Proxy Like a Pro: interesting method of proxying non proxy-aware Android Apps

In this blog post, we'll explore several methods to enable proxying for Android apps that do not natively support proxies. We'll cover regular methods like Wi-Fi settings, ADB commands, and Frida scripts, and then delve into more advanced techniques such as using iptables and DNS manipulation.

Regular Methods to Enable Proxy

1. Enabling Proxy in Wi-Fi Settings

One of the simplest ways to set up a proxy on an Android device is through the Wi-Fi settings.

1. Go to Settings > Network & Internet > Wi-Fi.

2. Long press on your Wi-Fi network and select Modify network.

3. Enable Advanced options.

4. Set Proxy to Manual and enter the proxy hostname and port.

2. Using ADB Command

ADB (Android Debug Bridge) can be used to set a proxy for your Android device.

1. Connect your Android device to your computer.

2. Open a terminal and enter the following command:

    adb shell settings put global http_proxy <proxy_host>:<proxy_port>
   

3. To clear the proxy settings, use:

    adb shell settings put global http_proxy :0
   

3. Proxy for an Individual App Using Frida Script or Objection Module

Frida and Objection can be used to hook into an app and force it to use a proxy.

Frida Script Example

1. Install Frida on your computer and device.

2. Write a Frida script to hook the app's network functions and redirect traffic through the proxy.

3. Execute the script while the app is running.

Objection Example

1. Install Objection and launch it against the target app:

    objection --gadget <app_package> explore
   

2. Use the following command within Objection:

    network monitor start --proxy <proxy_host>:<proxy_port>
   

Advanced Method: Using iptables

Setting Up iptables

Using iptables requires a rooted device. This method redirects all traffic through the proxy.

1. Gain root access on your device.

2. Use iptables to redirect traffic:

    iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <proxy_host>:<proxy_port>
    iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination <proxy_host>:<proxy_port>
   

3. Verify that the traffic is being redirected.

New approach: Proxy Using DNS

1. Setting Up DNSChef

DNSChef can be used to redirect DNS requests to a proxy server.

1. Install DNSChef on your computer:

    pip install dnschef
   

2. Run DNSChef to redirect traffic:

    dnschef --fakeip <your_ip> --fakedomains <target_domain>
   

   Alternatively, redirect all traffic:

    dnschef --fakeip <your_ip>
   

2. Configuring Android DNS Settings

Configure your Android device to use the DNSChef server.

1. Go to Settings > Network & Internet > Wi-Fi.

2. Long press on your Wi-Fi network and select Modify network.

3. Enable Advanced options.

4. Set IP settings to Static and enter your computer's IP address as the DNS server.

3. Enabling Transparent Proxy in Burp Suite

Finally, enable transparent proxying in Burp Suite to handle the incoming traffic.

1. Open Burp Suite and go to Proxy > Options.

2. Add a new proxy listener and enable Invisible proxying under Request Handling.

By following these steps, you can effectively proxy non proxy-aware Android apps using various methods tailored to your needs. Whether through simple Wi-Fi settings or more advanced DNS manipulation, each approach provides a way to monitor and intercept app traffic.