Hi,
There is any way to capture HTTPS Decrypted data on a ROOTED device? I want to check what my phone is sending to app developer servers...
Thanks.
Hi,
couldn't imagine there's an easy way to do it, naturally. A passive MITM using tcpdump won't work AFAIK, but here are some other ideas (without thinking in detail):
1. active MITM
You'd need to have some kind of proxy on your phone acting as a SSL-server for the app and a SSL-client for the original server. But this only works, if the app is really lazy regarding security, which is pretty much unlikely. (I wouldn't even try it)
2. hooking into SSL
To really read end-to-end-encryption, you need to be one of these 'ends', so you could somehow try to modify the libraries responsible for en/decryption (OpenSSL?) and log the data somewhere. (much work, but promising)
3. using strace
You could try to use strace (maybe there's an Android-version out there) with the apps process, maybe there's some readable data. (I'd try this first)
BR,
deep blue
Please use the Q&A Forum for questions Thanks
Moving to Q&A
Hi,
I'm searching how to use strace if it can help... if someone know some other way, i'do like.
Hi,
I just did a test observing the browser with strace...unfortunately it doesn't help, you can also only see encrypted stuff there, if SSL is used.
Sorry,
deep blue
Hello,
I'm running android version 4.1.2 and I've seen that there is an option for setting up proxy in the Wifi menu
I'd like to know if theres any way of setting it up in a way of wildcards,
I've seen that there is a way, but the thing I'm seeking for is a wildcard of all but one forwarding, that is, putting it out in a way of a logical NOT, and any site that you add that way will be proxy handled instead of the regular way of bypassing none but the ones you tell it to.
P. S:
A little example of the wanted behaviour to be:
^*://*.examplesite.*/
Will bypass any site that has http/ftp/https... To it, And not matching (www).examplesite.com,org,or net...) to it.
Thanks in advance,
Ron.
Xposed app firewall.
This app is an firewall for the installed apps. Only apps with permission "android.permission.INTERNET" are
shown. IPv4 and IPv6 are supported together with TCP and UDP. You could configure outgoing and incomming
connections independent from each other.
The rules could be applied for each network: W-Lan, local network, mobile, roaming, unknown.
Logging is configurable for incomming/outgoing and allowed/denied connections.
Colors:
Blue: Template is used.
Yellow: Custom settings.
Green: The app is trusted.
Red: The app is blocked.
Features:
No iptables required, the kernel doesn't need to support it.
The firewall is active when Android starts, no startup data leak.
The rules are always active, no re-apply on connection change is needed.
Limitiation:
Host names in the log file are PTR entries.
Works only for Android (Java), not the native (Linux) part
Donation:
No self-promotion in the app.
You could trust or block an app (Menu/ActionBar)
You could use a template for not configured apps
Additional (experimental) networks: Bluetooth, WiMAX, Ethernet
Tasker support, per App
You support this app and further development!
Permissions:
ACCESS_SUPERUSER: apply iptables rules
This app does not connect itself to any websites or hosts!
Important:
This app needs the Xposed Framework. The framework requires root access for installation. Don't forget to enable the module in Xposed. You can grab it here: Xposed Installer
Website: http://tinyurl.com/l5bpv23
Play Store: http://tinyurl.com/ome2pvc
Xposed Repository: http://tinyurl.com/ksc6plz
Changelog: http://tinyurl.com/n8gsqja
Why this app? No firewall for Xposed exists yet
Translation:
You could find here a interface to translate the english strings: http://tinyurl.com/okycacj
A free account of www.oneskyapp.com is required to edit. Additional, please attach your email address or send it via PM
Insane.. I was looking for something like this about 12 hours ago.. its almost like you read my mind and made it just for me!.
I like your style. Nice and simple and keeping it in line with your others.
Sent from my GT-I9300 using Tapatalk
Downloading now.
Sent from my SCH-I535 using XDA Premium 4 mobile app
shivadow said:
Insane.. I was looking for something like this about 12 hours ago.. its almost like you read my mind and made it just for me!.
I like your style. Nice and simple and keeping it in line with your others.
Sent from my GT-I9300 using Tapatalk
Click to expand...
Click to collapse
Maybe you head me thinking loud 6 weeks after starting this app: "i will release today, if there are still error, i'll fix them later"
Am I correct in assuming this is not open source?
I got a question about incoming/outgoing connections, maybe somone else want to know:
Incoming connections are used by less than 1% of all apps. This is used if the app is a "server", like BubbleUPnP. So most time incoming conections could be blocked, i think for mobile network 100%.
An outgoing connection is like a phone call: You call someone (outgoing connection), and can talk (send "data") and hear (receive "data")
Wifi Internet and Network:
If you want to control eg your local tv-receiver, xbmc device or avm router (with FreetzMobil), only connections to the local network are required. This prevents app to send data to the internet.
The "local network" are all "private" IPv4 and IPv6, they will not be forwarded by internet routers. Additionally, if you use "public" IPs they are local if it is in the same subnet as a ip of your device. Uncommon for IPv4 usage, but public IPv6 are the common usage (public IPv6 for every device)
an0n981 said:
Am I correct in assuming this is not open source?
Click to expand...
Click to collapse
As usual i send source only to people i know
I took this mod for a quick test drive, a little feedback:
-Is it not possible to restrict kernel?
-Could it be that apps that use native libraries to connect to the internet cannot be restricted? Firefox and Mega (both use native libraries) were able to connect even when completely restricted.
Also a little cosmetic issue com.android.process.gapps showed completely green at all times. However restrictions were applied properly
an0n981 said:
I took this mod for a quick test drive, a little feedback:
-Is it not possible to restrict kernel?
-Could it be that apps that use native libraries to connect to the internet cannot be restricted? Firefox and Mega (both use native libraries) were able to connect even when completely restricted.
Also a little cosmetic issue com.android.process.gapps showed completely green at all times. However restrictions were applied properly
Click to expand...
Click to collapse
Yes, see OP: "Limitiation: ... no native binaries." This is because the design of Xposed
Isn't it "com.google.process.gapps"? Onyl this one app has the wrong colors? Has it a green dot for "trusted app"? What did you configured for it?
Yes I meant com.google....
I set it from template to custom, blocked everything, however in the app overview it still showed as all green. When it was restricted GCM was blocked and the log showed blocked connections to mtalk.google.com:5228. Then I unrestricted outgoing mobile and wifi and GCM was available and the log correctly showed allowed connections but the colors in the app overview didn't change
Version 1.0.1 uploaded
- fix "incoming" thx @w0rinal
- also an error related to coloring, @an0n981 can you check if it fixes your problem? Toggling options could be required
defim said:
- also an error related to coloring, @an0n981 can you check if it fixes your problem? Toggling options could be required
Click to expand...
Click to collapse
Sorry the bug is still present
Also 1 more questions. Do you see any problem running this along side AFWall?
The bug affects any app that starts end ends with <>. <android.media> and <org.mozilla.firefox.sharedid> also always revert back to displaying completely green once the app is reloaded
an0n981 said:
Also 1 more questions. Do you see any problem running this along side AFWall?
Click to expand...
Click to collapse
No, should work without problems. The one created iptables rules other hooks the connection methods - if one fails, the other does it
an0n981 said:
The bug affects any app that starts end ends with <>. <android.media> and <org.mozilla.firefox.sharedid> also always revert back to displaying completely green once the app is reloaded
Click to expand...
Click to collapse
The "<>" entries are not real apps (.apks) with a package name, they are uids. At app start i load all installed apps with internet-permission and hide apps which are no more installed / have not any longer the permissions -> the uid items are not in the list of installed apps (obviously)
Will be fixed in next release
EDIT: Uploaded
This is awesome ?
A few questions:
- is there a way to edit template? I couldn't find it anywhere in settings- am I missing something?
- Can you add multiple selection? For example, someone has lots of apps and wants to block roaming to them etc. etc. without having to change it manually for each app.
- filtering or sorting apps? perhaps something simple like the way afwall , or a more thorough filter like XPrivacy has?
Sent from my Nexus 5 using Tapatalk
defim said:
The "<>" entries are not real apps (.apks) with a package name, they are uids. At app start i load all installed apps with internet-permission and hide apps which are no more installed / have not any longer the permissions -> the uid items are not in the list of installed apps (obviously)
Will be fixed in next release
EDIT: Uploaded
Click to expand...
Click to collapse
Confirmed fixed
jaibar said:
This is awesome ?
A few questions:
- is there a way to edit template? I couldn't find it anywhere in settings- am I missing something?
- Can you add multiple selection? For example, someone has lots of apps and wants to block roaming to them etc. etc. without having to change it manually for each app.
- filtering or sorting apps? perhaps something simple like the way afwall , or a more thorough filter like XPrivacy has?
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
The template is used for all "blue" apps, which where are not configured by user. Modifying template is part of the donator options (see OP).
Btw, next planned feature: detection of VPN connections
defim said:
The template is used for all "blue" apps, which where are not configured by user. Modifying template is part of the donator options (see OP).
Btw, next planned feature: detection of VPN connections
Click to expand...
Click to collapse
Nice feature !
I dry tested this app (i.e. not checked in the Xposed module on my device) and already saw that the VPN was missing. Now I use AFWall+ which is good and has more profiles. I block all Google apps with it with a 'limited internet' profile and every time I download something from Play, I load another profile which allows 'Google Play services' and 'Google Play store' internet connection and after download/update I revert to 'Limited internet'.
On my Mac I have 'Little Snitch' firewall which has the ability to let it prompt for certain apps which I don't want to be connected permanently (such as the Mac App Store), but only when I do e.g. an OSX update. In that case I let it prompt and say 'only this time'.
A similar approach on LightingWall should be very welcome. E.g. a notification that the Play store wants to connect with internet and when one wants to download / update an app, say 'only this time' and not permanently.
mermaidkiller said:
Nice feature !
I dry tested this app (i.e. not checked in the Xposed module on my device) and already saw that the VPN was missing. Now I use AFWall+ which is good and has more profiles. I block all Google apps with it with a 'limited internet' profile and every time I download something from Play, I load another profile which allows 'Google Play services' and 'Google Play store' internet connection and after download/update I revert to 'Limited internet'.
On my Mac I have 'Little Snitch' firewall which has the ability to let it prompt for certain apps which I don't want to be connected permanently (such as the Mac App Store), but only when I do e.g. an OSX update. In that case I let it prompt and say 'only this time'.
A similar approach on LightingWall should be very welcome. E.g. a notification that the Play store wants to connect with internet and when one wants to download / update an app, say 'only this time' and not permanently.
Click to expand...
Click to collapse
Xprivacy implements a similar thing, allowing the user to be informed when one of the restrictions are asking for access of that permission, including internet permissions(no distiction between lan or vpn), i would also welcome an on demand prompt feature for this app, its one faeture i wished afwall had, but believe it cant because of the nature of iptables i believe,
Saying that im also kinda worried that this might conflict, two apps essentially fighting for control to "pause" the system, hope im wrong, maybe if the two devs of the two respective apps co-orporated in implementation,it might be resolved, if there is an issue, i dont know........... but im getting ahead of myself here, defim has not even stated that he'll implement this, still, no harm in discussing possibilities, slim or not
@banderos101 @mermaidkillerIf you want to be informed if an app is allowed or denied to access some hosts, you could get it with Tasker. Just with a simple message box or more enhanced things Tasker can do. It should not be a problem using this app wiht Xprivacy, AFwal etc. If you block a connection with one app, it could be that the others can't see/log it. This depends on the order of the apps, An iptables firewall should be the last the connection is passing.
A per host filter is not planned, if you want to stop connection to some (tracking, malwar, adware) hosts a hosts file filter could be used, like my UnbelovedHosts
defim said:
As usual i send source only to people i know
Click to expand...
Click to collapse
Too big a risk to take for security software like this. Post your work up on Github under a reasonable license.
I'm not seeing a big advantage over the GPL AFWall+ anyway.
Lets say I want to enable disk access to "drives" (a great software product to display dive space utilization), I can not do so there is no way to do so as I get a message "Screen Overlay detected", of course it is detected I have over 10 apps that require it, if I disable it they do not work PERIOD. so I need to have it enabled, nut then I have many apps that simply do not support Marshmallow (6.0) at all as a result. I can not understand why there are not more complaints and fixes for this as I'm basically stuck I have apps that require overlay including my dialer and I have apps I need that I can not use if overlay is enabled!
One work around I heard of was to boot into safe mode and run the apps there, but in safe mode I can not run any third party apps (so I can not execute those that I need to overlay disabled to set a permission.
I need help, either to fix the overlay prompt (simply put at this point security be damned I'll live without it I need the software to function), but searching and searching I've yet to see any solution or even suggestion beyond safe mode, which does not let me execute the software I need to fix, other than down grading (which does not help since at some point I'll need to move to 6.X), how does one fix the very annoying and Android breaking issue of overlay?
I just do not understand how Overlay a very necessary feature is also able to break many apps, including a few that require overlay themselves. I'm completely confused and sick of wasting time (hours at this point trying to figure out how to get around this).
Thanks,
ERIC