Hello!
I need to sniff web traffic from application googleservicesframework.apk when it is login and register(ssl). How can I do it on my pc?
gogus said:
Hello!
I need to sniff web traffic from application googleservicesframework.apk when it is login and register(ssl). How can I do it on my pc?
Click to expand...
Click to collapse
If you route the traffic from your Android via your PC to the Internet, you can of course sniff the traffic using tcpdump or wireshark, but since it is SSL encrypted, it won't make any sense anyway. You can only see the presences of traffic, not what it is or the contents.
Is there a way to decode SSL from google?
gogus said:
Is there a way to decode SSL from google?
Click to expand...
Click to collapse
Not by sniffing, unless you own a quantum computer.
kuisma said:
Not by sniffing, unless you own a quantum computer.
Click to expand...
Click to collapse
Fiddler have HTTPS decrypting and it works, so i dont need a quantum computer.
gogus said:
Fiddler have HTTPS decrypting and it works, so i dont need a quantum computer.
Click to expand...
Click to collapse
No, not by sniffing. If you terminate your SSL session at an untrusted peer (such as Fiddler here), and re-establish it from this peer to the final destination, you can capture the plain text, but this is not sniffing, but a man-in-the-middle, and requires the establishing peer accepts a session with this untrusted peer.
Related
Hi Everyone,
I have a question regarding these Ad Blocking programs. I see that they primarily work by adding entries in the Hosts file for IP resolution (usually the loopback address 127.0.0.1) for known Ad addresses. So my question is this... Is it possible for hackers to produce a fake (or partially legit) product that could be used for Phishing? They could inject IP addresses for banking, ecommerce, etc., websites to be directed to their fake sites.
Any thoughts?
Thanks!
Dagoof
You mean do something like redirect Wells Fargo to a copycat site to phish usernames, passwords, CC#'s etc? It's certainly possible. It'd be a pretty limited audience hack though. You'd still probably do better just sending a mass email.
I spoke with the author of Adfree and his program implements checks on the downloaded host files to ensure they only point to 127.0.0.1 unless specified in the options.
esheesle said:
I spoke with the author of Adfree and his program implements checks on the downloaded host files to ensure they only point to 127.0.0.1 unless specified in the options.
Click to expand...
Click to collapse
Yeah... I thought that the easy way to rest assured was to go through the hosts files to be sure all the entries point to the loopback address...
Thanks!!
Some of you may already know about this app which lets you turn your Android device into one of many different types of servers. I am very interested in this, but am not sure of which type of server I should be using.
Could someone knowledgeable give a brief description of what each type of server would be used for?
I am personally wanting to run this on my HTC EVO 4G at home so that I can access things at any time from any computer. I am not sure which server that would be though.
It runs:
DLNA
DNS
Dynamic DNS updater
Email Server
FTP server
IRC Server
Proxy Server
SMS Gateway
Socks Server
SSH Server
Telnet Server
Test Server
Time Server
Web Server
WebDAV Server
Thanks for the info.
Hi,
Does anyone know if any of the changes put into 7.8 will help bring any voip support or api? If not, any suggestions for voip client?
I've tried the Ozeki sdk windows phone example, it's useless.. the client only actually interfaces with its own server app.
It's shocking to see basically every voip app on market all only connect to specific voip services that you have to sign up for, and nothing with custom settings =\
Thanks
vestisciacca said:
hi
Click to expand...
Click to collapse
viber?
bertapeti said:
viber?
Click to expand...
Click to collapse
Hi,
I'm looking for an app that allows you to connect to your own VoIP server of choice and not a predefined server, and Viber doesn't do that.
OctroTalk does allow you to add your own sip server, but it doesn't work, doesn't even try to connect (at least any traffic leaving the phone)
Ozeki SDK sort of works, but they want $700 for it and i have not gotten their demo to work over wifi yet =\
Octrotalk
darkfires said:
Hi,
I'm looking for an app that allows you to connect to your own VoIP server of choice and not a predefined server, and Viber doesn't do that.
OctroTalk does allow you to add your own sip server, but it doesn't work, doesn't even try to connect (at least any traffic leaving the phone)
Ozeki SDK sort of works, but they want $700 for it and i have not gotten their demo to work over wifi yet =\
Click to expand...
Click to collapse
Octrotalk works with voip.ms but can only use on speaker phone
I got this crazy idea that I don't know is possible or not... what I want to do is set up my phone as wifi access point, then allow people to connect to it, but handle all incoming http traffic myself.
So:
Create a server (with KWS - Android web server)
client can connect to the phone
when client tries to open an http connection to any random server, this has to be intercepted by my app and handled by a local web server
Anyone knows any android app to do this ?
What you are talking about is a captive portal.
I made a simple app for this purpose. If you are a developer, I need your help to improve the app. For downloading the app and source code check this thread https://forum.xda-developers.com/android/general/guide-setup-fake-captive-portal-android-t4011689
I'm building an Android application which will allow my sales team to quote projects and I want it to work while they're in remote areas, which means it will download price changes when they get into service areas and also upload any quotes they have done. Since it needs to work offline, I need to authenticate the user login but I'm hesitant to be authenticating them against the database stored locally on the device. Is there a proper way of doing this? I can't authenticate remotely because it has to work offline. Is the local NoSQL database secure? Should I not worry too much about it and just make sure they're authenticated remotely prior to the synchronization when a connection becomes available? Thanks a lot.