So I'm trying to do some research in the server requests and responses of some apps I work with, and for various reasons need a hotspot because of incompatibility with a corporate proxy.
Are there any apps that can decode/record web traffic as it's passed to AP clients through Wi-Fi tether?
I certainly recognize the possibility for espionage / inherent security concerns, but they have similar apps for desktops like "Charles proxy" or "fiddler" to do research in packet analysis.
I googled a little, but most examples were from the 2.2-2.3 days, and didn't seem updated at all.
Thanks!
Hi,
Maybe SandroProxy will help you out.
https://play.google.com/store/apps/details?id=org.sandroproxy
Not sure about working on wifi thether...
Mix3d said:
So I'm trying to do some research in the server requests and responses of some apps I work with, and for various reasons need a hotspot because of incompatibility with a corporate proxy.
Are there any apps that can decode/record web traffic as it's passed to AP clients through Wi-Fi tether?
I certainly recognize the possibility for espionage / inherent security concerns, but they have similar apps for desktops like "Charles proxy" or "fiddler" to do research in packet analysis.
I googled a little, but most examples were from the 2.2-2.3 days, and didn't seem updated at all.
Thanks!
Click to expand...
Click to collapse
SandroBSupp said:
Hi,
Maybe SandroProxy will help you out.
https://play.google.com/store/apps/details?id=org.sandroproxy
Not sure about working on wifi thether...
Click to expand...
Click to collapse
Yeah, that's the wrong type of proxy. I need the *phone* to act as the proxy, or at least decrypt ssl traffic between the phone and tethered device; this one is more of a "hide my traffic" proxy between the phone and the internet.
But this is exactly what SandroProxy do. It acts as local proxy accepting requests.
For SSL you need also to use Menu->Export CA to store.
It can also connect to your corporate proxy (basic/digest/ntlm) so you do not need to use thether mode.
http://forum.xda-developers.com/showthread.php?t=1737138
Mix3d said:
Yeah, that's the wrong type of proxy. I need the *phone* to act as the proxy, or at least decrypt ssl traffic between the phone and tethered device; this one is more of a "hide my traffic" proxy between the phone and the internet.
Click to expand...
Click to collapse
You're totally right. Just tried it out and it's working splendidly.
You the man!
Related
Has anyone got VPN connectivity working with DCD 3.2.5? I have been trying for hours with no luck. Every time I try to connect I just get the generic unable to connect message (VPN Server problems. Verify your username and password..... I do know its not a user name / password issue. I set the VPN up and administer it. Its a ClarkConnect Community Edition Firewall Router 4.3.
I can however use the phone with Internet Sharing and connect to the same VPN end point with my laptop. I know the VPN is working.
Any one have any experience with this?
scrosler said:
Has anyone got VPN connectivity working with DCD 3.2.5? I have been trying for hours with no luck. Every time I try to connect I just get the generic unable to connect message (VPN Server problems. Verify your username and password..... I do know its not a user name / password issue. I set the VPN up and administer it. Its a ClarkConnect Community Edition Firewall Router 4.3.
I can however use the phone with Internet Sharing and connect to the same VPN end point with my laptop. I know the VPN is working.
Any one have any experience with this?
Click to expand...
Click to collapse
I'll be honest. I haven't really tried yet, but I am interested in getting this working myself, as I need to set it up; in addition to somehow getting this damn thing to connect to my school's network - which it has refused to for many weeks now.
scrosler said:
Has anyone got VPN connectivity working with DCD 3.2.5? I have been trying for hours with no luck. Every time I try to connect I just get the generic unable to connect message (VPN Server problems. Verify your username and password..... I do know its not a user name / password issue. I set the VPN up and administer it. Its a ClarkConnect Community Edition Firewall Router 4.3.
I can however use the phone with Internet Sharing and connect to the same VPN end point with my laptop. I know the VPN is working.
Any one have any experience with this?
Click to expand...
Click to collapse
Did you try using the kitchen and enabling the Enterprise IPSEC checkbox? It's the first item on the list. I assumed this was for those who needed VPN connections, so have not used it myself personally.
BTC
BillThyCat said:
Did you try using the kitchen and enabling the Enterprise IPSEC checkbox? It's the first item on the list. I assumed this was for those who needed VPN connections, so have not used it myself personally.
BTC
Click to expand...
Click to collapse
yep you need that for IPSEC vpn, but PPTP vpn would work without it.
BillThyCat said:
Did you try using the kitchen and enabling the Enterprise IPSEC checkbox? It's the first item on the list. I assumed this was for those who needed VPN connections, so have not used it myself personally.
BTC
Click to expand...
Click to collapse
Yes. Im going to flash back to a stock ROM later today and test.
I'll post the results.
DCD have you ever got PPTP to work?
scrosler said:
Yes. Im going to flash back to a stock ROM later today and test.
I'll post the results.
DCD have you ever got PPTP to work?
Click to expand...
Click to collapse
Telus ROM can authenticate just fine. Hmmmm. DCD Any thoughts?
PPTP VPN works
Here is what I did:
Configured the VPN connection.
Create a nework exception for a valid DNS name or use wildcards:
*.myvpnconnection.com
Anything you go to in that domain will use the VPN. IE seems to be the only thing that will initiate the connection.
It sounds like you might have something wrong on the server side.
MM
I just setup mine to use the vpn into my office and it worked slick as "stuff"... but we use a MS VPN server with AD...
I'm able to use VPN on 3.2.5 (stock, not cooked in kitchen) It works, but often time I have to soft reset before it will let me connect. Windows even suggests it... I haven't figured out a way around this when it happens, other then to soft reset.
Also I'm having a problem where VPN locks up the phone if I leave it connected, and the phone goes into lower power mode. It won't wake up with power. I have to soft reset.
Lastly, I'm trying to figure out the fastest way to actually launch the connection. It seems horribly buried / inefficent, the way I'm doing it:
I'm going to Start -> Settings -> Connections Tab -> Connections Icon -> Under the VPN Connection hitting "Manage Existing Connections -> VPN Tab -> Selecting the VPN Connection and "right clicking (hold until context menu pops up) and hitting "Connect".
Anyone know of a faster way?
Thanks in advance!!
PPTP and L2TP work fine here. I do have an issue where if I leave the connection live and the device goes to sleep it doesn't wake up and requires a soft reset. It's been like that for a number of revisions. Other than that it works fine.
I have never got any app that hosts web page to work when I'm using mobile connection.
Wlan connection always works and another users seem to get it working using mobile connection.
Same problem with all ROMs that I have used. How to fix?
Mehumummo said:
I have never got any app that hosts web page to work when I'm using mobile connection.
Wlan connection always works and another users seem to get it working using mobile connection.
Same problem with all ROMs that I have used. How to fix?
Click to expand...
Click to collapse
Ummm. What network are you on? Remember most networks use NAT so save IP addresses. So your web server might only work for other users on the same subnet of your provider.
A phone isn't an ideal server. Can't you spend $1 or so per month on shared hosting on a server somewhere?
This is why it works on WiFI, as you have a dedicated IP address.
How can an incoming connection to 155.55.55.55 (for example, which covers all your network's users) know to direct an incoming port 80 (web) request to your phone? As opposed to the many other people that would try this?
I think Vodafone UK gives individual Ips though, so you could switch provider if it matters
anon2122 said:
Ummm. What network are you on? Remember most networks use NAT so save IP addresses. So your web server might only work for other users on the same subnet of your provider.
A phone isn't an ideal server. Can't you spend $1 or so per month on shared hosting on a server somewhere?
This is why it works on WiFI, as you have a dedicated IP address.
How can an incoming connection to 155.55.55.55 (for example, which covers all your network's users) know to direct an incoming port 80 (web) request to your phone? As opposed to the many other people that would try this?
I think Vodafone UK gives individual Ips though, so you could switch provider if it matters
Click to expand...
Click to collapse
I do know what NAT is (as it always ruins everything). I was not aware that mobile connection uses NAT as I imagined that operators doesn't put their users under same ip.
I'm not hosting something that any server could, mostly access to my phone:
files, sms, remote usage etc.
So there is no way but change operator?
Mehumummo said:
I do know what NAT is (as it always ruins everything). I was not aware that mobile connection uses NAT as I imagined that operators doesn't put their users under same ip.
I'm not hosting something that any server could, mostly access to my phone:
files, sms, remote usage etc.
So there is no way but change operator?
Click to expand...
Click to collapse
T-mobile definitely uses nat, as I have tried to ssh into my phone etc. I needed to make a listen server and dial into it from the phone.
So what you are doing needs a unique ip or upnp support (which I doubt android can do). But also it needs an isp that don't block ports or anything.
We use vodafone sims for remotely connecting to remote wind farms, as it allows incoming radmin connections.
anon2122 said:
So what you are doing needs a unique ip or upnp support (which I doubt android can do).
Click to expand...
Click to collapse
I guess that no operator supports UPnP/IGD to poke holes in their NAT.
If it's only for transferring files, SwiFTP supports a proxy server that is provided by the author. SwiFTP doesn't support SSL, and I don't think that I would want to send the plain text password to my phone over the Internet.
Another possibility is a VPN from the phone to the PC or router. Than you can start a server like kWS, Android Desktop, PAW Server, I-Jetty, WebFileSystem, etc.
VPN sounds good, gonna try when I get to home.
I can get connection using vpn.
However if there are no connection for short time or phone is restarted then vpn connection goes away.
I would like it to reconnect asap but it isn't meant to be that way :/
Couldn't find anything to reconnect vpn.
I didn't try the built-in VPNs (Android 2.1), but it works fine with OpenVPN: even when changing from Wifi to 3G it reconnects after a few seconds. You need root for OpenVPN AFAIK. It works great with VillainROM 12 which comes with OpenVPN. There's a guide at the VillainROM forums.
Thanks got it working
Lol huge decrease to battery life, suppose you don't have any hints for that?
Running Vanilla AOSP Gingerbread 2.3.3, finally managed to get this thing to talk to the local network here at work (it's PEAP authenticated, TnT Lite won't see it).
Now I'm running into the issue of not being able to access local intranet sites with my browser. Instead if just takes me to google search.
Running Dolphin HD right now. Any ideas? I'd really like to use this tablet at work to access the local intranet. If it won't do it, that's going to be a problem.
I would download the program ipconfig from the market and make sure you are getting the correct ip information on your network. Getting the incorrect DNS server can cause this issue. You can also downlond ping from the market and try to ping the internal web address. Just a troubleshooting step that I would starti with.
I was able to ping it using the Terminal Emulator, so that is working at least.
Well...I am getting my Gtab deliverred via fedex tomorrow and will be able to test my local intranet sites with the same setup and hopefully be a little more helpful. I will keep you posted with what I find,
Ok, I was wrong, I can't ping. I was pinging a server that is exposed on the external internet (Oops). The internal-only servers are unreachable. The DNS servers, though, are correct.
This is interesting.
From home I can access my work email through Exchange for Android, no problems. However now that I'm online at work and on the internal network, it doesn't work. I suspect it's because it's on the internal intranet now instead of trying to route to it through the internet.
I suspect that, while Vanilla 2.3.3 AOSP supports PEAP, it doesn't really support PEAP.
A large number of corporate networks use a proxy server; check into that.
pearlyking said:
A large number of corporate networks use a proxy server; check into that.
Click to expand...
Click to collapse
This one doesn't, as far as I can tell.
My iPhone connects to it fine, other people are able to access it with iPads and Android phones.
I'd ask IT for help, but we're technically not supposed to be using it.
pearlyking said:
A large number of corporate networks use a proxy server; check into that.
Click to expand...
Click to collapse
+1
Had the same problem and it turned out to be the Proxy settings.
Got it working.
Now running VEGAn 5.11 and it connects just fine. Not having the issues with the email anymore, either. However some of the intranet sites only pull up if I know the IP directly, apparently the browser has a hard time with port redirection on the URL (it doesn't care for 'evolutionsc:8080' very much at all).
Now I just need to find a browser that can handle JIRA without formatting issues.
ubergeek4l said:
+1
Had the same problem and it turned out to be the Proxy settings.
Click to expand...
Click to collapse
I seem to be having the same problem but I honestly don't know how to update the proxy settings for my work network (which does use a proxy server). I'm using Vegan 511, anyone know how to specify a proxy server for the network connection to use? I can't find anything in the wireless&network settings area.
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
On a public wifi all data you do is unencrypted, the only way to protect it, is doing some encrypting yourself.
On the apps that support it you should enable SSL encrpytion, that way, only your device and the receiving service can parse whats going on.
Not all apps support this, so if you come over an app that doesnt, but is really afraid of someone taking it, you need to do some more advanced stuff, and take use of a VPN.
This applies to both laptops and phones, but ssl support is usually less used on laptops
typhoonikan said:
I recently have been using McDonald's wifi and also Starbucks near a university I am soon attending (For a master's in IT whee!!). Since knowing about droidsheep and wifikill, I was wondering what the best methods of protecting your devices from public spying are? I found this app, http://forum.xda-developers.com/showthread.php?t=1350941 but isn't there something else? Like setting up some kind of basic something that can guard against such spying?
I am also interested in knowing not only for an android device, but also for a laptop being used in a public place. Thanks for your help!
Click to expand...
Click to collapse
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
SachinShekhar said:
Use "SSH Tunnel" app from Play Store to encrypt all of Internet traffic. You'll need just an internet server having root access or SSH access for that. There's no need of complex configuration on server at all.
All VPNs except OpenVPN have limited encryption level, but that's not the case of SSH Tunneling. When it comes to OpenVPN, its configuration is complex. And, little mistake can pose security risk. Plus, most of stock ROMs don't have OpenVPN client. Installing it is also more complex than installing SSH Tunnel.
Click to expand...
Click to collapse
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Personally, I use OpenVPN. I would recommend using TUN, and at least 128 AES encryption. You need to have an always on internet connection somewhere. You set up a server there (dedicated computer, or buy a $40 linksys router and flash with dd-wrt or tomato vpn) and use a dynamic dns service to forward to that server's IP (such as DynDNS).
Most of that information is available on google.
You can find the OpenVPN HOWTO here:
openvpn.net/howto.html
Yes, as mentioned it is fairly complex, however worth the payoff in security in my opinion.
Hope that helps.
Tom
I appreciate the responses, but I think you're missing my point.
I'm talking about joining public wifi. Not a wifi spot where I can manage their server settings.
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
tomg09 said:
Yes, we are as well. VPN and SSH tunneling are used primarily to encrypt traffic. You want to do that to protect your data from Man in the Middle attacks. These types of encryption do not require any sort of administrative access to the wireless access point. That's the idea. You encrypt your data on your computer and send it over unsecured wifi to a server that is hard-wired to the internet, where the traffic is decrypted and send out to the internet as normal. The return traffic will then also be encrypted until it is decrypted by your computer. I would look into these two options for securing your data on unsecured wifi networks...
Tom
Click to expand...
Click to collapse
Thank you !
Sent from my EVO using xda premium
typhoonikan said:
This is great and what I had in mind- an app that secures the connection.
Though, walking into a starbucks or public wifi location where they have this kind of requisite (the server requirements)... isn't it doubtful they will have that set up?
Click to expand...
Click to collapse
Server will be your own outside public wifi. It may reside in your home. Or, you may purchase a VPS from Linode, RackSpace etc.
The concept: Your Android device will create an encrypted SSH tunnel to server at home... all over insecure wifi network. If a black hat guy traps your traffic in the middle, he will not get usable data from that because of encrypted tunnel.
I'm currently connected to a corporate WiFi network. I connect using my domain name credentials and the network security is 802.1x EAP with PEAP as the EAP method.
The issue I'm having is that while connected to the network I have internet access and can download from websites. However all in app downloads fail, including play store updates. Is there a way to work around or correct this? Is anyone familiar with this issue?
I've googled tirelessly to no avail.
My phone is rooted and running a custom ROM (I've had this issue with all ROMs, stock or otherwise)
jcspecs said:
I'm currently connected to a corporate WiFi network. I connect using my domain name credentials and the network security is 802.1x EAP with PEAP as the EAP method.
The issue I'm having is that while connected to the network I have internet access and can download from websites. However all in app downloads fail, including play store updates. Is there a way to work around or correct this? Is anyone familiar with this issue?
I've googled tirelessly to no avail.
My phone is rooted and running a custom ROM (I've had this issue with all ROMs, stock or otherwise)
Click to expand...
Click to collapse
Businesses have a sneaky habit of firewalling their networks, so only http traffic is allowed. Unless you are sleeping with the I.T. manager you are very unlikely to get any other ports opened, which those apps probably need.
boomboomer said:
Businesses have a sneaky habit of firewalling their networks, so only http traffic is allowed. Unless you are sleeping with the I.T. manager you are very unlikely to get any other ports opened, which those apps probably need.
Click to expand...
Click to collapse
I'd figured this was the reason. Bummer, she's not my type.