(not only) Android applications network analysis

First of all I recommend reading this blog post from Simone evilsocket Margaritelli that is – imho – one of the best comprehensive guides to Android applications reversing, of which network analysis is just a part.

In my post I will present 3 different methods I used to understand the network behavior (the focus is on network analysis, nothing more) of an Android application I analyzed:

  • using an HTTPS interception proxy;
  • MITMing the network traffic;
  • profiling the application with Android Studio.

Everyone can use the method they want (some simply may not work in your scenario), the results of the analysis are the same; the method you’ll choose depends on the scenario you are testing, the software you are used to working with and so on.
Consider that the first two methods can be used to inspect the traffic from any application/program/device, not only an Android application.

Continue reading “(not only) Android applications network analysis”

Configure Squid proxy for SSL/TLS inspection (HTTPS interception)

Squid proxy

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Squid can be configured to make SSL/TLS inspection (aka HTTPS interception) so the proxy can decrypt proxied traffic (Squid calls this feature ssl bump).

Afaik the Squid package included in the Linux distros is not compiled with SSL/TLS inspection support but the good news is that diladele (its github repo and Websafety documentation are useful resources) provides packages for Ubuntu and Centos, recompiled (you can do by yourself) with support for HTTPS filtering and SSL/TLS inspection. This means that we have just to configure Squid. Not an easy task anyway 🙂

I provide to you a working config, follow next steps.

Continue reading “Configure Squid proxy for SSL/TLS inspection (HTTPS interception)”