Can no longer capture after update to Android 6.0 and PAD 8.2.2

[athray]

After updating to Marshmallow, I have been unable to capture PAD box data, I did both of these updates nearly simultaneously so I'm not sure which broke the listening functionality.

My device is a Nexus 5 if that matters at all.

I've attempted force stopping the PAD process before relaunching it but that doesn't seem to have solved anything, behavior is the same. PAD launches, no response or notification from PAD listener that anything was captured.

[Neraud]

I can still capture with PAD 8.2.2, so it's most probably an issue with Android 6. I'll upgrade my Nexus7 and check it something breaks.

[Neraud]

I've reproduced the issue with my upgraded Nexus 7.

Auto-Wifi is broken because I had to use private, unstable APIs to set the proxy. That happened for 5.0 and can probably be fixed.

But the core issue is that PAD calls do not go through the proxy at all. I've tried using the Manual Wifi mode, PADListener can capture the adds and Google Analytics calls on PAD's title page, but nothing else :/ I've no clue why that's happening. I can only guess that PAD simply won't work when using a Wifi with a proxy.

I've checked : Auto Iptables mode still works.

[athray]

Thanks for the update, I appreciate it. I'm not really android or development savvy so there's not a whole lot I can do aside from offer to help test any new solution you come up with.

[n0n0x]

I think that PAD version 8.2.2 went full SSL so this complicates things a lot.

[Neraud]

I don't think so.

I've been able to capture without issue using the Auto iptables mode. The only issue is that PAD seems to ignore the Wifi proxy settings which breaks Manual and Auto Wifi modes.

[bcassedy]

Is there a workaround that doesn't involve rooting my phone?

Are there alternative applications or processes that can update PADHerder?

[dsr13]

Since root still involves flashing a decrypted kernel and formatting data on the nexus 6p, could you please confirm you are working on a non-root solution? Thanks?

[n0n0x]

I am using mitmproxy to workaround this issue. If your PAD Version uses https (mine does) you need to install mitmproxy certificate on your phone.

What it basically does is setup a proxy on your computer, then you setup your phone to point to your computer's ip addres port 8080 (default mitmproxy port) and you should start seeing traffic going through mitmproxy.

Steps:

• Install mitmproxy
• run mitmproxy (no extra params)
• configure your phone to use your computer as proxy.
  • Host: pc.ip.add.ress
  • Port: 8080
• Open mitm.it on your mobile phone
• Install certificate
• Open PAD.
• Look for this entry in mitmproxy console and use arrow keys to move through entries
• Hit Enter on that line
• Hit Tab to switch to Response
  • You should see a big json response.
• Hit b to save result
• Open padherder and go to the import json section on your profile (Top right corner).
• Upload json file.
• Profit!

Seems cumbersome, but it is actually pretty easy once you get the hang of it.

[Neraud]

What's weird is that on my Nexus 4 running Android 6.0, it seems that PAD doesn't use the proxy configuration. Can you confirm that this workaround works on 6.0 ?

And yes, I'm trying to implement a new listener mode that doesn't require root, but still works on every version. I don't have an ETA though.

[athray]

I've been using padproxy.py and burpsuite to capture json box data as well, with a Nexus 5 on Android 6.0 and the setup is very similar on the android side, I think the only difference is I use a different port and set a static IP for the device. So I can confirm that the PAD traffic is going through the proxy.

[malhas]

Is it possible to add the feature of importing a JSON file? It's easier to control what to update comparing to importing the file in padherder.

[dsr13]

Mitmproxy refused to install correctly, and padproxy.py couldn't get HTTPS data for me. Charles proxy worked though, and had a good GUI, making things nice and easy. Looking forward to the next iteration of padlistener to make all this stuff unnecessary.

[Flibblestix]

Also using Charles proxy for now. Just right click the correct API (get_user_data) and hit save response. Upload the php file and then you're done.

[smukherjee2016]

Yet another temporary workaround for people on Windows (tested on JP today, works fine with latest 8.6.2 and Android Kitkat 4.4.2):

1. Make sure you have Python 2.7 installed (not tested on 3.x), and your PC and phone are connected to the same wi-fi hotspot.
2. Download Honeyproxy. It seems to do the same thing and is based off mitmproxy.
3. Install the dependencies and then start Honeyproxy. It'll open a browser tab too.
4. Find out the IP address assigned to your PC (for an Android phone, long tap on the PC's MAC address and see the assigned IP field, for router, check the connected clients and the corresponding addresses).
5. Change the proxy you use for the wifi in your phone having PAD, and set it to the IP address of your PC that you got in step 3. Port should be the default one.
6. Start or relogin to PAD, and you should see api.php calls coming up. Take the "get_user_data" API call, and Download the response from the Details tab. It should be a huge JSON tag.
7. Import that file to PADHerder (Login, click on your name and do "Import JSON") and voila!
8. Shut down the proxy when done.

Thanks to the other commenters above for showing the way!

It's a rather cumbersome method, but yeah, hoping it'll be rendered unnecessary by the next awesome PADListener update. :)

[olifozzy]

No fix yet for the auto proxy ( http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-network ) But I managed to get the capturing of SSL work again in 6.0 , see my pull request : https://github.com/Neraud/PADListener/pull/97