Hey Guys,
in germany we just connect (3G) behind T-Mobile NAT. I want to have a fix ip address with dyndns. Behind a NAT this is not possible. Can anybody help me to solve this problem.
is there a possibility to configure a openvpn-server on cyanogen. Have anybody already make this?
In the cyanogen mod 4.1.999 there were following programs: dropbear, openssl and openvpn or were these programs for client mode configuration?
I couldn't find anything for a server mode. I found a openvpn-monitor.apk which doensn't hava a function.
Thanks for help!
You can use dyndns.org to map your current IP to a domain. If your Router supports it, it can do this automatically. If not, you have to manually run an app.
nschargitz said:
In the cyanogen mod 4.1.999 there were following programs: dropbear, openssl and openvpn or were these programs for client mode configuration?
I couldn't find anything for a server mode. I found a openvpn-monitor.apk which doensn't hava a function.
Click to expand...
Click to collapse
No, only the client binaries are included. If you need a server version for your handset you will need to either compile it yourself or find someone who has done the work for you. But as far as I know there are no ROMs that include those server binaries (except for maybe a copy of sshd).
traspler said:
You can use dyndns.org to map your current IP to a domain. If your Router supports it, it can do this automatically. If not, you have to manually run an app.
Click to expand...
Click to collapse
I guess the router doing the NAT is not located in his living room but in some server room operated by T-Mobile, so port forwarding or something like that is not an option.
I have the same problem at the moment, T-Mobile assigns me a private IP like 10.0.3.21 which cannot be accessed from the internet even with DynDNS or something like that.
If I come to a conlusion that to try to make my SSH accessible from the internet, I will post it, of course.
Hello,
thanks for reply! But i dont wont access my g1 over a home network. When i want to do this, i connect via telnet or something else. Because my router give me a static IP or a static DHCP IP.
I want to access to my g1 over umts (mobile). I have tried to access my g1 with an dyndns app in the market. In the descriptions of the app was a info that says, in germany with t-mobile contract it doesn´t works.
Have anybode compiled a openvpn-server app?
Thanks!
openvpn has just one program for its peer-to-peer, client, and server modes. There is no separate server.
I've received my Dream yesterday and the wi-fi is painfully slow. At first it didn't work at all, so I entered all settings by hand, assigned it a static IP address and other stuff. Then it worked, albeit very slowly. So, here's what you need to do if your wi-fi isn't too fast.
Go to Wi-Fi settings, press Menu and select Advanced Settings. On your computer (if you're using an unix based OS, at least - can some Windows guru help me out with this?), get to a terminal emulator and type:
Code:
ifconfig en1
This should give you output like this:
Code:
Wiktoria:~ Nekkoru$ ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:1c:b3:bd:b9:cb
inet6 fe80::21c:b3ff:febd:b9cb%en1 prefixlen 64 scopeid 0x6
inet 192.168.55.102 netmask 0xffffff00 broadcast 192.168.55.255
media: <unknown subtype>
status: active
Wiktoria:~ Nekkoru$ [CODE]
The IP address after inet (192.168.55.102 in my case) is what you're after. On your phone, enter your IP address as the IP adress you got, with the last block changed to anything that's not being used on your network. I assigned 192.168.55.69 to my phone, because it's easy to remember and it's kind of childish.
Now, your "Gateway" should be your router's IP address. Your router's IP should be specified in it's manual - or your system settings. Your subnet mask should always be 255.255.255.0.
We need your DNS settings now - this is where most of us screw up and this is what you need to fix the most. Go back to your computer's terminal and type in
[CODE]dig
Look at the bottom. You're interested in a line that says "SERVER: xxx.xxx.xxx.xxx". That's your primary, first DNS. If you give that to your phone, your wi-fi should work way faster. Set it up as the second DNS as well, unless you know a better DNS server than your ISP's (anyone?).
I'm sorry this got so complicated, but that's the best way to set up your G1's internet if it gives you any trouble. I hope I helped somewhat.
Hi all,
i want to use Reverse USB Tethering in Samsung galaxy s..
i know WiFi hot-spot option.but,i am interested in USB connection(like HTC Desire HD internet pass through feature)
i searched the google & our forum...but i am not getting correct solution for (windows +Reverse USB Tethering in Samsung galaxy s) this, some one please help me..
note:-
http://blog.mycila.com/2010/06/reverse-usb-tethering-with-android-22.html
thanks in advance..
yes i want it too
Me too! If it's possible..
+1
Mee too want this feature.
My search button shows .
http://forum.xda-developers.com/showthread.php?t=939806&highlight=USB+-internet+passthrough
jje
Hi jje,
yes..it shows same query(created me)..sorry for conflicting the thread..
any way i got short-time work order solution:-
1.connect mobile to system using usb
2.in mobile setting-->wireless and network-->tethering--->enable USB tethering.
3.in system you may get one more "local area connection 2 (or X)", just set ip to 192.168.2.1 and mask 255.255.255.0.
4.just in enable primary Local area connection" enable ICS to "local area connection 2 (or X)"
3.in mobile user terminal emulator to type following cmd.
ifconfig usb0 192.168.2.2 netmask 255.255.255.0 up
route add default gw 192.168.2.1 dev usb0
iptables -F
iptables -F -t nat
setprop net.dns1 8.8.8.8
setprop "net.gprs.http-proxy" ""
4.thats all you will get internet browsing option in mobile.it will work only browsers and you tube.etc... it will not work android market.
5.if your networking having proxy also will work.(if you facing problem try to use proxy application)
Hi android seniors,
i am looking longtime for this solution as feature in ROM like Darkey or insanity(both good mod/rom creators.).etc...
as of now no answers(because they are BC in ROM optimize and performance improvement).
any way this is iptable-nat related operation..
some one helping to invent feature in SGS ROM then very very good.
note:-
i thing we can duplicate the formula(method) what HTC usinging in internet pass-through (it will not illegal)
Thanks in advance...
can you explain it more? Did you use Xp or 7?
1- just in enable primary Local area connection" enable ICS to "local area connection 2 (or X). How will we do this in XP?
2- setprop "net.gprs.http-proxy" "" What does this mean? What will we actually type at terminal?
3- iptables -F . I get iftables not found error.
mycila blog has some info but i could not understand.
hi yken,
i tested windows 7 but windows Xp also will work...
just type setprop "net.gprs.http-proxy" "" actually it is redirecting to GPRS connection..i thing..not sure..
iptables is the cmd...find the attachment you can copy to /system/bin/
Any developers willing to take this one or make it a bounty ? Am sure there are many who would be willing to pay for such an app.
Android experts.. Need your help... I am willing to donate
You have always been helpful.. need your help again now..
Mee too want this feature!!!
i am also ready to donate if we get a app for same.
No credit to me please.
I modified the script attached in http://forum.xda-developers.com/showthread.php?t=1366934, for LG Revo.
I merely changed /bin/hostname to /system/xbin/hostname, which is the correct path to access the hostname command in GingerVolt 1.3
Run using script manager, (su and on-boot).
Why change hostname ? Well by default the hostname is something like 'android_<IMEI-NO>', which is way too long, and makes it difficult to spot your device in your routers 'attached devices' log.
Change the "LGRevo" in the line "devName=LGRevo", to what ever hostname you like.
Code:
#!/system/bin/sh
#change devName to whatever you want.
devName=LGRevo
if [ "$(/system/xbin/hostname)" = "$devName" ] && [ "$(getprop net.hostname)" = "$devName" ]
then
echo "Device hostname does not need to be changed."
else
echo "Device hostname is being changed to $devName."
/system/xbin/hostname $devName
setprop net.hostname $devName
if [ "$(/system/xbin/hostname)" != "$devName" ] && [ "$(getprop net.hostname)" != "$devName" ]
then
echo "Device hostname has not been changed."
else
echo "Device hostname has been successfully changed."
fi
fi
gumnaam.sur said:
Why change hostname ? Well by default the hostname is something like 'android_<IMEI-NO>', which is way too long, and makes it difficult to spot your device in your routers 'attached devices' log.
Click to expand...
Click to collapse
Nice find, just a quick question though.
Is there any way you could elaborate a little more on this? Why is shortening the hostname and making it easier to find in the "attached devices" log important?
More explanation on why change the hostname....
As of this writing I have about 6 android devices connected to my home wifi router. Most wifi routers have a page which shows the details of attached devices. This helps you to determine if any unwanted device has managed to hook on your wifi etc.
With the default hostname like 'android_<IMEI-NO>', the list of attached devices is hard to de-cipher. So changing the hostname enables me to make some sense out of the 'attached devices' page. I know exactly which device has hooked to my router.
Secondly, on my router's config, I have assigned static DHCP for all these devices, and also entered them in the DNS. That way each device can talk to another if needed, say over 'SMB' / 'SSH', simply by using the other device's hostname, w/o having to remember each devices IP.
Makes sense ?
gumnaam.sur said:
More explanation on why change the hostname....
As of this writing I have about 6 android devices connected to my home wifi router. Most wifi routers have a page which shows the details of attached devices. This helps you to determine if any unwanted device has managed to hook on your wifi etc.
With the default hostname like 'android_<IMEI-NO>', the list of attached devices is hard to de-cipher. So changing the hostname enables me to make some sense out of the 'attached devices' page. I know exactly which device has hooked to my router.
Secondly, on my router's config, I have assigned static DHCP for all these devices, and also entered them in the DNS. That way each device can talk to another if needed, say over 'SMB' / 'SSH', simply by using the other device's hostname, w/o having to remember each devices IP.
Makes sense ?
Click to expand...
Click to collapse
Oh ok cool! I never even thought of doing it so it's easier to check for unwanted devices. Very nice find, thanks!
Hello - Does anyone have a step by step on how to intercept SSL App Store traffic using BURP and a Windows 8 phone? I know that installed the BURP cert onto the phone is required. So steps on how to do this on the Windows 8 Phone would be great appreciated.
shadowD1026 said:
Hello - Does anyone have a step by step on how to intercept SSL App Store traffic using BURP and a Windows 8 phone? I know that installed the BURP cert onto the phone is required. So steps on how to do this on the Windows 8 Phone would be great appreciated.
Click to expand...
Click to collapse
Whatever you're trying to do, it probably won't work due to certificate-pinning.
DaviUnic said:
Whatever you're trying to do, it probably won't work due to certificate-pinning.
Click to expand...
Click to collapse
The App does not use cert pinning.
The store does. This basically eliminates any possibilities of MITM attacks without having the root MS certificate.
DaviUnic said:
The store does. This basically eliminates any possibilities of MITM attacks without having the root MS certificate.
Click to expand...
Click to collapse
Correct..the store does. But I have sideloaded an app from a client that is having a pen test done. Therefore no cert pinning.
*SIGH* stop assuming things, people. Burp Suite is a *very* standard pen-testing tool. "The App does not use cert pinning" was a dead giveaway that the OP was talking about pen-testing a mobile app.
In theory, the process is really simple. Export the Burp public CA (Proxy -> Options -> Proxy Listeners -> CA certificate; make sure to rename it as a .CER file) and send it to the phone (Bluetooth, email, etc.; you should get a prompt to import the cert). Unfortunately, Burp is kind of lazy about how it generates its root certificates, so by default, the phone doesn't treat them as CA root certs. You can generate a custom cert manually and install it on the phone + have burp use it, but that's only going to work for one domain at a time and is a total pain. The other approach that I've found to work (which is silly, but hey, it *does* work) is to do the following:
1) Install Fiddler along with Burp (if you're not on Windows, you can probably use Fiddler via Mono).
2) Run Fiddler, enable SSL interception, disable automatic platform proxy configuration, set the proxy to listen on external connections, and install its root CA cert to the phone (similar to the way you do it from Burp).
3) Set the phone's WiFi proxy options to connect to the Fiddler IP and port.
OK... so far, you're now in a position to intercept traffic. If all you need is basic proxying, this is actually sufficient all by itself, and Fiddler does have a few cool features of its own. However, if you need real pentesting tools, like Burp Suite provides, there's a way to get that anyhow:
4) Run Burp, and set it to listen on a different port than Fiddler is using.
5) In Fiddler's options, configure it to use Burp as the upstream proxy.
6) Disable interception in Fiddler (so you don't have to manually forward traffic all the time) and proceed to use Burp as normal.
Yes, this is silly. It's the easiest solution I've found thus far, though, and I've used it myself.
Heh... I probably just gave technical advice to a competitor. Ah well. Good luck breaking stuff!
GoodDayToDie said:
*SIGH* stop assuming things, people. Burp Suite is a *very* standard pen-testing tool. "The App does not use cert pinning" was a dead giveaway that the OP was talking about pen-testing a mobile app.
In theory, the process is really simple. Export the Burp public CA (Proxy -> Options -> Proxy Listeners -> CA certificate; make sure to rename it as a .CER file) and send it to the phone (Bluetooth, email, etc.; you should get a prompt to import the cert). Unfortunately, Burp is kind of lazy about how it generates its root certificates, so by default, the phone doesn't treat them as CA root certs. You can generate a custom cert manually and install it on the phone + have burp use it, but that's only going to work for one domain at a time and is a total pain. The other approach that I've found to work (which is silly, but hey, it *does* work) is to do the following:
1) Install Fiddler along with Burp (if you're not on Windows, you can probably use Fiddler via Mono).
2) Run Fiddler, enable SSL interception, disable automatic platform proxy configuration, set the proxy to listen on external connections, and install its root CA cert to the phone (similar to the way you do it from Burp).
3) Set the phone's WiFi proxy options to connect to the Fiddler IP and port.
OK... so far, you're now in a position to intercept traffic. If all you need is basic proxying, this is actually sufficient all by itself, and Fiddler does have a few cool features of its own. However, if you need real pentesting tools, like Burp Suite provides, there's a way to get that anyhow:
4) Run Burp, and set it to listen on a different port than Fiddler is using.
5) In Fiddler's options, configure it to use Burp as the upstream proxy.
6) Disable interception in Fiddler (so you don't have to manually forward traffic all the time) and proceed to use Burp as normal.
Yes, this is silly. It's the easiest solution I've found thus far, though, and I've used it myself.
Heh... I probably just gave technical advice to a competitor. Ah well. Good luck breaking stuff!
Click to expand...
Click to collapse
You are always such a a help on these boards. It's great. Would the same be true if using the emulator? Or would that differ?
The emulator is a full virtual machine, so it almost certainly has its own cert store (instead of using the host system's store) and therefore you'd have the same problems. I'm not even sure how practical it would be to install the cert to the emulator; I've never tried. If you have the source, you could temporarily disable cert checking in the app I guess... but then, that's one of the most common findings I have with mobile apps, so don't do that unless you've tested the default SSL configuration very closely.
Also, I'm not actually sure how to set the proxy in the emulator. I've never tried before. Probably just easier all around to use a real phone.
Burp isn't showing traffic
GoodDayToDie said:
The emulator is a full virtual machine, so it almost certainly has its own cert store (instead of using the host system's store) and therefore you'd have the same problems. I'm not even sure how practical it would be to install the cert to the emulator; I've never tried. If you have the source, you could temporarily disable cert checking in the app I guess... but then, that's one of the most common findings I have with mobile apps, so don't do that unless you've tested the default SSL configuration very closely.
Also, I'm not actually sure how to set the proxy in the emulator. I've never tried before. Probably just easier all around to use a real phone.
Click to expand...
Click to collapse
Ok...stupid question regarding:
5) In Fiddler's options, configure it to use Burp as the upstream proxy.
I went into Fiddler and selected WinINET options to set Burp as the upstream proxy. So, in Burp, I have it listening on port 8080, All Interfaces, and Generate CA-Signed per host cert. Now in the WinINET (IE Settings), I have port 8080 but I'm not sure what to to put in for the Address field. Do I put my machine name or a specific ip? Burp is listening on all interfaces, so I obv don't want to put in localhost or 127.0.0.1. I also have the WP8 wifi settings to point to my machine name and fiddlers port 8888. I can see the traffic in Fiddler but not burp.
Please help. Thank you
First of all, I said in Fiddler's settings, not in WinINET ("Internet Options"). Tools -> Fiddler Options... -> Gateway -> Manual proxy configuration -> localhost:<PORT>.
With that said, you can just use the system proxy settings too (that's the default behavior in Fiddler); I don't recommend it though because then everything on your box will route through Burp which has unfortunate impacts on network performance and RAM usage.
Internet Properties -> Connections -> LAN settings -> "Use a proxy server for your LAN" -> Address: localhost, Port: <PORT>
In both cases, "<PORT>" means whatever port Burp is listening on (8080). I have no idea what you mean by "Burp is listening on all interfaces, so I obv don't want to put in localhost or 127.0.0.1" given that
A) that is exactly what you want to do
B) there is nothing I can think of that would even remotely lead to believe otherwise.
Granted, loopback is not an explicit network interface on Windows the way it is on Linux, but it is still treated as one in the kernel. Listening on "all interfaces" just means the socket was bound to 0.0.0.0 (or IPAddress.Any in .NET; there's an equivalent option in Java). Listening on 0.0.0.0 will get messages routed both through external interfaces and through localhost (127.0.0.1), or localhost wouldn't be nearly as much use...
GoodDayToDie said:
First of all, I said in Fiddler's settings, not in WinINET ("Internet Options"). Tools -> Fiddler Options... -> Gateway -> Manual proxy configuration -> localhost:<PORT>.
With that said, you can just use the system proxy settings too (that's the default behavior in Fiddler); I don't recommend it though because then everything on your box will route through Burp which has unfortunate impacts on network performance and RAM usage.
Internet Properties -> Connections -> LAN settings -> "Use a proxy server for your LAN" -> Address: localhost, Port: <PORT>
In both cases, "<PORT>" means whatever port Burp is listening on (8080). I have no idea what you mean by "Burp is listening on all interfaces, so I obv don't want to put in localhost or 127.0.0.1" given that
A) that is exactly what you want to do
B) there is nothing I can think of that would even remotely lead to believe otherwise.
Granted, loopback is not an explicit network interface on Windows the way it is on Linux, but it is still treated as one in the kernel. Listening on "all interfaces" just means the socket was bound to 0.0.0.0 (or IPAddress.Any in .NET; there's an equivalent option in Java). Listening on 0.0.0.0 will get messages routed both through external interfaces and through localhost (127.0.0.1), or localhost wouldn't be nearly as much use...
Click to expand...
Click to collapse
Fiddler gateway manual setting worked. Appreciate your time and help. Sorry if my last post was confusing or stated wrong.
shadowD1026 said:
Hello - Does anyone have a step by step on how to intercept SSL App Store traffic using BURP and a Windows 8 phone? I know that installed the BURP cert onto the phone is required. So steps on how to do this on the Windows 8 Phone would be great appreciated.
Click to expand...
Click to collapse
I know your question is related to "Burp" but then too felt like sharing a simple and elegant way to intercept SSL traffic for windows phone 8.
This blog contains step-by-step tutorial to set up traffic interception (both HTTP and HTTPs).
rikk(dot)it/blog/capture-windows-phone-8-network-traffic-with-fiddler/
:good:
Best way to do it...
shadowD1026 said:
Hello - Does anyone have a step by step on how to intercept SSL App Store traffic using BURP and a Windows 8 phone? I know that installed the BURP cert onto the phone is required. So steps on how to do this on the Windows 8 Phone would be great appreciated.
Click to expand...
Click to collapse
You can do it very easy. Default cert file' type of burp is "cacert.der", which is not recognized by windows phone. therefore, you can open 127.0.0.1 8080 which is the burp listener on your PC, then you will see the burp page, click on the "CA Certificate". then you will see the cacert.der is downloading. TIP: You must rename it. YES, you must rename it to "cacert.cer". then push it to your windows phone (e.g. by sending email to your inbox in you WP).
It is the time to open that file in your windows phone, then press install button. Finish.
"I decided to write things that I learned by experience. We always use the other's experiences by searching the web, but how much we pay time to write our experiences?"