How to intercept a packet from an app? [PROJECT]

DrunkenHiker

New Member
Joined
May 12, 2022
Messages
2
Reaction score
0
Credits
28
Hi!

I have this hiking app that uses terrible commercial maps but I want to intercept every request from it and feed it instead with tiles from my OpenStreetMap server.
I figured that I need to connect my phone (where the app is installed) to my server via wifi. The server is not connected to the internet (it's a raspberry).
I've managed to identify the packets that leave the app (as well as those that go in).
Here is an example:

The blue one is the request. I want my server to pick it up, swap the address in the first line and send my fake packet back to the app.

Where do I even begin with this?
 


You are not going to be able to do this with packet incerception, as this is a problem at an application level. You're trying to solve this at a network level, which is several levels below. The issue with your approach is that each interaction with either the terrible commercial maps, or Open Street Maps, are worth hundreds of packets. All together must match in order, shape, syntax, and all sorts of application-level protocol things that you won't easily see at a packet level. You will have to face problems like network congestion, timeouts, packet re-send, duplicated packets, CRC errors, and all sorts of nasty things at a byte level.

What you need to do is to replace API request and reponse payloads.

Your solution should be to implement an adapter proxy on your network: you need to implement the terrible commercial maps' API in an application you put in your local network, and such application should implement an open street map client. You need then to adapt requests and responses. Another option would be to cache all openstreet map tiles and serve them in the responses to the terrible commercial maps API you need to implement. Working at that level, you abstract all the network problems and focus on the problems of two companies exposing different API, which is a systems integration problem for which there are lots of frameworks and even packaged products that you can use (you could use an opensource ESB like the one by WSO2).

And also you need to solve the problem of the app trying to connect and aunthenticate to the terrible commercial maps API server --you may have to put some DNS rules on your local network for the domain to resolve to your application. And it would probably fail, as it will try to authenticate its servers by checking the server certificate.
 
This is
You are not going to be able to do this with packet incerception, as this is a problem at an application level. You're trying to solve this at a network level, which is several levels below. The issue with your approach is that each interaction with either the terrible commercial maps, or Open Street Maps, are worth hundreds of packets. All together must match in order, shape, syntax, and all sorts of application-level protocol things that you won't easily see at a packet level. You will have to face problems like network congestion, timeouts, packet re-send, duplicated packets, CRC errors, and all sorts of nasty things at a byte level.

What you need to do is to replace API request and reponse payloads.

Your solution should be to implement an adapter proxy on your network: you need to implement the terrible commercial maps' API in an application you put in your local network, and such application should implement an open street map client. You need then to adapt requests and responses. Another option would be to cache all openstreet map tiles and serve them in the responses to the terrible commercial maps API you need to implement. Working at that level, you abstract all the network problems and focus on the problems of two companies exposing different API, which is a systems integration problem for which there are lots of frameworks and even packaged products that you can use (you could use an opensource ESB like the one by WSO2).

And also you need to solve the problem of the app trying to connect and aunthenticate to the terrible commercial maps API server --you may have to put some DNS rules on your local network for the domain to resolve to your application. And it would probably fail, as it will try to authenticate its servers by checking the server certificate.
Hello. This is by far the most elaborate and insightful response I've got across a few popular forums.

You see, the app is so badly written that it becomes an actual advantage to me.
For example it doesn't really checks if the tablet is really connected to the Internet (capital I). I can connect the tablet to an adhoc network from another phone without internet connection and it will not realise that it's offline (no popups about lack of connection).

Please, help me understand one thing. If I know what packets the app sends and where it sends them, and I know the responses it gets each time (they are always the same), why would I not be able to simply swap the response with tiles that I want to feed it?
If you look at the picture, it asks for a tile associated to a particular coordinate: ../arcgis/rest/services/World_Tope_Map/MapServer/tile/XX/YYYY/ZZZZ

What stops me from swapping that address with tcpdump or just dns plus a response (green in the picture)?

Thank you very much.
 
If the app is so badly written than how you describe it, it may actually work if the responses of the map services match in terms of format. Otherwise, it may crash. But of course you can try.

In a properly written application that uses secure communications, you wouldn't be able to do so because the mobile app would be trying to make sure the server it intended to talk to, is the same that puts together the response. In such case, by changing it in your local network, you would break the channel by breaking the security of it, so to speak. However, if the app is not using any kind of security, you may be able to swap the responses as long as they are compatible in format.

But, for the same reason, I would advise against using the app. Applications that not check what server are talking to, and if the same server is the one sending the response, represent a risk of code injection. Depending on the permissions the app is asking to use, the risk may be higher or lower (definitely very high if your phone is rooted).
 
Last edited:


Top