I have spent a lot of time trying to configure the wifi on the GPE linux, I have very little experience with linux and I really don't know how to setup the adapter. My network is a B/G with DHCP and 128 bit WEP. I have set the data on a configuration tool but it doesn't seem to work. Can someone help me?
linux and wifi
I installed openmoko. For surfing the web i do:
- Open terminal
Code:
ifconfig wlan0 up
iwlist wlan0 scan
iwconfig wlan0 essid "my-essid"
ifup wlan0
Note: i don't use encryption, you can try: "iwconfig wlan0 key open (WEP-KEY)" after setting the essid, don't know if wep or wpa is supported.
Now i open the webbrowser and surf the web.
The resolution 640x480 is a pleasure but because of starting from sdcard the browser is slow.
Proxy, http analyzer, mitm, transparent proxy
NO NEED FOR ROOTED PHONE
Why would you use it:
- behind corporate firewall/proxy, needing to connect to squid, isa/forefront proxy with authentication
http://code.google.com/p/sandrop/wiki/HowToConnectToOtherProxy
- developer to examine http traffic, with embedded chrome devtools that can be used as ide
- security analyst examining how apps communicate with servers
- ...
Features:
- can act as pass-through proxy, traffic is not stored, ssl tunnel remains the same to server.
- capture,intercept request/response, replay, change before sending further
- can use client certificate to make connection to web server
- creates server certificates on the fly with proper host name
- transparent proxy needs superuser, su, iptables (1.4.10 or higher) to listens on port 80, 443
- request/response are stored as files so can be examined later on
- can bind only local or on all adapters
- client cache headers can be removed so content is always fetched from server (no 304 Not Modified responses)
- custom proxy plugins http://code.google.com/p/sandrop/issues/detail?id=31
- custom search criteria on show request/responses with scripting
- can connect to another proxy (Squid, ISA proxy, ForeFront TMG proxy) (basic, digest, ntlm authentication supported)
- can act as web server to filter/examine captured data
- can connect to insecure sites, switch on/off in preferences
- can use chrome devtools to examine captured data
- chorme devtools 3D panel
- websockets support
!!!!
there are ads on log tab and google analytic events on switching tabs
sorry for that
!!!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
custom proxy plugins:
manual requests:
market.android.com/details?id=org.sandroproxy
http://code.google.com/p/sandrop/
Proxy acts as SSL man-in-the-middle. It generates sites certificates on the fly.
Issuer is named UNTRUSTED.
Based on WebScarab so all credits goes there.
www.owasp.org/index.php/Category:eek:WASP_WebScarab_Project
********************
Requests/Responses are stored in getExternalCacheDir()
/mnt/sdcard/Android/data/org.sandroproxy/cache
http://developer.android.com/reference/android/content/Context.html#getExternalCacheDir()
There is no security enforced with these files. All applications can read and write files placed here.
********************
Use stock browser and change that wi-fi uses proxy on localhost:8008
code.google.com/p/sandrob/issues/detail?id=41#c27
Copy from app thread, because it can also be used as development tool.
For example to store application/server http/https comunication.
This is sweet, good job!
wow.. this is what I'm looking for...! thanks, downloading it.
is it tracking request from internet browser only or any request from every app and any protocol maybe? in spite of the title HTTP/HTTPS analyzer
Just for http/https.
It can act as
proxy -> you must specify proxy in browser settings
transparent proxy -> you must somehow change where tcp packets are going (iptables)
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
Now I am working on tab where redirection on phone can be done from gui for all processes that have network permissions.
It creates iptable rules as:
iptables -t nat -A OUTPUT -m owner --uid-owner <xxxxx> -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009
But still long way to make it work properly...
It can track any app that uses http/https.
Not quite sure about ports. Probably just 80/433 but I could change that can be value in preferences.
New feature: gui for process->trasparent proxy redirection
It activated additional iptables rules so the process is redirected to transparent proxy.
iptables -t nat -A OUTPUT -m owner --uid-owner <xxxxx> -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009
new feature: browser cache on/off
There is setting that removes browser cache headers.
dumb question: would your app help to make gTalk work on corporate networks protected by Forefront ?
Many thanks
Sorry, not yet.
Probably you need NTLM authentication to proxy?
Chaining Sandroproxy to ntlm proxy is on the list of future features.
I can't find it on the Market/Play crap.
Device: GT-i9100 on 4.0.3 rooted. Country: Greece
Current Operator:Vodafone GR, tried also with GR COSMOTE. Any ideas?
MemoryController said:
I can't find it on the Market/Play crap.
Device: GT-i9100 on 4.0.3 rooted. Country: Greece
Current Operator:Vodafone GR, tried also with GR COSMOTE. Any ideas?
Click to expand...
Click to collapse
I'm assuming you clicked on he link in the OP? Have you tried searching the Play Store from a browser while logged into Google? It will tell you if your device is compatible or not.
It should work on all devices from 2.3 OS up.
New feature: user custom proxy plugins
You can make your own custom plugin to handle http request/response flow
http://code.google.com/p/sandrop/issues/detail?id=31#c3
New feature: user custom CA certificate, import CA to android store
User can set custom CA for generating site certificates.
Or use generated one.
Password can be set. if not, default ("password") will be used.
There is option to store SandroProxy certificate in android store.
If custom, not generated is used, be careful that it contains BasicConstraints with isCA flag set to true.
Otherwise will not be recognised as CA certificate.
New feature: user custom search critera on show request/responses
User can specify with scripting (BeanShell) which request/responses are show on the list
http://code.google.com/p/sandrop/issues/detail?id=23
It does nothing...
Hi
I'm on a rooted xperia SK17i, I set it as transparent proxy, but it does collect nothing, does not display any app...
Should I use an external proxy app to redirect traffic on a specific port (for ex. 8008) on which sandroproxy is listening?
Transparent proxy setup for app
How to redirect app on device to local sandroproxy:
1. first you check on which app would you like to redirect to transparent proxy. APPS tab
2. check in preferences that transparent proxy is enabled. Transparent proxy = ON
3. check version of iptables. It should not be 1.3.x because have problems with nat table.
----You can fix iptables with this app from market
----https://play.google.com/store/apps/details?id=com.mgranja.iptables
4. start proxy
You can check iptables rules when proxy is active with Info Menu action.
Or from adb shell:
iptables -L
iptables -t nat -L
Publiuss said:
Hi
I'm on a rooted xperia SK17i, I set it as transparent proxy, but it does collect nothing, does not display any app...
Should I use an external proxy app to redirect traffic on a specific port (for ex. 8008) on which sandroproxy is listening?
Click to expand...
Click to collapse
Tried this on ICS9, iptables -V = 1.4.x, transparent proxy
HTTP traffic is pushing through the App with no problems. But HTTPS traffic capturing seems like not working...
Saw some FIX ME! comments in the log, maybe that's the reason?...
Proxy listening on 127.0.0.1:8010
Proxy listening on 127.0.0.1:8009
Proxy listening on 127.0.0.1:8008
Finished loading session from /mnt/sdcard/Android/data/org.sandroproxy/cache
Done!
Loading cookies
Loading urls
Loading conversations
Loading session from /mnt/sdcard/Android/data/org.sandroproxy/cache
Using CA from file: /mnt/sdcard/Android/data/org.sandroproxy/cache/.keystoreca
CA cert exported to /mnt/sdcard/Android/data/org.sandroproxy/cache/.keystoreca_export.crt
Loading keys from /mnt/sdcard/Android/data/org.sandroproxy/cache/.keystoreca
Using /mnt/sdcard/Android/data/org.sandroproxy/cache for data storage
client cert file name is not valid so it will not be used:/mnt/sdcard/cert.p12
#attach sandroproxy to INPUT chain
iptables -A INPUT -j sandroproxy
- successful.
#attach sandroproxy to nat PREROUTING chain
iptables -t nat -A PREROUTING -j sandroproxy
- successful.
#attach sandrop_proc to nat OUTPUT chain
iptables -t nat -A OUTPUT -j sandrop_proc
- successful.
#redirect outbound port from 443 to 127.0.0.1:8010
iptables -t nat -A sandrop_proc -m owner --uid-owner 10099 -p tcp --dport 443 -j DNAT --to 127.0.0.1:8010
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#logging before redirection is made to /proc/kmsg
iptables -t nat -A sandrop_proc -m owner --uid-owner 10099 -p tcp --dport 443 -j LOG --log-level debug --log-prefix "[NewConnection]" --log-uid
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#redirect outbound port from 80 to 127.0.0.1:8009
iptables -t nat -A sandrop_proc -m owner --uid-owner 10099 -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#logging before redirection is made to /proc/kmsg
iptables -t nat -A sandrop_proc -m owner --uid-owner 10099 -p tcp --dport 80 -j LOG --log-level debug --log-prefix "[NewConnection]" --log-uid
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#create sandro_proc chain
iptables -t nat --new sandrop_proc
iptables: Chain already exists.
- failed!
Error executing superuser commands: length=4096; regionStart=0; regionLength=-1
#redirect outbound port from 80 to 127.0.0.1:8009
iptables -t nat -A sandrop_proc -m owner --uid-owner 10052 -p tcp --dport 80 -j DNAT --to 127.0.0.1:8009
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#logging before redirection is made to /proc/kmsg
iptables -t nat -A sandrop_proc -m owner --uid-owner 10052 -p tcp --dport 80 -j LOG --log-level debug --log-prefix "[NewConnection]" --log-uid
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#create sandro_proc chain
iptables -t nat --new sandrop_proc
- successful.
#list of iptables
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
sandroproxy all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
all -- anywhere anywhere owner socket exists
Chain costly_shared (0 references)
target prot opt source destination
all -- anywhere anywhere owner socket exists
ACCEPT all -- anywhere anywhere
Chain sandroproxy (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
- successful.
#list of iptables nat
iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
sandroproxy all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain sandroproxy (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:www redir ports 8009
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8010
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
FIX ME! implement getprotobynumber() bionic/libc/bionic/stubs.c:456
- successful.
#redirect 443 to 8010
iptables -A sandroproxy -t nat -p tcp --dport 443 -j REDIRECT --to-port 8010
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#redirect 80 to 8009
iptables -A sandroproxy -t nat -p tcp --dport 80 -j REDIRECT --to-port 8009
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#create sandroproxy chain, , it could fail if already exist
iptables -t nat --new sandroproxy
iptables: Chain already exists.
- failed!
#accept connection on port 443
iptables -A sandroproxy -p tcp --dport 443 -j ACCEPT
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#accept connection on port 80
iptables -A sandroproxy -p tcp --dport 80 -j ACCEPT
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:450
- successful.
#create sandroproxy chain, it could fail if already exist
iptables --new sandroproxy
iptables: Chain already exists.
- failed!
Attaching iptables -L -t nat command
Capturing https is more tricky. It can be done but with some additional stuff.
When app make ssl request it states hostname.
If ssl server side certificate is not for the same hostname, by default connection is not trusted and dropped.
Sandroproxy has in settings that you can state name for generated certificate.
http://code.google.com/p/sandrop/issues/detail?id=40
Also you should put sandroproxy CA to android store.
http://code.google.com/p/sandrop/issues/detail?id=2
You can test if app will work if you make same request from browser and no popup that something is wrong with ssl appears.
If you redirect browser (native, opera, ...) to sandroproxy, and click continue on ssl popup, it will proceed.
To find out what kind of request app makes on ssl you should check in /proc/kmsg where iptables puts some info.
Or with this app.
https://play.google.com/store/apps/details?id=com.googlecode.networklog
FIX ME is from iptables command and will probably be gone in some new version.
Losik said:
Tried this on ICS9, iptables -V = 1.4.x, transparent proxy
HTTP traffic is pushing through the App with no problems. But HTTPS traffic capturing seems like not working...
Saw some FIX ME! comments in the log, maybe that's the reason?...
Attaching iptables -L -t nat command
Click to expand...
Click to collapse
Unfortunately...
I verified hostname by the NetworkLog app that you gave me... set it up in SandroProxy, checked HTTPS next to App, started service, exported and loaded sandroproxy CA... but app doesn't let me through, anyway. In Logs, app seems like trying to change SSL, maybe succeeds, maybe fails, I don't know:
Code:
Reading reqest from browser
Finished negotiating SSL - algorithm is SSL_RSA_WITH_RC4_128_MD5
Intercepting SSL connection!
However, browser works, and says certificate is valid for that hostname.
So... something's wrong with SSL. I guess I'll have to find other ways around (
Anyway, thanks for trying to help me, I appreciate donate it.
original source
To do this, you will need a server or vps with ssh enabled and a public ip address,
what we are going to do is to use the server as a tunnel to your Raspberry Pi like this:
Code:
Raspberry Pi ----> SERVER <---- A computer outside your home network
To make everything easier, configure your server to use public key authentication, so you
are not going to be asked for a password everytime you connect.
First of all, put your ssh key inside ~/.ssh/ BOTH of your raspberry and the computer you
want to use to access the RPI, then we we'll configure the server to tunnel connections
to the bind address we specify, so edit your server /etc/ssh/sshd_config and add at the end:
Code:
GatewayPorts clientspecified
Now we are ready, open a screen session on your raspberry and type:
Code:
ssh -R your-server-interface-ip:2222:localhost:22 [email protected]
So, if you want the SSH port to be tunneled only on the server localhost, you shall type:
Code:
ssh -R localhost:2222:localhost:22 [email protected]
Otherwise, if you want it to be tunneled on the public ip address:
Code:
ssh -R your-server-address:2222:localhost:22 [email protected]
Now you are ready, if you used the localhost bind interface, you can reach your RPI connecting
to your server and then, from the inside of the ssh session type:
Code:
ssh -p2222 [email protected]
Else, if you choose the public ip, you will simply connect with:
Code:
ssh -p2222 [email protected]
Enjoy ^_^
Dynamic DNS
Your home connection may not have a static IP address, so most home routers now give the option of filling in dynamic DNS account information that will assign a hostname to your IP address automatically. This means you don't have to keep track of your IP address manually.
Google for "how to set up dynamic dns" -- Wired.com has a nice step-by-step tutorial. (Can't post links yet. :-/) I use DynDNS as my provider, they allow you to set up a hostname using their domains for free.
=RV=
redvelociraptor said:
Your home connection may not have a static IP address, so most home routers now give the option of filling in dynamic DNS account information that will assign a hostname to your IP address automatically. This means you don't have to keep track of your IP address manually.
Google for "how to set up dynamic dns" -- Wired.com has a nice step-by-step tutorial. (Can't post links yet. :-/) I use DynDNS as my provider, they allow you to set up a hostname using their domains for free.
=RV=
Click to expand...
Click to collapse
Considering in this tutorial i've suggested a dedicated server as tunnel, i don't get why static/dynamic ip address of your home network is important ....
control rpi over nat by http
The hopmsg.com allows you the make a free message channel by creating a random key for free (no registration,login,etc) which can be used to get status / send command to your rpi:
1, Simplest way to Send/Receive message from any kind of OS/browser/platform just by clicking on a link, only need to know the ID of your msg!
Example: set your message by opening a link : hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY&value=message
get your message from any device by opening: hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY
or use the Android App to get/set it.
2, Control your device inside Nat/Lan
Example: set your command by opening a link : hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY&value=command
get your command from any device by opening: hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY
or use the Android App to get/set it.
3, Basic monitoring system
Bash script checking uptime:
UP=`uptime | sed -e 's/ /_/g'`; curl "hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY&value=`echo ${UP}`"
and use the Android App or a browser to check the status of the device.
4, Get your IP address, the message source, poor man's dyndns
If you set some values, with src=1 parameter your IP and the UTC time also added to your message
Example:
hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY&value=VALUE&src=1
wget -qO- hopmsg.com/ctl.php?id=YOUR_UNIQUE_KEY > result.txt
to use with some script.
Hi,
another option is dataplicity , very easy installation , 0 configuration and really good features
Hello everyone,
I'm making a IP Scanner app in Android Studio. I have successfully checked if a PC in my LAN is Alive or Dead. But I also want to show the PC name against the IP Address.
I searched on Internet and all the solutions I found just return me the IP Address but the hostname like.
Code:
InetAddress inetAddr;
inetAddr = InetAddress.getByName(host.hostname);
String hostname = inetAddr.getHostName();
String canonicalHostname = inetAddr.getCanonicalHostName();
I also tried to execute ping -a [IP Address] in Android Terminal that also returns me IP Address not Host Name.
But If I do ping -a [My Local IP] than it returns local-host but for all other IP's it doesn't work.
This is also not a DNS issue as someone suggested on Stackoverflow, because on my windows 7 machine I'm able to resolve the hostname using ping -a [IP Address]
Both my windows machine and Android phone getting their IP from DHCP and all other settings like DNS, Gateway are same for both devices.
This was fairly easy in .Net as I have created a IP Scanner in .Net, but in Java I haven't found a solution for this yet.
Hope someone will provide a solution
Thanks
So I figured I post a guide here for any of you having trouble routing a VPN through the wifi tether interface.
Before I start, you must have a root! Which means this will only work on international varients of the Galaxy S8/S8+ with unlocked bootloader's.
There are plenty of guides online on how to root.
First off, native tethering does NOT use the wlan0 as the interface! Instead the Galaxy S8/S8+ use an interface named swlan0. This means forget all the apps you may have been using like "Android Wifi Tether" etc. You will have to do this manually.
How to setup your phone:
1. First off start buy downloading a VPN app from the play store. My preferred app is "NordVPN" as they offer Netflix and Hulu access. Yes, NordVPN does cost money so your welcome to use any VPN of your choice.
2. Now download an app called "Scripter" from the play store and open it. https://play.google.com/store/apps/details?id=com.faziklogic.scripter
3. Click "Create Script"
4. In the first box name it anything you want like "Tether Hack"
5. In the second box labeled "Commands" copy and paste the below code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev swlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev swlan0 scope link table 61
And click "Save"
6. (Optional) Download an app called "Wifi Hotspot Widget" https://play.google.com/store/apps/details?id=com.aiuspaktyn.hotspot so you can add it to your home screen layout for quick access to start Android's wifi tethering feature. While your at it make a quick shortcut of the VPN app you chose and the "Scripter" app so you can easily start the tethering with VPN.
7. Now the fun parts, start you VPN first. Then start your Android wifi tethering feature. Finally, open the "Scripter" app and select the script you made earlier. It will ask if you want to run the script, click "YES".
8. Done! Now go ahead and test it out by connecting your computer to the wifi access point you made and visit a website to verify your VPN is working.
Keep in my mind the biggest advantage to this aside from security is that this will NOT use your carriers tethering data usage. So if you have unlimited data but only 7GB of tethering with this trick you WILL have UNLIMITED tethering.
If you have any questions or liked this post please feel free to comment below or PM me anytime!
Reserved
thanks
mfoster978 said:
So I figured I post a guide here for any of you having trouble routing a VPN through the wifi tether interface.
Before I start, you must have a root! Which means this will only work on international varients of the Galaxy S8/S8+ with unlocked bootloader's.
There are plenty of guides online on how to root.
First off, native tethering does NOT use the wlan0 as the interface! Instead the Galaxy S8/S8+ use an interface named swlan0. This means forget all the apps you may have been using like "Android Wifi Tether" etc. You will have to do this manually.
How to setup your phone:
1. First off start buy downloading a VPN app from the play store. My preferred app is "NordVPN" as they offer Netflix and Hulu access. Yes, NordVPN does cost money so your welcome to use any VPN of your choice.
2. Now download an app called "Scripter" from the play store and open it. https://play.google.com/store/apps/details?id=com.faziklogic.scripter
3. Click "Create Script"
4. In the first box name it anything you want like "Tether Hack"
5. In the second box labeled "Commands" copy and paste the below code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.43.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.43.0/24 dev swlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev swlan0 scope link table 61
And click "Save"
6. (Optional) Download an app called "Wifi Hotspot Widget" https://play.google.com/store/apps/details?id=com.aiuspaktyn.hotspot so you can add it to your home screen layout for quick access to start Android's wifi tethering feature. While your at it make a quick shortcut of the VPN app you chose and the "Scripter" app so you can easily start the tethering with VPN.
7. Now the fun parts, start you VPN first. Then start your Android wifi tethering feature. Finally, open the "Scripter" app and select the script you made earlier. It will ask if you want to run the script, click "YES".
8. Done! Now go ahead and test it out by connecting your computer to the wifi access point you made and visit a website to verify your VPN is working.
Keep in my mind the biggest advantage to this aside from security is that this will NOT use your carriers tethering data usage. So if you have unlimited data but only 7GB of tethering with this trick you WILL have UNLIMITED tethering.
If you have any questions or liked this post please feel free to comment below or PM me anytime!
Click to expand...
Click to collapse
Well cool. Cheers. You just breathed new life into an old fossil. Now I have a new target; something of interest to code for. ??