Also - test android app using nogotofail ...
310 views
Skip to first unread message
yzni...@gmail.com
Jan 25, 2015, 9:49:18 AM1/25/15
to nogot...@googlegroups.com
Hi Chad,
I am trying to test nogotofail with my Android device. I am at a similiar stage to Bryan. Here is where I am at ... Any suggestions?
---------------------------------------------------------------------
- I compiled the mitm android client in Android Studio and installed it on my device (Nexus 7 Android 5.0.2). The client installed without any issues.
- In the Android client Settings > Advanced tab I entered:
Host - 192.168.45.1 (address of my WiFi proxy/router where nogotfail.mitm service is running)
Port - 8443
- My WiFi proxy is a Raspberry Pi box running raspbian. I confirmed it is working earlier as a proxy creating routing rules and connecting to the internet via my Nexus 7.
- On my WiFi proxy/router I cleared all iptable rules to ensure no rules conflicted for port 8080.
- On my WiFi proxy I enter the following command:
sudo python -m nogotofail.mitm --serverssl server.crt -d --mode socks -l real.log -e event.log -c ngtf.conf
(Where ngtf.conf is my configuration file)
The WiFi proxy terminal output was:
2015-01-20 18:16:06,274 [INFO] Starting...
- In the Android client I click "Reconnect" and I am prompted with the "Allow connection to MiTM server?" dialog. I select "Allow"
- The output on my WiFi proxy is:
2015-01-20 18:16:06,274 [INFO] Starting...
2015-01-20 18:16:10,344 [ERROR] AppBlame socket error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/nogotofail/mitm/blame/app_blame.py", line 101, in listen
(client_socket, client_address) = self.server_socket.accept()
File "/usr/lib/python2.7/ssl.py", line 354, in accept
suppress_ragged_eofs=self.suppress_ragged_eofs),
File "/usr/lib/python2.7/ssl.py", line 143, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:504: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
2015-01-20 18:17:50,802 [INFO] AppBlame new client from 192.168.45.10
- I try a few apps on my Nexus 7. They connect to the internet eventually but are very slow. I see no additional messages on my WiFi proxy terminal or log file.
I am trying to test nogotofail with my Android device. I am at a similiar stage to Bryan. Here is where I am at ... Any suggestions?
---------------------------------------------------------------------
- I compiled the mitm android client in Android Studio and installed it on my device (Nexus 7 Android 5.0.2). The client installed without any issues.
- In the Android client Settings > Advanced tab I entered:
Host - 192.168.45.1 (address of my WiFi proxy/router where nogotfail.mitm service is running)
Port - 8443
- My WiFi proxy is a Raspberry Pi box running raspbian. I confirmed it is working earlier as a proxy creating routing rules and connecting to the internet via my Nexus 7.
- On my WiFi proxy/router I cleared all iptable rules to ensure no rules conflicted for port 8080.
- On my WiFi proxy I enter the following command:
sudo python -m nogotofail.mitm --serverssl server.crt -d --mode socks -l real.log -e event.log -c ngtf.conf
(Where ngtf.conf is my configuration file)
The WiFi proxy terminal output was:
2015-01-20 18:16:06,274 [INFO] Starting...
- In the Android client I click "Reconnect" and I am prompted with the "Allow connection to MiTM server?" dialog. I select "Allow"
- The output on my WiFi proxy is:
2015-01-20 18:16:06,274 [INFO] Starting...
2015-01-20 18:16:10,344 [ERROR] AppBlame socket error
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/nogotofail/mitm/blame/app_blame.py", line 101, in listen
(client_socket, client_address) = self.server_socket.accept()
File "/usr/lib/python2.7/ssl.py", line 354, in accept
suppress_ragged_eofs=self.suppress_ragged_eofs),
File "/usr/lib/python2.7/ssl.py", line 143, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:504: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
2015-01-20 18:17:50,802 [INFO] AppBlame new client from 192.168.45.10
- I try a few apps on my Nexus 7. They connect to the internet eventually but are very slow. I see no additional messages on my WiFi proxy terminal or log file.
yzni...@gmail.com
Jan 25, 2015, 9:54:20 AM1/25/15
to nogot...@googlegroups.com, yzni...@gmail.com
Btw my configuration file (ngtf.conf is):
# Example nogotofail.mitm config file
# All long options from --help can be set
# See https://docs.python.org/2/library/configparser.html for file format
# All mitm options should be under [nogotofail.mitm]
[nogotofail.mitm]
verbose=True
port=8080
#attacks=selfsigned invalidhostname
attacks=selfsigned
#data=httpdetection httpauthdetection
# Example nogotofail.mitm config file
# All long options from --help can be set
# See https://docs.python.org/2/library/configparser.html for file format
# All mitm options should be under [nogotofail.mitm]
[nogotofail.mitm]
verbose=True
port=8080
#attacks=selfsigned invalidhostname
attacks=selfsigned
#data=httpdetection httpauthdetection
yzni...@gmail.com
Jan 26, 2015, 9:31:18 AM1/26/15
to nogot...@googlegroups.com
Yay! I got it working on path with my android tablet!!
After some more testing I discovered when nogotofail.mitm was running my tablet wasn't connecting to the Internet.
I added the following iptable rules to forward requests from wlan0 to eth0:
After some more testing I discovered when nogotofail.mitm was running my tablet wasn't connecting to the Internet.
I added the following iptable rules to forward requests from wlan0 to eth0:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
I also found that nogotofail.mitm only works on "tproxy" mode on my device. I used command line:
sudo python -m nogotofail.mitm --serverssl server.crt -d --mode tproxy -l real.lo-e event.log -c ngtf.conf
Chad - In the event log I am seeing attack "success" but no "[WARNING]" or "[CRITICAL]" messages in the output log.
Does this mean the attacks (marked with "success") aren't serious and I don't need to worry?
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
I also found that nogotofail.mitm only works on "tproxy" mode on my device. I used command line:
sudo python -m nogotofail.mitm --serverssl server.crt -d --mode tproxy -l real.lo-e event.log -c ngtf.conf
Chad - In the event log I am seeing attack "success" but no "[WARNING]" or "[CRITICAL]" messages in the output log.
Does this mean the attacks (marked with "success") aren't serious and I don't need to worry?
Chad Brubaker
Jan 26, 2015, 2:31:28 PM1/26/15
to yzni...@gmail.com, nogot...@googlegroups.com
Great to hear its working!
On Mon, Jan 26, 2015 at 6:31 AM, matthe...@gmail.com <yzni...@gmail.com> wrote:
Yay! I got it working on path with my android tablet!!
After some more testing I discovered when nogotofail.mitm was running my tablet wasn't connecting to the Internet.
I added the following iptable rules to forward requests from wlan0 to eth0:sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
I also found that nogotofail.mitm only works on "tproxy" mode on my device. I used command line:
tproxy is the preferred mode if you're running on a WiFi router(and the default mode), socks is for local proxying and redirect is another iptables mode that usually works but I've seen some flakiness before.
sudo python -m nogotofail.mitm --serverssl server.crt -d --mode tproxy -l real.lo-e event.log -c ngtf.conf
Chad - In the event log I am seeing attack "success" but no "[WARNING]" or "[CRITICAL]" messages in the output log.
Does this mean the attacks (marked with "success") aren't serious and I don't need to worry?
What handler are you seeing that generates something with success but doesn't show up in the log? As far as I remember everything gets logged to text as [WARNING], [ERROR], or [CRITICAL] depending on severity.
Also, the SSL error you were seeing in your first email should have been transient and only the first time the client tried to connect(since at that point it didn't trust the server and sent an SSL error), was that the case?
--
You received this message because you are subscribed to the Google Groups "nogotofail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nogotofail+...@googlegroups.com.
To post to this group, send email to nogot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nogotofail/81749164-67fb-48fc-93f6-3594e3dae51f%40googlegroups.com.
yzni...@gmail.com
Jan 27, 2015, 9:45:01 AM1/27/15
to nogot...@googlegroups.com
Chad. I was mistaken I am seeing "[ERROR]" and "[WARNING]" messages in the output log for the corresponding "success:true" entries in the event log.
In the output log I'm seeing:
- [WARNING] for "weaktlsversiondetection / Client enabled SSLv3 protocol with TLS_FALLBACK_SCSV",
and
- [ERROR] for "weaktlsversiondetection / Client enabled SSLv3 protocol without TLS_FALLBACK_SCSV",
"weaktlsversiondetection / Client enabled SSLv3 protocol without TLS_FALLBACK_SCSV",
"httpdetection / HTTP request GET <url>"
I am confused about one thing ... I am seeing attacks being run which I haven't specified in my nogotofail.mitm configuration file.
For example - I have only specified sslstrip, httpdetection, weaktlsversiondetection & insecurecipherdetection data attacks in the config file (and no connection attacks).
However in the logs i'm see clientheartbleed, dropssl and selfsigned connection attacks being run.
(in the android client I have left the "custom list of attacks" option unchecked)
In the output log I'm seeing:
- [WARNING] for "weaktlsversiondetection / Client enabled SSLv3 protocol with TLS_FALLBACK_SCSV",
and
- [ERROR] for "weaktlsversiondetection / Client enabled SSLv3 protocol without TLS_FALLBACK_SCSV",
"weaktlsversiondetection / Client enabled SSLv3 protocol without TLS_FALLBACK_SCSV",
"httpdetection / HTTP request GET <url>"
I am confused about one thing ... I am seeing attacks being run which I haven't specified in my nogotofail.mitm configuration file.
For example - I have only specified sslstrip, httpdetection, weaktlsversiondetection & insecurecipherdetection data attacks in the config file (and no connection attacks).
However in the logs i'm see clientheartbleed, dropssl and selfsigned connection attacks being run.
(in the android client I have left the "custom list of attacks" option unchecked)
mk...@bu.edu
Mar 2, 2015, 3:27:52 PM3/2/15
to nogot...@googlegroups.com, yzni...@gmail.com
Can you post some more information on how to configure ngtf to be "in path" with the android device, so that android app installed on the device can be tested using ngtf.
I'm totally stuck on this.
yzn...@gmail.com
Mar 5, 2015, 10:54:35 AM3/5/15
to nogot...@googlegroups.com
I believe you are using the Nogotofail.mitm service on GCE (over OpenVPN). I haven't tried a GCE setup yet, I have only used ngtf on a physical device. However, my understanding is it should behave almost identically.
The first place I would start is to check if you have Internet connectivity from your Android device through the OpenVPN connection. When you open the browser on Android (without nogotofail.mitm started in GCE) can you connect to the Internet?
If not, you may need to implement some routing rules in GCE. Unfortunately as I don't have that setup I can't give you any tips.
If you can access the Internet from your Android device, I would try the following:
- Run nogotofail.mitm on GCE. I used the command line:
sudo python -m nogotofail.mitm --serverssl server.crt -d --mode tproxy -l output.log -e event.log -c ngtf.conf
(Try using the example.conf file from the ngtf github project to start with)
- If nogotofail.mitm starts correctly, go to your android device and start the ngtf client. It should connect to the server (nogotofail.mitm) automatically. However also try clicking the "Connect" button.
Chad Brubaker
Mar 5, 2015, 4:06:00 PM3/5/15
to Michael Kennedy, nogot...@googlegroups.com
https://github.com/google/nogotofail/tree/dev/docs/gce includes docs and scripts for setting up nogotofail+VPN on a GCE instance, if you dont want to use GCE you can install OpenVPN server on your own machine and set it up by following the steps/scripts provided.
--
You received this message because you are subscribed to the Google Groups "nogotofail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nogotofail+...@googlegroups.com.
To post to this group, send email to nogot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nogotofail/d3fc823d-182e-47f9-8467-b428b311622e%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages