So far I managed to capture the traffic of local Java programs & Android browser successfully. However, I failed to capture traffic of my Android application (using HttpsUrlConnection).
While following the steps in this guide to configure the WiFi network on the device, in the step of downloading the certificate I faced an odd behavior as Chrome raised an error and Firefox installed it without opening the expected dialog:
But when I try to download it again, it says that the certificate is already installed.
Anyway, when running my app (on a real device, Karbonn S203 API 19), there are no requests nor tunnels logged in Fiddler. I tried a lot including inspecting this thread to no avail. In other articles I read about showing tunnels only but I don't have them either. Am I missing anything?
Thanks.
EDIT: I managed to install is "correctly" (with the above screen) from Settings -> Security -> Install Certificate after copying if from PC. Still I cannot see the requests in Fiddler.
Apparently the problem occurred due to using some uncommon devices (well, at least uncommon in Europe/North America). They've probably made some configuration changes in their AOSP version. When working the same way with Nexus 5 I managed to add the ceritifcate under 'WiFi' and then captured requests successfully.
Looks like your app does not use Fiddler as a proxy. When you call openConnection do you pass a Proxy object to it? If so, how do you initialize this proxy object?
You might want to try sending some HTTP traffic through first to make sure you are using the correct proxy settings and then try with HTTPS.
Related
I'm trying to use the auto-update feature of install4j. The updater is configured as stand-alone and is launched by the user from a menu item with the code snippet from the installer configuration. The updates.xml URL is configured in the Auto-Update Options screen.
The updater is started correctly but then it fails with the error "The update information could not be downloaded from ". The URL is correct and the xml file can be viewed from a web browser on the same client computer. I tried disabling the firewall and antivirus, but nothing has changed.
I use install4j version 6.1.6 and the target platform is Windows (tested on Win7 and WinXP just in case).
Can anyone suggest a possible reason for this failure and/or a way to get more diagnostic information?
Thanks in advance
Sasha
I solved the problem by disabling browser integrity check in the CloudFlare settings. This means that install4j is sending malformed HTTP headers that are interpreted by the CloudFlare firewall as suspicious.
I do hope that this install4j bug will be fixed, since allowing access at the CloudFlare level means that the server is more exposed to actual threats.
I have an Android application where I connect frequently to a web service that I control using SSL exclusively. The first thing a user does that results in network activity is login and I currently use the Ion library for this although I tend to think my issue is not specific to Ion. This works as expected except for one specific user that has limited all internet access on the Android device to only work with my web service. They have done this by using their router to create a firewall that blocks all traffic except the specified domains. When this firewall is turned on they can't login via the app because of the following error:
java.net.SocketException
recvfrom failed: ECONNRESET (Connection reset by peer)
They can use the browser to go to my website and access the same web service with the firewall turned on and everything works fine. In addition, they can turn the firewall off, login successfully (i.e. successfully initial the first connection), turn it back on and subsequent network connections continue to work. The user can even log off and log back in without issue. It continues to work with the filter on until they quit the app. When they then restart the app and try to login the error returns. This seems like very odd behavior and I'm not entirely sure it is an ion issue but I'm not sure what to do. Does anyone have any ideas on what could be causing this issue?
UPDATE:
Per a comment, I tested my application with Volley. It does appear that Volley works with the filter turned on. I would prefer to stick with Ion though due to some of its other feature so if anyone has any ideas on how to make Ion work in this scenario I would greatly appreciate the help.
I am using the "chrome://inspect/devices" and monitoring the http traffic for an Android application. This only works with the Android 4.4/KitKat. Within this tool, the set-cookie and cookie data does not show. Is there another tool or how can I configure this tool to show the cookie data for each request. The "cookie" store set of cookies do appear but not for each individual request between the server and client/Android device.
I believe this hybrid Cordova based web view is masking the cookies. I don't know how.
More information:
http://code.google.com/p/chromium/issues/detail?id=403490
Note: this is monitoring traffic between the Android device and a host PC, monitoring the traffic on the host PC.
Note: It looks like it is a "webview" or application/api/library issue. We are using Cordova to build this application. It is a hybrid/web-view application, I don't know why or how it could explicitly hide the cookie information? I was curious if anyone has any more detail on how a webview could hide cookies.
Since you mention
Is there another tool
I am going to jump at this part and offer you a different tool, i.e. Fiddler.
You can set up Fiddler with proxy
Change the Android device network settings to go through the proxy.
Now, you can capture complete network requests inclusive of any request made from the device.
So perfect for development, if I may say so.
Source - http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler
Helps to ease a painful debugging experience, to a pleasant one.
Some freebies
Fiddler also allows to break on http requests, modify the content, reissue requests without having to write any piece of code.
And another factor, it works for any Android release, iOS or Windows Phone or any device that supports proxy.
No SDKs required to do this!
If you are using a mac, you can checkout Charles network inspector.
Hope this helps!
Note - This answer is purely to help in inspecting the network traffic.
Update - HTTPS traffic
Install Fiddler Certificate to Android
As a final step to improve the debugging of secure HTTPS connections,
we can install a Fiddler “root” certificate on the Android device.
(Note: If your device does not already have a PIN or password, you
will need to set one up before installing the certificate.)
Steps:
On Android start the Chrome browser
Navigate to
http://ipv4.fiddler:8888/
Tap on the link for the “Fiddler Root
Certificate”
Name the certificate “Fiddler” and install it (entering
your PIN or password if prompted)
With this test certificate
installed, you should now be able to visit SSL sites from the Android
Chrome browser and not receive any certificate warnings. The network
traffic should also be viewable in Fiddler. Good test sites are those
which always force secure HTTPS connections, like the Wells Fargo
mobile site at https://wellsfargo.com/.
Exercpt from the posted link.
Have a look at the WebViews CookieManager. Specifically look at the 'allowFileSchemeCookies' and 'setAcceptFileSchemeCookies' methods. If they are false by default that may be the culprit.
I am facing an issue on opening apps when working from office network using android emulator. I am using Android 4.4.2 with API 19. I know there is a proxy defined to access the network & I have set the same at the below path:
Settings->Wireless&Networks->MobileNetworks->AccessPointNames->Edit-> Set the Proxy, Port, Username & Password
On applying the above settings, I am able to access internet on the emulator browser however still facing issues the issue on accessing apps.
Request you all to please provide any suggestion/advice to overcome from this issue. I know there are many threads asking about the same however I did not find any in which the issue while opening the apps got resolved.
Regards,
Anuj
There is a emulator-wide setting for using HTTP proxy:
http://developer.android.com/tools/devices/emulator.html#proxy as explained here https://stackoverflow.com/a/12940297/1356130
I am trying to build a google app engine app in Java. The app is trying to get information from another site. On my computer I am behind a firewall and need to connect to the site through a proxy. Google app engine does not allow the use of java.net.proxy. Is there a way to configure eclipse so it knows that when I use URL.getContent() my local host will connect to that url through a proxy??
Look at this thread issue, there's a patched jar that allows you to connect through a Proxy.
It seems there's no way to do this, at least with current release of the SDK. I've gone through suffering from this problem.
The workaround is to make your system inherently aware of proxy. For example, use VPN, or use iptables to configure your proxy on Linux system.
It seems when your use normal way to specify a proxy as with other Java application it will invoke a class not in the JRE white list of GAE/J.