Network MITM or Capture

DeviceFarmer / stf

Control and manage Android devices from your browser.

https://devicefarmer.github.io

Other

3.39k stars 483 forks source link

Network MITM or Capture #144

Open lanrat opened 3 years ago

lanrat commented 3 years ago

Is your feature request related to a problem? Please describe. No problem, just a feature request.

Describe the solution you'd like It would be nice to be able to capture the network traffic going to/from the device. Even better if it would be possible to MITM the traffic to selectively block/edit requests.

Describe alternatives you've considered There are 3rd party apps/solutions that already do this. Most commonly by adding a VPN provider to capture the traffic, however having a solution built into STF would be much easier and allow for more automations.

issue-label-bot[bot] commented 3 years ago

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.81. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

quangola commented 3 years ago

This would be great. I know HeadSpin has a solution that somehow mirrors network traffic over the USB connection. I have no idea how it works; but if they can do it, then it is certainly possible.

I'm currently pointing my devices to a private WiFi network with a port mirror that packetbeat uses to ingest traffic into ElasticSearch. It isn't perfect (No MITM or SSL decryption) but it at least gives me a general idea where stuff is going.

lanrat commented 3 years ago

I believe what I'm describing is called reverse tethering: having the phone use the ADB connection for its network access. Once that's done the host can do any network analysis we want using existing tools like wireshark/tcpdump, sslstrip, etc..

It looks like the gnirehtet project already does reverse tethering by simulating a local VPN. So that may be a good starting point to get this added to STF.

ppiccolo commented 3 years ago

I've managed this task, whit the help of gnirehtet + global_http_proxy_host + socat + burp, actually this is a manual operation, I'm not sure how and when I can integrate this to the codebase.

However I'm going to report the necessary steps to provide this functionality:

Install gnirehtet and socat binary inside adb container
Configure global_http_proxy_host and global_https_proxy_host in the target device adb shell settings put global http_proxy 10.0.2.2:8080
Get a shell inside the ADB container and start gnirehtet with gnirehtet autorun
Get a shell inside the ADB container and start socat TCP4-LISTEN:8080,fork,reuseaddr TCP4:<YOUR_MITM_PROXY_IP_AND:PORT>

That's all now you can browse and use any app and all http/https traffic will be proxied to your desidered host, and control your device from the comfort of your browser.