Blocking all outgoing connections and hosts file manipulation - Android Q&A, Help & Troubleshooting

Hi,
I want to block every internet connection from my android to the internet, allowing only that he connects to my home server, avoiding to use the firewalls (like: Droidwall, NoRootFirewall, etc) to keep it simple, solid, and minimum, plus my sole purpose is to connect to my home. Also, make it easy to use "homeserver" instead of my DDNS
I was checking the hosts file and tried set there the DDNS:
127.0.0.1 localhost
myddns.example.com homeserver
but this dont really work (when I try use: homeserver), what am I doing wrong ? I was thinking of set rules on iptables to block all ips and add just a exception to my ddns, any better idea ?
thanks.

Related

[UPDATED 2/25/2009] SocksProxy v1.0: Free SOCKS proxy for internet sharing

I have created an SOCKS proxy server application to run on Windows Mobile phones. A SOCKS proxy is a proxy server that is capable of forwarding nearly all types of network traffic, similar to a NAT router. It is very simple to use. Simply type in the port you would like the proxy server to listen on (defaults is 1080), then click the large "Start Proxy" button.
In order to run this application you will need the .NET Compact Framework 3.5 installed on your device.
Some applications are SOCKS-ready and others are not. You can use FreeCap (freeware) to SOCKS enable any Windows application. ** FreeCap seems to have problems connecting to SocksProxy. Let me know if it works or doesn't work for you. **
I am *NOT* responsible for any fees charged to anyone for the use of this software. There is no warranty and no guarantee.
[UPDATE 2/25/2009]
I've completed the new version of SocksProxy. It implements socks version 4a. There is no security, so it will allow anyone to connect with any user id.
Please let me know of any issues you find.
[UPDATE 2/24/2009]
SocksProxy v1.0 Reboot
--------------------------------------------------------------------------------
I've completed the new proxy server. It looks pretty much like the old one, but I've anchored the controls to the edges so it should scale properly with VGA devices.
I've written a new Socks 4a proxy from scratch and completed ditched all the old code. It seems to be working pretty well, though a bit slow. I think I need to increase the size of my read buffers. I will have to write a smarter heuristic for determining the size of the buffer per connection though. I have them at 128 Kb now. I need to grow each buffer dynamically according to how it's being used, that way I don't create large buffers for connections that are only transfering small amounts before closing (downloading a small gif or javascript file, for example).
I'll probably release it tomorrow after some more testing.
BTW: I'm posting this through the proxy right now!
[UPDATE 2/24/2009]
I've decided not to move forward with the J2ME version of SocksProxy. I will however be writing a new .NET CF version. The current version's proxy is based on code I ported from a proxy targeted to the standard .NET framework. Some features in the standard framework are absent in the compact framework. When porting the proxy I pretty much just did it as quick and dirty as I could because I really wanted something that just got the job done. I didn't care how stable or 'good' it was because I hadn't even intended on releasing it to anyone. Since it looks like there's still a lot of interest I will be writing a new one from scratch. Don't expect too much; It'll be the simplest thing that possibly works, but it'll be stable and reliable.
I'll be naming this version SocksProxy 1.0 Reboot. I'm not upping the version number because I'm really not going to be adding any new features.
[UPDATE 11/4/2008]
I am working on a J2ME version of this application. I will no longer be maintaining the .NET version of the application. The SVN repository for the .NET version will continue to be available. I have no plans on taking it down.
I have decided to switch to J2ME because I will be able to reuse source code in a future Android release -- that is, if Google or someone adds the ability for Android to have more than one IP address.
[UPDATE 10/27/2008]
There is a usage issue with the application with certain configurations of Windows Mobile and Activesync. It seems that when the Activesync host (your PC) has a connection to the internet the handheld device will prefer to connect to the internet via the PC's connection rather than its cellular connection. This completely eliminates any benefit to using the proxy. Does anyone know how to prevent the handheld from routing its internet traffic back through Activesync? Note that this is NOT solved by setting the "Allow data connections" setting in Activesync.
[UPDATE 10/27/2008]
I have updated the SVN respository (https://pchasco.homedns.org/svn/SocksProxy/trunk). Here are the changes:
* Changed "Listening on" box to list all IPs on the handheld
* Added an IP box. Enter an IP to listen on that IP or leave blank to listen on all.
* Rearranged form
* Added "Use selected IP" button to insert into the IP box the IP selected in the list of available IP addresses.
You can enter any IP address in the IP box, but the proxy will fail to start if the IP is not valid for your device.
Hi pchasco,
Could you explain a bit more what this does (and how it works)?
The reason I ask is that I'm looking for an application for the PPC which allows me to share its internet connection by pointing the Desktop browser' proxy to the PPC.
This allows me to be connected to the wired network and using this proxied browser to browse even the blocked sites ...
Can your application be used for this?
If so could you also explain how it works..
I've ran the App on my PPC, and clicked start, this gave me an IP address
next i hooked it up to USB and pointed IE's proxy to that address...didn't work
I also tried to activate the 3G first and/or with ICS activated
but both times I didn't see a IP address...
I'm probably doing something wrong..
Thanks
This is a SOCKS proxy, so it does not work in quite the same way that a normal HTTP proxy does. For internet explorer you'll have to open the advanced proxy options and fill in the information for the SOCKS hostort entry.
Can someone please explain a sample usage of this software on Windows Mobile?
pchasco said:
This is a SOCKS proxy, so it does not work in quite the same way that a normal HTTP proxy does. For internet explorer you'll have to open the advanced proxy options and fill in the information for the SOCKS hostort entry.
Click to expand...
Click to collapse
Have you used this with ICS? In other words, share your internet connection with a computer and then have the computer connect via your sock proxy to the internet?
abdulzis said:
Can someone please explain a sample usage of this software on Windows Mobile?
Click to expand...
Click to collapse
I'm not sure what you mean. An example of how to use it or an example describing why someone would want to use it?
hoopsbwc34 said:
Have you used this with ICS? In other words, share your internet connection with a computer and then have the computer connect via your sock proxy to the internet?
Click to expand...
Click to collapse
I am not sure why you would need to use both SOCKS proxy and ICS at the same time. They are both means to provide internet connectivity through your phone to another device. If ICS were an option on my phone, I would use it over SOCKS unless the client device did not support it.
pchasco said:
I am not sure why you would need to use both SOCKS proxy and ICS at the same time. They are both means to provide internet connectivity through your phone to another device. If ICS were an option on my phone, I would use it over SOCKS unless the client device did not support it.
Click to expand...
Click to collapse
Basically, I'm trying to allow access to two networks at the same time. So I want to adjust my settings in firefox to point to my WM phone and your socks proxy. Then my other applications and IE can use my LAN. Otherwise, to get my WM ICS to work I have to disable my LAN connection which I need for certain apps.
edit... I'm good with using it without ICS, but that doesn't seem to work either. No matter when I click start proxy, I get an IP of 0.0.0.0 and if I connect my computer via USB I can't ping that address.
hoopsbwc34 said:
Basically, I'm trying to allow access to two networks at the same time. So I want to adjust my settings in firefox to point to my WM phone and your socks proxy. Then my other applications and IE can use my LAN. Otherwise, to get my WM ICS to work I have to disable my LAN connection which I need for certain apps.
Click to expand...
Click to collapse
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
pchasco said:
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
Click to expand...
Click to collapse
That's what I tried... but the IP address I get is 0.0.0.0 from your app. What IP do you usually get back when you run it? Do you just connect via USB? If ActiveSync is running is that an issue?
pchasco said:
Then setting the SOCKS proxy setting without setting any other proxy settings should work in Internet Explorer. I've been trying to test it, but my phone refuses to access the internet through the cellular connection right now; it's always going through my PC while activesync is connected. I can't get it to stop! The funny thing is IE on my PC is making its HTTP requests through my phone, then my phone is going right back through my PC to the internet!
Click to expand...
Click to collapse
I think there is a setting in ActiveSync that says "allow wireless connections when connected" sounds like that might be your problem.
Mr_Gee said:
Hi pchasco,
Could you explain a bit more what this does (and how it works)?
The reason I ask is that I'm looking for an application for the PPC which allows me to share its internet connection by pointing the Desktop browser' proxy to the PPC.
This allows me to be connected to the wired network and using this proxied browser to browse even the blocked sites ...
Can your application be used for this?
If so could you also explain how it works..
I've ran the App on my PPC, and clicked start, this gave me an IP address
next i hooked it up to USB and pointed IE's proxy to that address...didn't work
I also tried to activate the 3G first and/or with ICS activated
but both times I didn't see a IP address...
I'm probably doing something wrong..
Thanks
Click to expand...
Click to collapse
Sounds like the same thing that is happening to me. I finally got it to give me an IP address, but only if my data connection is inactive. As soon as the data connection is active it becomes a 0.0.0.0 IP address. Bug?
I tried to establish the IP, then activate the data connection... still doesn't work when I enter the IPort into my proxy list for firefox.
hoopsbwc34 said:
That's what I tried... but the IP address I get is 0.0.0.0 from your app. What IP do you usually get back when you run it? Do you just connect via USB? If ActiveSync is running is that an issue?
Click to expand...
Click to collapse
I am not sure why you are receiving 0 as your IP address. Check in Settings->Connections->USB to PC that "Enable advanced network functionality" is selected.
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Mr_Gee said:
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Click to expand...
Click to collapse
Hmm... I'm not sure what's going on here. 127.0.0.1 is the loopback interface-- It is only valid for your phone to connect to itself. If your computer attempted to connect to 127.0.0.1 it would connect to itself, not your phone.
pchasco said:
Hmm... I'm not sure what's going on here. 127.0.0.1 is the loopback interface-- It is only valid for your phone to connect to itself. If your computer attempted to connect to 127.0.0.1 it would connect to itself, not your phone.
Click to expand...
Click to collapse
Yes I know... :-/
Well, if I have time in the next few days I will take a look and see whether there is anything I can do. Maybe there is another IP address available on your device but for whatever reason I'm displaying the loopback instead of the external interface.
What happens when you set your proxy client up to go to 169.254.2.1:1080?
Mr_Gee said:
Gave it another try
Connected to ActiveSync (AS) loaded the application
removed the AS connection, started the application
It showed me the IP address op 127.0.0.1 (localhost)
Stopped the App, initiated the gprs and started the App again.
now i'm getting an IP of 0.0.0.0, I restarted the App a couple of times but no dice
I also checked if the advanced network functionality was enabled and it was..
Click to expand...
Click to collapse
Sounds like the same bug I am getting.
An example describing why someone would want to use it?
abdulzis said:
An example describing why someone would want to use it?
Click to expand...
Click to collapse
If you can't use ICS and want to connect to the internet from your desktop, you can connect your phone using USB and start this proxy, then you can setup your desktop connection to use the proxy to get internet access.

[Q] Wireless tether for root users - DNS redirect

I'm running a Piratebox web server on my phone - Does anyone know if there's a way to adjust DNS and re-direct everyone to my phones web server when they are tethering from my phone?
+1 to this question.
I am currently trying to find a way to get some android devices, which are working as AdHoc clients), and I want an app running on them to connect to a "server" address instead of using a specific, fixed IP address. I meant to do this programatically, by creating a socket to an InetAddress resolution of the "server" address. I assume InetAddress will use the DNS defined on the wireless interface to make this translation, but its Java, and that assumption really depends on the low level impl. of InetAddress.
So yeah, DNS redirect from the DNS server running on the AdHoc host, which by association also runs Wireless Tether for root users. How can we do it?
I have tried some redirections from the hosts file (zone file), location in "system/etc/hosts". My device, like many others, comes preloaded with a bunch of IP-hostname redirections, but these only seem to work locally, e.g.:
gugle.com redirects to 127.0.0.1 (in the hosts: "gugle.com 127.0.0.1")
If I input this address on the AdHoc host, gugle.com will redirect to my http port 80 landing (I have a web server running on the device to test this).
If I input this address on an AdHoc client, it doesnt return anything. I'm guessing the DNS server running on the host does not use the zone file from the OS.
So the question remains - where can we define a redirection from the DNS server that runs on the Wireless Tethering for root users device.

Different options to avoid 3 Mobile UK tethering block.

Hi everyone,
I am trying to get my head around on what can be done to bypass the tethering filter on 3UK.
Below are different scenarios I have come up with and would like any volunteers who could try out any of the following for me. Of course I will be doing these myself as and when time permits but its always helpful to have others view on it too.
Please and I say please, do not turn this thread into Right and Wrongs of tethering or Terms and conditions of 3 mobile contracts. Please keep your views to yourself regarding if its lawful or unlawful or ethical or unethical or whatever you seem to come up with. I would like this to be a productive thread, instead of random comments on tethering.
Option 1: Use SSH Tunnel * Should I use SSH tunnel on my phone and use my PC to connect to it to use internet. Is there a reverse option?
Option 2: Use OpenVPN Install OpenVPN on your pc, and connect your phone to your pc using default VPN function on your phone in my case GT-I9100 comes with VPN function. You could also try to reverse this method and install OpenVPN on your phone and use your PC to connect to it. *
Option 3: Use the above two together in combination As the heading says, use SSH tunnel to connect to your OpenVPN.
Option 4: Use a proxy on your pc and connect to your phone or reverse, install proxy app on your phone and point your pc web browser to that proxy address. You could use the SSH tunnel here to connect too.
So, tools at hand are vpn with any encryption available, ssh tunnel, proxy server.
Tools to ignore - TOR (onion), garlic based TOR like, changing User Agent on web browsers or paid VPN.
3 UK has two APN settings, three.co.uk for mobiles (NATd ip address) and 3internet (dongle users) has external IP address and I believe it’s an Open NAT or no NAT.
Please feel free to mix and match any options and also share your views on what is technically possible.
I hope to see something useful and learn a bit more. Even if we fail to achieve the desired results, it will still be enlightening to find the facts on how 3 detects tethering.
I
Code encode decode
Found on giff gaff forum useful info
Well, they have a few ways..TTL: In my opinion, the most likely telltale signal of tethering. For example, *iOS packets originate with a TTL of 64, so if they see anything else they know something is up. This is very easy to check, as the TTL is checked by each router as the packet is handled. (the address on the envelope - doesn't require opening the letter, to use an analog analogy)APN: Another possible sign of tethering is data being routed over the access point set up for the built-in tethering feature. But giffgaff does NOT have a separate APN for Tethering. Again, this is easy to check without deep packet inspection.User-agent: This is where carriers would need to get heavy-duty equipment and a willingness to be invasive to detect tethering. Your browser sends information about itself to remote web servers, and this information could be checked. I do not think giffgaff is doing this (to detect tethering at least,) as it is not proof of tethering since anyone can easily use another browser on your phone that reports a different User Agent.Web Sites Visited: Again, highly invasive, though it doesn't require DPI. If you're using the DNS servers of the carrier, they could look for requests for certain domain names like windowsupdate.com etc. This wouldn't be proof either, though.I would bet that they are using TTL. So tunneling the TCP/IP packets that way probably resets the TTL to the default of the WAN interface on the phone.
Code encode decode
Why do you have to make 2 threads for the same subject?
Well I wasn't sure at the time of writing first one if I had to go down the route of testing which the second one is for. So, the first one is literally to know if its happening to new contracts only and second is for testing different scenarios and finding how.
Hope this helps and if not then jog on.
Code encode decode
Invincible29 said:
Hope this helps and if not then jog on.
Click to expand...
Click to collapse
Less of the attitude please and more of the reading of forum rules. Stick to one thread for the same thing.
Thread closed, use the other one (it was created first).

[Q] Way to run VPN server and client on one host.

Hello guys,
I'm finding a way to run VPN server and client on one host. Is there any method ?
(sorry but I'm not goot at English......)
I want to control packets on android, for streaming data caching. So I need to block outgoing HTTP request(case of cache hit).
In case of using two hosts, I works perfectly. And in one host, I have thought it will work like following method:
Mark per username who run processes using iptables, and make routing tables which can work through VPN or default gateway.
But I cannot connect to internet. So I checked 'ip route ls table cache' and found that cannot reach default gateway.
(screenshot link: docs.google.com/presentation/d/1Uu7Xm4iKOmE4s9zLUu7TBf_pMd85Gou-rIW_GRONqBQ/pub)
Is there an any way to solve this problem? or some books or docs...
Have a nice day!
Do you use pc?

Prevent Certain Apps from Using My Work Wi-Fi - Anything better than Tasker?

Hi all,
I want to prevent certain apps from accessing my work Wi-Fi, mostly so my employer can't see what I'm doing. Specifically, I don't want to be connected to my employer's Wi-Fi while on Facebook, Evernote, etc.
For some other apps, I still want to use Wi-Fi to save data.
I just installed Tasker and have already a Task set up to shut off Wi-Fi for these apps. My question is: is this really secure? Does anyone think this will prevent my employer from seeing what's on my Facebook, or is there a flaw I'm not thinking of?
Ex: maybe Tasker has a delay which will allow my employer to see Facebook load anyway.
Alternatively, if anyone knows a more efficient way of doing this (in Tasker or anywhere else in Android) that'd be great.
Thanks
Question your boss is a hacker?
Because if he isn't he can't see anything in theory because he doesn't know how.
But you can use vpn connection as Hotspot Shield
so your traffic inside that network and all over the internet is encrypted.
You can also use "Firewall" for that.Firewall apps that they stop apps that you choose from getting access to internet.
if you aren't rooted try this one NoRoot Data Firewall . it use VPN
connection. So this vpn connection is local and when the blocked app tries to connect the internet it just get the localhost ip as gateway . the other apps continue to work normally.
if you are rooted try this one AFWall+ (Android Firewall +)
depends on your needs of course.

Categories

Resources