I'm doing a MITM research paper on iOS and Android focused on WebView / Hybrid Apps. This is my test setup:
Open WIFI Hotspot
iOS and Android Devices on the WIFI
Linux machine with Apache Proxy on the WIFI
ICMP Redirect (DoubleDirect), DNS or Forwarding to pipe all traffic through my Linux machine
For www.example.com I have a valid certificate from a trusted CA
I want to redirect a WebView request to https://www.facebook.com/ to my own site https://www.example.com/ directly on my Apache Proxy, without the user noticing anything in a hybrid App.
If this possible and how can I do that?
Related
when connected to a corporate vpn or in a corporate wifi environment, the corporation network uses a proxy for all http traffic. When connect to a personal wifi and not connected to the corporate vpn, all internet connection will display a page where it says "please connect to corporate vpn before you can visit any website". There is a McAfee root CA also being added to the system that allows this to happen. How does this work behind the scene?
the deployed service to client laptop is called McAfee SaaS Web Operations, I just wonder how it works to make root CA redirecting traffic
I'm running a Nginx Web server on my Linux system and I would like to access it on my iPhone (Safari or through my iOS app) when I connect it through USB cable.
How can I do it? is there any available solution?
Having iPhone and Linux system in a same network and access through its iP is not a solution here.
You can use ngrok.
Here is a step-by-step guide:
Download ngrok (https://ngrok.com/download) and move executable to /usr/bin/.
Register here and copy your auth token.
Open the terminal (Ctrl+Alt+T or Ctrl+Alt+F3) and type:
cd
ngrok authtoken <YOUR_AUTHTOKEN>
ngrok http 80
It will give you some URL address. Open it on your iPhone.
Your home page will be shown.
More info on ngrok: https://ngrok.com/docs/secure-tunnels
I have HTTP requests in my iOS app to a simple NODE.js app on my server. Since iOS has App Transport Security, I wondered how I could simply add a self-signed SSL certification to my IP address then I wouldn't have to worry about bypassing ATS. It would just look like
https://192.0.2.12/API
Is there a simple way to do it on an Ubuntu server?
I am trying to connect to CalDAV server from iPad, iOS v7.0.2(11A501), that is running on HTTP port 8080. It failed to connect.
Using Fiddler tool I have found that iPad CalDAV client is sending requests to port 443 and to port 80 instead of the one I specify in 'Server' field.
Being able to run the server on port 80 only in the development environment is inconvenient.
Has anybody experienced this issue and are there are any solution?
Well, my iPad is setup to a Mavericks calendar server. Which is running on https://xxx.local:8443/.
So the answer to your question seems to be Yes. It does support non-standard SSL ports. (This is on iOS 7.0.5/6).
What configuration data do you provide to iOS? Could it be that it initially connects to the right port but then the server is somehow misconfigured and redirects the client to a standard port?
Which CalDAV server do you use?
The Issue:
Connecting to the Xcode server CI web interface over SSL with a provisioned iPad and attempting to download an integrated build fails with a message that it cannot connect.
The Setup:
I've just set up Mac OS X Server 3.01 on my home iMac OS X 10.9 (Mavericks) for continuous integration. In the server admin panel only Xcode and File Sharing services are turned on. I've got continuous integration working from my MacBook Pro dev machine, configuring and running integration bots from the web UI served by the Xcode server on the iMac.
I want team members to have access to the CI web interface so I'm serving from the iMac to a public dynDNS address, port-mapped through from the Airport Extreme router to the iMac. This all works, but I want to force connecting only over SSL.
I did originally enable the Websites service in the server admin and created a redirect rule, configured with Source: "/", Destination: "https://myServer.dynDNSName.org", Status: "Permanent (301)". This did work to force all requests to port 443 and logging in worked as expected. When logging in to the CI interface with iPad Safari over SSL it is possible to navigate to the various bots results pages as expected. The problem is, tapping a built product link to download onto the provisioned iPad fails with the message, "Cannot connect to myServer.dynDNSName.org".
I have since turned off the server Websites service which once again allows connection over port 80. I don't want to allow clear text logins over port 80 because login accounts are server user accounts. My current workaround is to log in over SSL, then change the URL on the iPad to http://myServer.dynDNSName.org, to download the product, which then does install on the device.
So the question is, how can I set up the iMac server to not allow insecure logins and still enable downloading integrated products to devices?