FORUMS

Two New Moto X and New Moto G – Specs & Details

Today’s Moto event just ended and now we have a clear look at all of … more

How Strong Is Your Connection? – XDA Xposed Tuesday

Everyone is always talking about their bars. How many bars of WiFi do they … more

OnePlus 2 Announced: Specs, Price and Details

The OnePlus 2 has just had its Virtual Reality Launch event, and at the XDA Office we all … more

A Helpful Guide to Music Streaming Services

With the launch of Apple Music, music streaming services have recently gained a lot of … more

[TOOL][HTTP/HTTPS analyzer]SandroProxy

237 posts
Thanks Meter: 72
 
By SandroBSupp, Senior Member on 27th June 2012, 11:35 PM
Post Reply Subscribe to Thread Email Thread

Proxy, http analyzer, mitm, transparent proxy

NO NEED FOR ROOTED PHONE

Why would you use it:
- behind corporate firewall/proxy, needing to connect to squid, isa/forefront proxy with authentication
http://code.google.com/p/sandrop/wiki/HowToConnectToOtherProxy
- developer to examine http traffic, with embedded chrome devtools that can be used as ide
- security analyst examining how apps communicate with servers
- ...

Features:
- can act as pass-through proxy, traffic is not stored, ssl tunnel remains the same to server.
- capture,intercept request/response, replay, change before sending further
- can use client certificate to make connection to web server
- creates server certificates on the fly with proper host name
- transparent proxy needs superuser, su, iptables (1.4.10 or higher) to listens on port 80, 443
- request/response are stored as files so can be examined later on
- can bind only local or on all adapters
- client cache headers can be removed so content is always fetched from server (no 304 Not Modified responses)
- custom proxy plugins http://code.google.com/p/sandrop/issues/detail?id=31
- custom search criteria on show request/responses with scripting
- can connect to another proxy (Squid, ISA proxy, ForeFront TMG proxy) (basic, digest, ntlm authentication supported)
- can act as web server to filter/examine captured data
- can connect to insecure sites, switch on/off in preferences
- can use chrome devtools to examine captured data
- chorme devtools 3D panel
- websockets support

!!!!
there are ads on log tab and google analytic events on switching tabs
sorry for that
!!!!


custom proxy plugins:



manual requests:




market.android.com/details?id=org.sandroproxy

http://code.google.com/p/sandrop/

Proxy acts as SSL man-in-the-middle. It generates sites certificates on the fly.
Issuer is named UNTRUSTED.
Based on WebScarab so all credits goes there.
http://www.owasp.org/index.php/Categ...Scarab_Project


********************
Requests/Responses are stored in getExternalCacheDir()

/mnt/sdcard/Android/data/org.sandroproxy/cache

http://developer.android.com/referen...ernalCacheDir()

There is no security enforced with these files. All applications can read and write files placed here.

********************

Use stock browser and change that wi-fi uses proxy on localhost:8008
http://code.google.com/p/sandrob/iss...tail?id=41#c27

Copy from app thread, because it can also be used as development tool.
For example to store application/server http/https comunication.

Last edited by SandroBSupp; 25th May 2013 at 09:31 AM. Reason: added link to wiki how to connect to other proxy
The Following 14 Users Say Thank You to SandroBSupp For This Useful Post: [ View ]
 
 
27th June 2012, 11:54 PM |#2  
Account currently disabled
Thanks Meter: 270
 
More
This is sweet, good job!
The Following User Says Thank You to john9 For This Useful Post: [ View ]
28th June 2012, 04:20 PM |#3  
Junior Member
Flag East Java
Thanks Meter: 5
 
More
wow.. this is what I'm looking for...! thanks, downloading it.

is it tracking request from internet browser only or any request from every app and any protocol maybe? in spite of the title HTTP/HTTPS analyzer
28th June 2012, 08:02 PM |#4  
SandroBSupp's Avatar
OP Senior Member
Thanks Meter: 72
 
More
Just for http/https.

It can act as
proxy -> you must specify proxy in browser settings
transparent proxy -> you must somehow change where tcp packets are going (iptables)
http://www.cyberciti.biz/tips/linux-...uid-howto.html

Now I am working on tab where redirection on phone can be done from gui for all processes that have network permissions.
It creates iptable rules as:
iptables -t nat -A OUTPUT -m owner --uid-owner <xxxxx> -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009

But still long way to make it work properly...

28th June 2012, 08:08 PM |#5  
SandroBSupp's Avatar
OP Senior Member
Thanks Meter: 72
 
More
It can track any app that uses http/https.
Not quite sure about ports. Probably just 80/433 but I could change that can be value in preferences.
30th June 2012, 10:42 AM |#6  
SandroBSupp's Avatar
OP Senior Member
Thanks Meter: 72
 
More
New feature: gui for process->trasparent proxy redirection
It activated additional iptables rules so the process is redirected to transparent proxy.

iptables -t nat -A OUTPUT -m owner --uid-owner <xxxxx> -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009



4th July 2012, 07:35 PM |#7  
SandroBSupp's Avatar
OP Senior Member
Thanks Meter: 72
 
More
new feature: browser cache on/off
There is setting that removes browser cache headers.


9th July 2012, 11:57 AM |#8  
Senior Member
Thanks Meter: 50
 
More
dumb question: would your app help to make gTalk work on corporate networks protected by Forefront ?

Many thanks
9th July 2012, 05:46 PM |#9  
SandroBSupp's Avatar
OP Senior Member
Thanks Meter: 72
 
More
Sorry, not yet.
Probably you need NTLM authentication to proxy?
Chaining Sandroproxy to ntlm proxy is on the list of future features.
10th July 2012, 11:31 AM |#10  
Senior Member
Flag Thessaloniki
Thanks Meter: 212
 
More
Question
I can't find it on the Market/Play crap.
Device: GT-i9100 on 4.0.3 rooted. Country: Greece
Current Operator:Vodafone GR, tried also with GR COSMOTE. Any ideas?
10th July 2012, 12:02 PM |#11  
Senior Member
Thanks Meter: 2,075
 
More
Quote:
Originally Posted by MemoryController

I can't find it on the Market/Play crap.
Device: GT-i9100 on 4.0.3 rooted. Country: Greece
Current Operator:Vodafone GR, tried also with GR COSMOTE. Any ideas?

I'm assuming you clicked on he link in the OP? Have you tried searching the Play Store from a browser while logged into Google? It will tell you if your device is compatible or not.

Read More
Post Reply Subscribe to Thread

Tags
http, mitm, pac, proxy, ssl
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes