Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,785,457 Members 42,082 Now Online
XDA Developers Android and Mobile Development Forum

[TOOL][HTTP/HTTPS analyzer]SandroProxy

Tip us?
 
SandroBSupp
Old
(Last edited by SandroBSupp; 25th May 2013 at 09:31 AM.) Reason: added link to wiki how to connect to other proxy
#1  
SandroBSupp's Avatar
Senior Member - OP
Thanks Meter 57
Posts: 179
Join Date: Sep 2011
Default [TOOL][HTTP/HTTPS analyzer]SandroProxy


Proxy, http analyzer, mitm, transparent proxy

NO NEED FOR ROOTED PHONE

Why would you use it:
- behind corporate firewall/proxy, needing to connect to squid, isa/forefront proxy with authentication
http://code.google.com/p/sandrop/wiki/HowToConnectToOtherProxy
- developer to examine http traffic, with embedded chrome devtools that can be used as ide
- security analyst examining how apps communicate with servers
- ...

Features:
- can act as pass-through proxy, traffic is not stored, ssl tunnel remains the same to server.
- capture,intercept request/response, replay, change before sending further
- can use client certificate to make connection to web server
- creates server certificates on the fly with proper host name
- transparent proxy needs superuser, su, iptables (1.4.10 or higher) to listens on port 80, 443
- request/response are stored as files so can be examined later on
- can bind only local or on all adapters
- client cache headers can be removed so content is always fetched from server (no 304 Not Modified responses)
- custom proxy plugins http://code.google.com/p/sandrop/issues/detail?id=31
- custom search criteria on show request/responses with scripting
- can connect to another proxy (Squid, ISA proxy, ForeFront TMG proxy) (basic, digest, ntlm authentication supported)
- can act as web server to filter/examine captured data
- can connect to insecure sites, switch on/off in preferences
- can use chrome devtools to examine captured data
- chorme devtools 3D panel
- websockets support

!!!!
there are ads on log tab and google analytic events on switching tabs
sorry for that
!!!!


custom proxy plugins:



manual requests:




market.android.com/details?id=org.sandroproxy

http://code.google.com/p/sandrop/

Proxy acts as SSL man-in-the-middle. It generates sites certificates on the fly.
Issuer is named UNTRUSTED.
Based on WebScarab so all credits goes there.
http://www.owasp.org/index.php/Categ...Scarab_Project


********************
Requests/Responses are stored in getExternalCacheDir()

/mnt/sdcard/Android/data/org.sandroproxy/cache

http://developer.android.com/referen...ernalCacheDir()

There is no security enforced with these files. All applications can read and write files placed here.

********************

Use stock browser and change that wi-fi uses proxy on localhost:8008
http://code.google.com/p/sandrob/iss...tail?id=41#c27

Copy from app thread, because it can also be used as development tool.
For example to store application/server http/https comunication.

The Following 14 Users Say Thank You to SandroBSupp For This Useful Post: [ Click to Expand ]
 
john9
Old
#2  
Account currently disabled
Thanks Meter 269
Posts: 1,586
Join Date: Oct 2011
This is sweet, good job!
The Following User Says Thank You to john9 For This Useful Post: [ Click to Expand ]
 
soulbkd
Old
#3  
Junior Member
Thanks Meter 5
Posts: 27
Join Date: Jun 2010
Location: East Java
wow.. this is what I'm looking for...! thanks, downloading it.

is it tracking request from internet browser only or any request from every app and any protocol maybe? in spite of the title HTTP/HTTPS analyzer
 
SandroBSupp
Old
#4  
SandroBSupp's Avatar
Senior Member - OP
Thanks Meter 57
Posts: 179
Join Date: Sep 2011
Just for http/https.

It can act as
proxy -> you must specify proxy in browser settings
transparent proxy -> you must somehow change where tcp packets are going (iptables)
http://www.cyberciti.biz/tips/linux-...uid-howto.html

Now I am working on tab where redirection on phone can be done from gui for all processes that have network permissions.
It creates iptable rules as:
iptables -t nat -A OUTPUT -m owner --uid-owner <xxxxx> -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009

But still long way to make it work properly...

 
SandroBSupp
Old
#5  
SandroBSupp's Avatar
Senior Member - OP
Thanks Meter 57
Posts: 179
Join Date: Sep 2011
It can track any app that uses http/https.
Not quite sure about ports. Probably just 80/433 but I could change that can be value in preferences.
 
SandroBSupp
Old
#6  
SandroBSupp's Avatar
Senior Member - OP
Thanks Meter 57
Posts: 179
Join Date: Sep 2011
Default New feature: gui for process->trasparent proxy redirection

It activated additional iptables rules so the process is redirected to transparent proxy.

iptables -t nat -A OUTPUT -m owner --uid-owner <xxxxx> -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009



 
SandroBSupp
Old
#7  
SandroBSupp's Avatar
Senior Member - OP
Thanks Meter 57
Posts: 179
Join Date: Sep 2011
Default new feature: browser cache on/off

There is setting that removes browser cache headers.


 
chareos12
Old
#8  
Senior Member
Thanks Meter 50
Posts: 698
Join Date: Sep 2010
dumb question: would your app help to make gTalk work on corporate networks protected by Forefront ?

Many thanks
Farewell, HTC.
And thank you for all the S-ON annoyances, the proprietary s**t and everything else locking us to your bloated Sense.
Nice product design, on your One X. Oh, well.
 
SandroBSupp
Old
#9  
SandroBSupp's Avatar
Senior Member - OP
Thanks Meter 57
Posts: 179
Join Date: Sep 2011
Sorry, not yet.
Probably you need NTLM authentication to proxy?
Chaining Sandroproxy to ntlm proxy is on the list of future features.
 
MemoryController
Old
#10  
Senior Member
Thanks Meter 196
Posts: 997
Join Date: Dec 2011
Location: Thessaloniki
I can't find it on the Market/Play crap.
Device: GT-i9100 on 4.0.3 rooted. Country: Greece
Current Operator:Vodafone GR, tried also with GR COSMOTE. Any ideas?

Tags
http, mitm, pac, proxy, ssl
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes