[Q] Monitoring SSL data from my proxy - AT&T Samsung Galaxy S6

I have a need to see all of the traffic from my Android (sent/received via WiFi). I have a squid proxy with ssl bump working. However, for that traffic which is does not originate with a browser, I cannot get the device to accept the certificate which squid provides (this is an untrusted cert). I can root the phone if necessary. It appears to me that I either need to turn off cert validation at a very low level, or make my cert a look like a valid one. I have added my cert to the exception list on the phone and that didn't change anything. I am not interested in packets from email or most apps. Only from the OS itself.
Any ideas?

Related

ActiveSync SSL cert problems

Hi,
I've recently brought an O2 XDAIIi and am just getting it set up now. All is well other than an INTERNET_55 error in activesync when trying to sync with my exchange server (actually an SBS 2003 box). I understand this is an SSL cert error and that my device requires my server root cert.
I've copied addrootcert.exe onto the device and what I thought was the correct cert from the server. I can install it fine but continue to get the same error so I'm assuming I've added the wrong cert? I'm obviously not as up to speed with SSL as I should be so here's how I got the cert I installed:
From mmc with certificates (local computer) snap in loaded, expand personal then certificates. Here I have 2 certs. FFDOM01 (the name of the server) and thesofa.homeip.net (my dyndns address). It's the second of these that I exported then installed on the device.
I'm sure that people must have come across this loads of times before but I can't find instructions on this site as to which cert I'm meant to use. I appreciate this is a bit of a noobie question but any step by step info would be greatly appreciated.
Thanks
Assuming that Certificate services is installed on your SBS server ( Not really played with SBS ) go to http(s)://<SBS Server>/Certsrv and from the Select a task menu select
'Download a CA certificate, certificate chain, or CRL' followed by 'Download CA certificate'
Its the root CA certificate that is required so that your XDA2i will trust your internal PKI (public key infrastructure).

Create a custom "hidden proxy"?

Hi Guys,
Does anyone know how i go about creating a hidden proxy? I tried looking at the settings of the at&t hidden proxy but can't seem to figure it out...
The problem is I cannot use the proxy setting under connection settings because it is already in use. My cellular operator has a monthly data plan of 100MB for 7,5€, but is limited to http traffic. This limitation is enforced by the use of a http proxy.
I'm running a http proxy server at home and would like to chain the proxies so that all requests would be formated to go to my server, through my operator's one. Is this possible?
Alternatively, does anyone know of a program that would allow me to chain proxies?
Thanks
I would also like to know if it is possible to create your own hidden proxy.
I use my tilt on T-Mobile and am also using the proxy to allow me to get unlimited internet access with the T-MobileWeb (Formerly T-Zones) for 5.99 a month.
However, using the proxy I am unable to use Apps such as remote desktop, windows live messenger, etc because for some reason they don't work with the proxy.
I was thinking that maybe using this hidden proxy instead of putting the proxy info in the connections settings would allow me to use these apps.
fdaupias said:
Hi Guys,
Does anyone know how i go about creating a hidden proxy? I tried looking at the settings of the at&t hidden proxy but can't seem to figure it out...
The problem is I cannot use the proxy setting under connection settings because it is already in use. My cellular operator has a monthly data plan of 100MB for 7,5€, but is limited to http traffic. This limitation is enforced by the use of a http proxy.
I'm running a http proxy server at home and would like to chain the proxies so that all requests would be formated to go to my server, through my operator's one. Is this possible?
Alternatively, does anyone know of a program that would allow me to chain proxies?
Thanks
Click to expand...
Click to collapse
Try using Mobile Profiler: http://www.iaccarino.de/silvio/stuff/MobileProfilerReadme.htm
Download it here: http://handheld.softpedia.com/get/System-Utilities/Mobile-Profiler-22304.shtml
Cheers,
Mitaka
If you cannot properly setup a visible HTTP proxy (for WiFi), how could you even think about an invisible proxy?
This device is crappy.
Almost
This looks like the beginnings of an excellent application, however, does anyone know of a program that will automatically switch various settings based on GPS location? I have been digging around for months trying to find a solution that will allow me to set up various "profiles" based on my GPS location, e.g. silent/vibrate, medium brightness, gprs connection enabled all other data connection disabled, while I am at work, and wifi on while im in major metropolition areas, and off while not, etc etc.. is this a pipe dream or has anyone stumbled across something similar?
also Im not sure why you want a "hidden" proxy, but this might be your solution:
http://forum.xda-developers.com/showthread.php?t=309108

[Off-Topic] How do I setup a connection to my home web server?

(Don't blame me for being long-winded, I'm just explaning the situation (why I want to do all these) and also to prevent people from asking questions such as "Why do you even want to host your website at home?")
I want to pay for web hosting, but, as a student, I can't. I also want to host all my Android Development on my site, apart from XDA and Samdroid. But, I can't use a credit card (obviously, my country dosen't allow ownage of CCs before 21), and free web hosts (sorry for shouting) S*CK. Slow loading, banning because of CPU-hogging/ too many cron jobs, etc, etc... Also, my parents are paranoid about their credit card details being sold online at exorbitant prices. I do understand that web hosting is expensive, and it is not really wise to allow free web hosting, and I do not want to blame them for banning me, hence I decided to host my website from home. *catches breath* I do have some prior knowledge of fixing stuff, and whipping old parts into one lean mean computing machine. I've set up the computer, and configured my router. I can view the web site (It's good'ol wordpress) when I typed my local IP into the web browser from another computer in the home network. But, when I tried to access using the public IP from my school, I cannot enter the site. I have previously configured port-forwarding. I used No-IP's dynamic DNS client in this case. When I checked my public IP using different websites, all gave me different information. One gave me an IP with 255.244.***.***, another gave me 157.209.***.***, and others gave me 255.250.***.***
1) How do I make sure that when someone types in a URL or IP, it will show me what I want them to show?
2) Why are different websites give me different public IPs? No, I don't have a firewall, or a proxy.
We need more information:
1. Who is your internet provider
2. How do you connect? ADSL/SDSL/T1/Dial up?
3. If its ADSL/SDSL then you'll have a router (unless they've given you a USB modem for it). We'll need to know what type.
4. What's your concection speed, both down and more importantly up.
Now, assuming your ISP doesn't give you web space that you could use, then you'll need the following:
You'll need a dynamic dns service, some are free.
You'll need a router which can forward http (TCP port 80) traffic from the internet to your web server.
Once the router is forwarding http traffic to the web server, people on the internet will be able to access your website.
If you want to access it using the same address then you'll have to update your hosts file on your computer.
For windows this is in C:\windows\system32\drivers\etc\hosts
Add an entry like:
dynamic dns web address IP address of webserver
So if you've set up arikyeo.dyndns.org and your webserver's internal IP address is 192.168.0.200 then you'd add the following to the hosts file:
arikyeo.dyndns.org 192.168.0.200
xaccers said:
We need more information:
1. Who is your internet provider
2. How do you connect? ADSL/SDSL/T1/Dial up?
3. If its ADSL/SDSL then you'll have a router (unless they've given you a USB modem for it). We'll need to know what type.
4. What's your concection speed, both down and more importantly up.
Now, assuming your ISP doesn't give you web space that you could use, then you'll need the following:
You'll need a dynamic dns service, some are free.
You'll need a router which can forward http (TCP port 80) traffic from the internet to your web server.
Once the router is forwarding http traffic to the web server, people on the internet will be able to access your website.
If you want to access it using the same address then you'll have to update your hosts file on your computer.
For windows this is in C:\windows\system32\drivers\etc\hosts
Add an entry like:
dynamic dns web address IP address of webserver
So if you've set up arikyeo.dyndns.org and your webserver's internal IP address is 192.168.0.200 then you'd add the following to the hosts file:
arikyeo.dyndns.org 192.168.0.200
Click to expand...
Click to collapse
I used No-IP dynamic DNS service, with their client. But, it didn't work. I am using Singtel as my ISP, with a Linksys B/G router. I have forwarded the port 80 to the IP, and set port 80 as an exception. I can view the site locally, but not from the outside world.
Setup your no ip on their site as a port 80 forward. Forward this to the local port on your computer that you are using for the server. Log into your router and port forward the same port that you put in for the no ip into the from and to ports section and be sure its forwarding to your lan ip. After this is done then try it.
Sent from my DROID2 using XDA App
I see that you have already been told how best to start your server. I can also recommend instructions for collecting server statistics https://www.host-tracker.com/Blog/server_m/ This will come in handy for you in the future. Here you can configure notifications for server failures.

[Q] Getting the App store to work over corporate domain Proxy server

One of my problem with just taking up the windows 8 phone challange is that inside a corprate network with a Proxy server in place that requires authentication the App store no longer works.
The advanced Wifi settings do not allow you to add a username / password to authenticate either and the browser setting don't allow you to enter anything regarding a proxy at all.
Has anyone got any ideas or developed anything to get around this problem?
The workarounds so far are to allow a seprate SID with open access as ISA servers even with a bypass rule fail to allow traffic for the APP store to pass.
Same here.
I can only browse with IE, I put the address of the proxy at the navbar (192.168...ect) then the IE ask for username/pass
i can,browse the internet, but the app store doesn't work, neither some apps like whatsapp for example
edit: same,with my wife's LG G2, I can browse the net, but the play store is not working.... I don't know much about the proxy servers so can't figure out why this happen

AirWatch certificate not being pushed for Wifi TLS

Hi,
I'm trying to configure Wi-Fi using TLS option but I don't see certificates listed.
when using AirWatch agent to push certificates there are 2 of them suppose to be pushed to work profile, but only one is appeared on the system certificate list.
I've asked other people who uses Android devices at work and they can configured their WiFi on Pixel or Samsung device that runs on 7.1.1 but not OxygenOS.
Things I've tried so far:
Reapply for WiFi profile
Reinstall Airwatch

Categories

Resources