Hi,
There is any way to capture HTTPS Decrypted data on a ROOTED device? I want to check what my phone is sending to app developer servers...
Thanks.
Hi,
couldn't imagine there's an easy way to do it, naturally. A passive MITM using tcpdump won't work AFAIK, but here are some other ideas (without thinking in detail):
1. active MITM
You'd need to have some kind of proxy on your phone acting as a SSL-server for the app and a SSL-client for the original server. But this only works, if the app is really lazy regarding security, which is pretty much unlikely. (I wouldn't even try it)
2. hooking into SSL
To really read end-to-end-encryption, you need to be one of these 'ends', so you could somehow try to modify the libraries responsible for en/decryption (OpenSSL?) and log the data somewhere. (much work, but promising)
3. using strace
You could try to use strace (maybe there's an Android-version out there) with the apps process, maybe there's some readable data. (I'd try this first)
BR,
deep blue
Please use the Q&A Forum for questions Thanks
Moving to Q&A
Hi,
I'm searching how to use strace if it can help... if someone know some other way, i'do like.
Hi,
I just did a test observing the browser with strace...unfortunately it doesn't help, you can also only see encrypted stuff there, if SSL is used.
Sorry,
deep blue
Related
Has anyone implemented an SSLstrip on Android, so that, if I was running Wireless Tether, I could scan packets with Shark, and get passwords and logins from secure sites that have been downgraded to http? Is it possible?
I'm looking for the same.
Currently what I do is: tethering + Shark, then analyse pcap with Wireshark on PC, of course you miss all SSL traffic.
BUT if you add a laptop, then ARP poisoning + SSLstrip...
of course need a laptop so it's not great
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums
Moving to Q&A
Bump? I can look into maybe porting it over IF ITS POSSIBLE...cuz I mean if we can port other things with the ndk this should be portable, right?
there is! program called Faceniff. It does not show full passwords neither youre able to use credentials, but you can clearly see it works gathering acount name and password.
Sent from my LG-P999 using XDA App
SSlstrip on android app
would be very interested in this appm would be worth some cash and hope xda would put it on their market
More info can now be found here:
loganmc10 said:
More info can now be found here:
Click to expand...
Click to collapse
link ???..............
I want to install sslstrip in my device but not the APK one I want to use it through terminal (don't want for debian, just for regular android system)
is it ported anywhere, I couldnt see anything about it
Hi,
I thought maybe you guys, if anyone, would know. I am looking for an app that can:
- make a log of all the other apps, including stock ones, that make attempts or actual connections to the internet, and at what time
- be able to intercept those connections
- preferably I would create a white list of apps that are allowed to connect, but others do not have permission.
Purposes include:
- saving on bandwidth in poorer countries where internet is expensive.
- making sure apps or malware doesn't try to send off my data when it shouldn't be.
- prevent annoying background sync/apps from running when I don't want them
I find it strange that we either give all the permissions the app wants, or it doesn't work. Why can't we restrict their internet access?
Does this sound feasible? Does it already exist?
I'm rooted and using an Asus Transformer.
Thanks for any help
Try DroidWall. (root required)
It can block apps from connecting to the internet on an per-app based system.
But i don't think it has any kind of log or similar (haven't used it for a while, so might have been upgraded)
it looks like that does exactly what I needed, although I have to re-root my device for it to work again. Anyway, thanks for the tip
droidwall
droid wall definitely and yes it requires root.
(first off sorry for my bad grammar)
Please read the whole post before answering!!
Do to recent events, and after many hours of searching without any useful result, I decided to try making a simple app which instantly deletes/wipes all the data (without any prompt or warning) on your phone (e.g. if your phone gets stolen or you get mugged and you had much sensitive data on it.), formats everything or even messes up the whole device (so the thief can't use it anymore).
But my question is, is something like this even possible?
1. Is it possible to initiate formatiing/wiping with the Android SDK or something else?
2. Is it possible to make an app which can't simply be deleted or still remains after flashing the device?
3.Is it possible to remotely "push" the app on your phone and execute it? (I'm thinking about installing it via the Google Play website and setting the trigger (?) for starting the app on every possible event to instantly delete everything??
4. I guess this needs at least Superuser-rights..?
5. Maybe "we" could start with just automatic and instant ext.-SD card fortmatting?
Another idea is to have two apps:
one which is installed and allowed by the superuser-thingy to execute the wipe
and another one which you can remotely download or "push" via web and doesn't need Superuser-rights, whichs triggers the first app to start wiping so the thief can't deny the superuser promt..
I think this would really help and would've helped me a lot because there are only a few apps like this but afaik they all need a SMS to be triggered but what if the thief takes out/swaps the SIM card?
In my opinion android would seriously need an app like this.
If ur device mfg is samsung Plz read about samsungdive ...i can remote lock .remote wipe .remote location of ur device ...... Search in google or xda samsungdive.com
Check ur setting >location and security .. Hare u find remote control
Sent from my GT-S6102 using Tapatalk 2
yea I know samsungdive but as far as I know it doesn't remain after flashing and I think you can't install if you have a custom rom.
A answer to one of those questions would be really cool (secret bump)
Hi Folks,
My company is importing some Android-based TV boxes from China, and we're experiencing a strange bug with some apps we are developing to run on them. I'm trying to find a specific solution that I can tell them to implement in a firmware upgrade, but I am not sure where to look, so I hope someone here can help!
Anyway here is the problem. In some apps (especially Adobe AIR-based ones), there seems to be a limit to concurrent HTTP requests to a web server. On an earlier ICS 4.0.4 firmware for these devices, this did not cause any problems. But they recently released a JB 4.1.1 firmware, and this problem occurs.
Let's say an app requests 20 items by HTTP from a web server (XML files, PNG or JPG images). What will happen is about 2/3 of these will be sent back, and the rest just remains blank, as if in a perpetual waiting status.
Looking at the web server's logs, there is no requests at all for these missing items.
And, it's totally random. If you re-launch the app, the missing items will be different ones.
So, I am guessing the app can only request so many things at the same time.
No, does anyone know of a system property that could be adjusted to solve this?
BTW I am unable to replicate this bug on any other device. The TV boxes in question are based on Rockchip 3066 SoC's
Using modern HTTP (i.e. HTTP/1.1), you should never open an excessive amount of sessions. Never more than four simultaneous. Using HTTP/1.1 keep-alive, all requests are sent using those four sessions interleaved. If opening one session per object, and doing this in parallel, you'd most certainly lose things due to resource starvation, e.g. the server gets out of worker forks.
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
eTiMaGo said:
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
Click to expand...
Click to collapse
Not blocked, but replied with a TCP reset. Run tcpdump to see what's going on.
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
eTiMaGo said:
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
Click to expand...
Click to collapse
Dump all packets between the hosts: tcpdump -i ethx -s1500 -w packets.pcap host host.nr.one and host host.nr.two
Run the app, then analyze the packets.pcap file for any anomalies (tcpdump -r packets.pcap).
Hi,
i would like to ask you, is any comfort solution(app?) to track IP adresses, where is my Android device attempting to connect?
Now Im using AFwall+, where is log, BUT that log is automaticly cleared after few IPs here. Not so good.
I was searching the web, but Im not sure, if I was searching good. Nothing found.
*and sorry for my english *
THANK YOU
---------------------------
SGS4A, Android 4.2, Root
lokomot1 said:
Hi,
i would like to ask you, is any comfort solution(app?) to track IP adresses, where is my Android device attempting to connect?
Now Im using AFwall+, where is log, BUT that log is automaticly cleared after few IPs here. Not so good.
I was searching the web, but Im not sure, if I was searching good. Nothing found.
*and sorry for my english *
THANK YOU
---------------------------
SGS4A, Android 4.2, Root
Click to expand...
Click to collapse
There you go try using the IP track application available for free over the playstore https://play.google.com/store/apps/details?id=org.movingstuff.IpTrack&hl=en see if that solves your problem.
hmm, not exactly what Im looking for. Maybe i have to define it better.
I need something what will track servers, where is device connecting. I would like to know more about what is my device doing in background.
example: some user app is connecting to server to download ads, system is connecting some server for update actual time(or not?) etc...
I need something to track it.
Hope now its more understandable.