Sniffer https connection over Android
- 1. 如何監聽Android網路路 通訊(HTTPS) Sniffer https connection over Android Hsieh, En-Ping shieh.npin@gmail.com Revised by Cindy xuechenc13@gmail.com
- 2. Advantage of using https • 更更安全,確保資料傳輸過程中不會被竊聽。 HTTPS is more secure way to teleport sensitive information. • Android (逐步)和 iOS(強制)都在推⾏行行全⾯面使⽤用HTTPS進⾏行行資 料傳輸。 Both Android and iOS are asking developer to transfer data via HTTPS. https://techcrunch.com/2016/06/14/apple-will-require- https-connections-for-ios-apps-by-the-end-of-2016/
- 3. Disadvantage of using https • 但也造成難以偵錯和除錯。 But it makes debug much harder and harder. • 通常只能藉由3rd lib提供函式庫去監聽網路路變化,如 OkHttp interceptor 或 Stetho。 The alternative way is using interpolator suppled by 3rd library, such as OkHttp interceptor or Stetho. • 這意味著要程式碼必須修改。 But it also means the codebase must be modified.
- 4. ⿂魚與熊掌不可兼得? Is it possible to have your cake and eat it too?
- 9. Charles ProxyAndroid Server Request cert from Server Replace Android to request Server cert Send real cert to Proxy Send fake cert to Android Use public key from fake cert to encrypt Session key Trust Charles Signed cert Intercept and decrypt the session key, and then encrypt it with public key extracted from real cert and send it to Server Send real confirmation response to ProxySend fake confirmation response to Android Android believe it’s communicating with Server Server believe it’s communicating with Android
- 10. 硬體 • ⼀一台無線路路由器(iPhone/Android/AP) A wireless router. • Android⼿手機 An Android phone. • 電腦 A computer.
- 11. Let's get our hand dirty!
- 12. 電腦環境設置(Mac) • 安裝Charles Proxy Install Charles Proxy.
- 13. 憑證設置 • 將Charles的憑證安裝⾄至Mac Then Install Cert for Charles Proxy.
- 14. 1. 2. 3. 4. 5. • 讓電腦(Mac)信任該憑證 Make your computer trust the cert.
- 15. • 設定監聽所有的http連線 Config to record all http connection. HTTP監聽設置
- 16. • 設定監聽所有的https連線 Config to record all https connection. HTTPS監聽設置
- 17. • 設定Proxy監聽port(請使⽤用未被佔⽤用的port) Setup the listening port for proxy(choose available port). Proxy設置 請記住這組Port Please note this port number.
- 18. • 確認(開啟) 監聽 Start recording. Proxy設置 紅燈代表開啟 Red light means it is recording.
- 19. • ⽤用Charles 檢視主機IP位址· Check your computer ip address by Charles. 確認IP位址 請記住這組IP Please note this ip address.
- 20. ⼿手機Wifi設置 • ⽤用剛才記下的資訊設定WIFI 的proxy ip和port Configure WIFI and its proxy settings that you previously noted. • 連上Wifi並讓⼿手機和電腦處在 同個網域 Connect to wireless router and make sure that both your device and computer are belong to the same subnet.
- 21. Check point • 這時候你應該會看到⼀一個連線提⽰示。 You should see the following alert when your device connects to WIFI.
- 22. Trouble shooting • Q: 沒有跳出連線提⽰示? Q: I didn’t get any alert coming when device was connected. • A:試著觸發⼀一下網路路連線,然後觀察Charles 視窗左下⾓角有沒 有類似的訊息,可以直接在Charles>Proxy>Access Control Setting中⼿手動加入。 A:Try to invoke network behavior and check if any similar message on Charles GUI as in above figure. If so, there is you can add this ip from Charles>Proxy>Access Control Settings manually.
- 23. Trouble shooting • Q: 還是沒有跳出連線提⽰示? Q: Still, I didn’t get any alert coming when device is connected. • A:由於受到暫存的影響,請嘗試重開Charles, 重連 Android WIFI與徹底重開作為觸發的APP以便便讓改變發⽣生作 ⽤用。 A:Due to the influence of cache, please try to restart Charles, reconnect mobile device to WIFI and restart trigger app entirely.
- 24. Trouble shooting • Q: 我還是沒有看⾒見見任何連線提⽰示⽽而且毫無反應? Q: Unfortunately, I didn’t see an alert or indication of any kind on Charles GUI. • A:如果你是使⽤用wireless router,請確認你的router允許同 網域的機器互相連溝通,若若你⽤用⼿手機分享網路路,請關閉後 重開。 A:Verify that your router allows devices on the same subnet to connect to each other. If you’re using mobile phone as hotspot, please restart hotspot function and retry.
- 25. Trouble shooting • Q: 沒招了了>< Q: I gave up. • A:別忘記先關掉你的⾏行行動數據喔! A:Don’t forget to turn off your cellular data in first place.
- 26. ⼿手機憑證設置(Nexus) • ⽤用瀏覽器開啟http:// chls.pro/ssl並下載Charles 憑證 Browse http://chls.pro/ssl and download cert. • 請安裝下載好的憑證,請選 擇「VPN和應⽤用程式」 Please install the cert you just download, and select “VPN and application” option when installing. 別忘記重開Wifi Don’t forget to reconnect your wifi
- 27. All set!
- 28. 現在你可以⽤用Charles監聽 Now you can sniffer all connection through Charles.
- 29. Trouble shooting • Q:我看不到任何傳輸紀錄! Q:I can’t get any record on Charles! • A:⾏行行動數據關了了嗎?攔截規則設定了了嗎? A:Did you turn off your cellular data and setup recording rule?
- 30. Trouble shooting • Q:⾃自從我⽤用了了Charles Proxy之後Logcat⼀一直出現這個錯 誤! Q:I always get this exception from Android Logcat when I turn on the Charles proxy! • A:恭喜你!你的APP有查核憑證鍊鍊!解法下⾴頁。 A:Congrats! Your app is also verified the entire cert path. Solution is on next page. java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
- 31. Trouble shooting(Cont.) • 由於7.0的預設機制是不信任由使⽤用者加入的憑證,以確保 不會被⼈人偷植入惡惡意憑證來來竊取資料,但可以透過下列列⽅方 式讓Debug Mode時可以信任Charles 憑證。 By default Android Nougat (7.0) won’t trust the cert added by user in order to protect user privacy from malicious cert. But you can only allow this under debug mode by following tutorial. • https://android.jlelse.eu/android-nougat-charlesing-ssl- network-efa0951e66de
- 32. Trouble shooting • Q:我可以⽤用模擬器? Q:Can I use emulator? • A:可以,你可以透過下列列指令去設定讓模擬器走Proxy A:You can use following command to start emulator with assigned proxy. #emulator -avd avdName -http-proxy 168.192.11.7:8888 請注意這會將所有的連線都導向Charles,請記得為所有的TLS通訊協定(如MQTT)都設 定信任Charlse憑證,或是在Charles中排除部分SSL。 Warning! This command will redirect all connection from emulator to Charles, so please make sure all protocols over TLS trust Charles cert or exclude these SSL connection in Charles SSL Proxy setting.
- 33. Prevent MITM attack • 如果你希望防⽌止別⼈人透過Man-in-the-middle 去監聽你的資 料可以考慮Cert Pinning,概念念就是只信任打包在APK裡的 憑證,缺點是當憑證更更換時你的APP也必須強制更更新。 Man-in-the-middle attacks can be prevented by Cert Pinning. The core concept is ONLY to trust pre-installed cert which has already packed into your apk before the app release. In contrast, users are forced to upgrade applications every time you change cert on the server. Tutorial: http://blog.jln.co/android- %E4%BD%BF%E7%94%A8retrofit%E5%A6%82%E4%BD%95%E9%81%BF%E5%85%8Dman-in-the- middle%E6%94%BB%E6%93%8A/
- 34. 最後別忘記⽤用完關Proxy Don’t forget to turn off proxy after you finish it.
- 35. Q&A