All geek questions in one place

Is TCP packet filtering possible on mobile platforms?

I am wondering how my mobile application launches in the background and filters TCP packets.

I know that I will run into limitations due to the sandbox, OS privilege levels and how iOS handles background tasks, so I want to confirm whether this can be done on iOS and Android.

Can Android and iOS analyze and modify packets passing through TCP ports? If possible, how? Can I do this while my application stays in the background?

+6
source share
4 answers

IOS

I do not think this is possible on iOS.

I did not find a public API for network monitoring / packet filtering. There is a possibility that such an API exists, but it is hidden. But in this case, Apple App Store Review Guides :

2.5 Applications that use non-public APIs will be rejected

If you need one specific quote to show that this is not possible, you can use this:

iOS does not support packet tracing directly. However, if you connect your iOS device to the Mac via USB ...

from the official Apple Technical Q & A QA1176 .

Alternatives

The next best thing is to manually configure the proxy server in the settings and then filter the traffic on the server side. Launching a proxy locally on the device is not an option due to the limitations of iOS background tasks:

2.16. Multitasking applications can only use background services for their intended purpose: VoIP, audio playback, location, task completion, local notifications, etc.

In addition, this post suggests that it might be possible to set up a VPN connection programmatically on iOS 8. It would also require sending device traffic, and I'm not sure if this method meets the recommendations.

Non-alternative

Some applications provide network traffic measurement functionality. But they use a dedicated API for network statistics: tracking usage / monitoring of iPhone usage .

There are also methods for batch tracing on iOS via the USB cable described here .

Android

In Android, you can configure the device to use your application as a VPN service. But:

  • To do this, you need to display a dialog box describing the consequences of granting permission to work as a VPN.
  • You need to show a constant notification while the VPN is active. An example application that does this is tPacketCapture .

To request user permission, you call VpnService.prepare :

 public void onClick(View v) { Intent intent = VpnService.prepare(getApplicationContext()); if (intent != null) { startActivityForResult(intent, 0); } else { onActivityResult(0, RESULT_OK, null); } }

and process the result, starting your VpnService.

 protected void onActivityResult(int requestCode, int resultCode, Intent data) { if (resultCode == RESULT_OK) { Intent intent = new Intent(this, MyVpnService.class); startService(intent); } }

Your VpnService should implement public int onStartCommand() . The service is considered as a foreground service and should not be killed by the OS.

This question: Android VpnService for packet capture will not capture packets , and it comments on shedding light on packet processing.

+17
source

On iOS, I would say that it depends on whether you allow jailbreak of the device as an acceptable prerequisite. There are several links to PF , as well as a network sniffer (which, I believe, should work in a similar way) for iOS.

PF is open source , but unfortunately embedded in C.

0
source

This answer is for Android only.

Usually YES possible!
However, there are some problems.

Here is a list that works, and what problems you will encounter.

VPN Filtering

  • Very high battery impact.
  • Proxy support will not work
  • Allows you to modify traffic

Filtering through libpcap

  • Root required
  • Does not allow traffic changes

Filtering with IPTables / PFTables / libnetfilter

  • Root required
  • Kernel module required
  • Will not work on any devices where you do not have a kernel source or it is not integrated.

Filtering using the Xposed Framework

  • Root required
  • Will only work with Dalvik Systems
  • Will not work with building applications using NDK

Filtration with Cydia substrate

  • Root required
  • Will only work with Dalvik Systems
  • Currently in beta

So yes, perhaps, but what is it worth?
If you need it just for you, you can use Cydia Substrate , since it supports 100% of applications, but it requires the dalvik system.

If you want to publish it in the store, you must use the VPN service. It is possible to create a service using NDK, then you could reduce battery problems.

Hope I helped you a little.

0
source

You can create applications using the Android VPN service, which, among other things, can do interesting things, such as filter packages. You can find the VPN example in the “Android Samples for SDK”, which can be found in the Google Source Code .

Cliff robinson
Community manager
Backbox

0
source

Source: https://habr.com/ru/post/978624/

More articles:


All Articles