
Im not sure i understand fully, afwall is not enabled? Or, afwall IS enabled, but your prefered profile is not "applied"?
On full android at least, afwall is enabled upon reboot i havent had any issues in that regard, (saw your other post) i dont need init.d script (usefull to have though, if/when possible)
Have you tried reverting all afwalls settings to default, to rule out that likely suspect
Another likely suspect, xprivacy, but that depends if you restrict everything like i do, including system apps , if so, have you checked xprivacies usage data for afwall and global apps?
Another suspect, could be stock firmware, but i have my doubts about that one
Assuming im understanding the issue correctly
Edit
I dont have "fix startup data leak" checked(as we dont have init.d), nor ipv6 support checked as your link described