I have downloaded an Android app (which is also available for iPhone and ipad). I want to monitor which URLs it is accessing. On the desktop, you can use tools like Chrome dev tools for browser traffic and Charles Proxy (http://www.charlesproxy.com/) for other app traffic. Is there a similar way to set a proxy for the app from outside it, and then view any connection attempts, possibly with headers and responses?
I only need to do it once, to ensure the app isn't malicious, so the process doesn't have to be the most convenient method in the world. For example, it could involve setting up a proxy app on the desktop and then connecting through that, or running the Android or iOS version on a desktop-based simulator and monitoring that.
When searching SO, a lot is to be found on this topic. The best solution seems to be setting up a desktop to be an access point for the android device and run wireshark on it like suggested here
Capturing mobile phone traffic on wireshark
your best bet is charles proxy trial version
to set up charles proxy is like butter
1) Make sure both computer and device are on the same network
2) Download charles proxy on computer
3) On device go to wifi--> connection name--> hold on to it --> modify --> manual proxy --> give your ip address and port 8888
4) keep charles open on computer while you are doing this
5) you will get a pop up in charles regarding the connection and will start showing you the traffic being captured from the app..
Related
I tried the following in order to record mobile app steps using jmeter:
Start Jmeter on the my laptop and add the necessary recording templates.
Copied and installed the Jmeter cert on the mobile phone.
Connected the mobile phone to the same wifi that my laptop (with Jmeter) is on.
In the proxy hostname, I added the ip address of my laptop (with Jmeter). I also add the same port that was configured in Jmeter for my laptop.
Clicked start on the HTTP(S) Recording controller to start recording.
NB. I ensured my firewall was off during the recording.
I tried these steps several times, but when I use my mobile app on my phone, nothing gets recorded. I then tried navigating to a site using the browser but it does not record these actions either. Instead, it records other steps that I don't recognise. Please see links below for what I am seeing in Jmeter.
Does anyone have a solution to this?
Recorded Steps
Errors Displayed
You're getting this error:
because JMeter is not capable of decrypting the intercepted traffic as you didn't install JMeter's MITM certificate onto your mobile device.
The certificate is called ApacheJMeterTemporaryRootCA.crt and it's being generated in "bin" folder of your JMeter installation when you start the HTTP(S) Test Script Recorder.
I cannot provide exact steps for the certificate installation without knowing the operating system (including version) of your mobile device, however you might find the following material helpful:
Five Tips for Using Self Signed SSL Certificates with iOS
Android: Add & remove certificates
Recording Using Android Devices
Using self-signed SSL in Android (Nougat+)
hey you have to "trust the jmeter certificate in your mobile device". in ios its "trusted certificates-->certificate trust setting--> enable button for jmeter certificate which you took from jmeter machine to the mobile (ios in my case)"
Iam able to access rails app in all systems with in network, but unable to access in mobiles.
I started app like below
rails s -b ip
Double check if your mobile is in the same network of your server. You can do this either by pinging your mobile device (if it support ping) or doing a network scan using tools like nmap or take a look at your router to see where is your device. If you want to allow all access, the binding ip should be 0.0.0.0.
I have a local sandbox website on my computer running on nginx. I have chrome canary and that's what I"ve been using to test the various media sizes. Of course, this doesn't stack up against actual hands-on testing to get an idea of the feel of the website.
So, is there a way to be able to access a website running on my computer from the same network? Even if I have to use a specific app. I would like to use the same URL. dev.mywebsite.com and mywebsite.com run a on a server, sandbox.mywebsite.com is on my machine (this is the one I would like to access). I don't need to access to it remotely, just when I'm on my network is fine.
Note: I need to use the actual URL.
Thanks.
If sandbox.mywebsite.com maps to localhost on your computer, then by mapping sandbox.mywebsite.com in the hosts file of your phone to the local network IP address of your computer e.g. 192.168.1.9, you should be able to access it on the phone.
I have done this using android with hosts editor, connecting to apache running on an ubuntu laptop.
There are also many google results for this, so you may be able to find something there for your specific configuration.
I have deployed a WPF .NET4 application on my customer's network.
The network can ping the internet, but the PCs are not able to browse.
It takes about 60 seconds to start the application.
TcpView shows that the app is trying to communicate with these URLs:
customer.teliacarrier.com
office365.com
msgr.dlservice.microsoft.com
akamaitechnologies
If we open the internet and starts the application once everything work fine and we can close the firewall again.
Does anyone know why the app communicates on the URLs the first time???
The customer has solved the problem.
The firewall was configures to allow ping to all external sites.
When they changed the rule to not allow ping everything worked fine.
I think that .NET 4 uses some signed files that the machine tries to authenticate.
If you used ClickOnce deployment or 3rd party components the app might be looking for updates.
All of the URLs (except for the office365.com) refer to download/mirror sites.
You could try to have a look at the requests that are being send to get more details.
If you have signed your files they may be trying to authenticate against a Certificate Authority. Also - make sure you ngen your wpf files before delivery - this speeds up the first launch of the file (Regardless of reaching out to websites). http://msdn.microsoft.com/en-us/library/6t9t5wcf(v=vs.80).aspx
I have a wpf app that needs to communicate(exchange data) with a custom designed device (we can modify the code for the device). Do I have any options to connect to the device if it is behind a firewall via http? I was hoping there would be a method where the admin would not have to forward any specific ports or do anything on his end. I assume the issue is how would I address the device from my app. I know SOAP over SMTP is one option. Is another option where the device could chatter out to my application via http?
This problem is solved by relay services like Yaler or My-devices (I did not test this last one).
UPNP is supported by some firewalls to simplify this. Otherwise you are usually stuck opening ports on the firewall manually or using some 3rd party proxy server for a rendezvous server.
A lot of firewalls are setup to allow access on port 80 (HTTP) otherwise the users wouldn't be able to browse web sites on the internet. You can try and see if port 80 is open to traffic. If you can modify the code for both the device and the client you can use port 80 to communicate with your own protocol - you don't necessarily need to use HTTP.
Any kind of RESTful architecture over http will do it. If this is the best option for you depends on what APIs / libraries are available on your custom device.