Tag Archives: android

[Tutorial] Using Fiddler to debug SAML tokens on Mobile Devices (Android)

Use Case:

This guide will go over configuring Fiddler to intercept traffic from mobile devices for debugging purposes.  This scenario can be beneficial in tracing/debugging SAML tokens issued from your IdP for a mobile application to consume.  We will be able to validate all traffic flowing in/from the Android device.

Configuring/Setting up Fiddler:

  1. Grab the latest copy of Fiddler from their website for Windows (it is a free download)
    1. https://www.telerik.com/download/fiddlerDownload Fiddler
  2. Install Fiddler on your local machine
    1. Double click fiddlersetup.exe
      Run fiddlersetup
    2. Agree to the End User License Agreement
      Fiddler Install - Accept EULA
    3. Set the installation directory and click Install
      Fiddler Install - Destination Folder
    4. Close the setup wizard
      Fiddler Install - Close Installation
  3. Launch Fiddler
    Launch Fiddler - Windows 10
  4. Click Cancel if prompted about AppContainers
    Fiddler - AppContainer Configuration - Cancel
  5. With Fiddler open click on Tools -> Telerik Fiddler Options…
    Fiddler - Tools - Telerik Fiddler Options
  6. Click on the Connections tab and check Allow remote computers to connect

  7. You will receive a dialog box saying it will need to restart.  Click OK and close out of Fiddler
  8. Once you relaunch Fiddler, click on the down arrow (if shown) and hover over the Online icon

At this point, Fiddler is configured properly, let’s shift over to your mobile device. We’ll shift gears to configuring the Android device to push traffic to Fiddler.

Configuring an Android device
(Android v6.0.1 at the time of writing)

  1. Slide down the notifications drawer from the top of the screen and hit the Settings (gear) icon in the top right
  2. Select Wi-Fi under the Wireless and networks section
  3. Select the wireless network you are connected to and click Edit

  4. Scroll down and check Show advanced options

  5. Select the drop-down for Proxy and choose Manual

  6. Type in the IP address gathered from Fiddler for the Proxy host name and set the Proxy Port to 8888 and click Save
    1. Note: 8888 is the default port for Fiddler, the port can be found under Fiddler -> Telerik Fiddler Options -> Connections tab
  7. Next, open up your web browser and navigate to http://ipv4.fiddler:8888
    1. Note: This is a small webpage served by the Fiddler application to validate the proxy settings are correct.  Likewise, we will use this page in the next step for SSL decryption
  8. On the Fiddler Echo Service page, click on the You can download the FiddlerRoot Certificate link
    1. Note: This download Fiddler’s root certificate to allow us to intercept SSL traffic for debugging purposes
  9. Once the certificate has downloaded, type Fiddler as the Certificate name and click OK

  10. Optional step: Open up your web browser and navigate to a website using SSL (I did https://google.com)
    1. Note: Here you can validate that the SSL certificate used is Fiddler’s root certificate.  This is a good sign that we are intercepting the traffic

Turn off Fiddler from intercepting SSL traffic

Remove the proxy settings

  1. Slide down the notifications drawer from the top of the screen and hit the Settings (gear) icon in the top right
  2. Select Wi-Fi under the Wireless and networks section
  3. Select the wireless network you are connected to and click Edit

  4. Scroll down and check Show advanced options (you should see your old proxy settings unlike my screenshot below)

  5. Select the drop-down for Proxy and choose None

  6. Select Save
  7. At this point, you should be able to capture the traffic through the Fiddler application on your Windows machine; see the screenshot below showing traffic from the android device
    1. NOTE/TIP: If you turn off capturing, you will turn off capturing on Windows, but not for the mobile device.  This can help cut down on the “noise” in getting your sample/debug logs.

Remove the Fiddler SSL certificate

  1. Slide down the notifications drawer from the top of the screen and hit the Settings (gear) icon in the top right
  2. Select Security

  3. Select Trusted credentials

  4. Select the User tab on the Trusted credentials window
  5. Scroll down through the certificate information and towards the bottom you will see a Remove button; press the REMOVE button.
    1. Note: You have to scroll the text, there is no scrollbar until you start the scrolling gesture

 

Lync 2013 Android Client – Version of Lync has been blocked error

Symptom: When logging into the Lync 2013 on an Android or iOS device, you receive the following error:

This version of Lync has been blocked by your system administrator.  Please check for updates or contact your Lync support team.

Lync 2013 Mobile Version

 

Solution: This error is caused by not running the latest version of Lync Server 2013.  Make sure you have at least the February Cumulative Update 1 patch applied to your server.  Without this patch, the Lync client will not be able to login.

You can grab a copy of the patch from: http://www.microsoft.com/en-us/download/details.aspx?id=36820

Details on how to install the patch can be found here: http://support.microsoft.com/kb/2809243

How to pass parameters back from intent

Tonight I ran across the issue of, “How do I send a result back to the parent that spawned an intent?”

After finding out that it is nearly impossible to pass instances of objects to the intent, I decided why not send the result back from the spawned intent.

To do something like this, use the following code to spawn the child intent:

//Starting a new Intent
Intent intent = new Intent(getApplicationContext(), whateverClass.class);

// Maybe add a param or two?
intent.putExtra("someParam", paramValue);

// starting new activity
startActivityForResult(intent,SOMEINTEGERSHOULDGOHERE);

When you are done with the intent, use this code to close it.

Intent intent=new Intent();
intent.putExtra("myParam", thiscouldbeastringvariable);
intent.putExtra("mySecondParam", thiscouldbeanintvaraible);
setResult(RESULT_OK, intent);
finish();

Lastly, here is how we process our result given from the child:

@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
switch(requestCode) {
case (SOMEINTEGERSHOULDGOHERE): // this was the integer you used to spawn the activity previously
if (resultCode == Activity.RESULT_OK) {
// Do whatever you want here.
// data.getStringExtra("ThisGetsOurParamBack");
}
break;
}
}

This is basically how to send data, process it in a new activity/intent, and then spit the results back to the parent.

How to make textview stay visible with softkeyboard

If you have a textview that spans a few lines, but have buttons or something else below the textview that you would like to be shown, you can have the textview object be resized automatically to make room for Android’s softkeyboard. To do this, simply add one line to your AndroidManifest.xml file.

android:windowSoftInputMode="adjustResize"

This line of code should go inside of the

<activity
android:name="SomeActivityName"
android:windowSoftInputMode="adjustResize" >
</activity>

How to link text in Android

One of the weirdest things I stumbled across was the ability to hyperlink text in the Android environment.  Here is how to hyperlink text and then make it clickable.

TextView txtTheLink = (TextView)findViewById(R.id.txtTheLink); // Grab our textview/whatever with the HTML
txtTheLink.setText(Html.fromHtml("<a href=\"https://www.vooba.net\">Go to Vooba!</a>")); // Convert from HTML to remove the HTML tag>
txtLinks.setMovementMethod(LinkMovementMethod.getInstance()); // Activate the link

Hope this helps!

Permission to enable read/write access to SD card

If you are looking for the permission to add to your AndroidManifest file, you are looking for the WRITE_EXTERNAL_STORAGE setting. To do this programmatically, use this code:

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

How to get default preferences

You can get the default preferences from your preferences.xml file by using the following code:

// Get the xml/preferences.xml preferences
SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(getBaseContext());
String settingValue = preferences.getString("setting", "");

PHP Arrays in JAVA

Going from PHP to Java is a step backwards when dealing with arrays (imo).  One of the more beneficial things that you can do with a PHP array is define keys.  For example I can do something like:

$myList = array("oranges"=>15, "apples"=>25);

Then I can access how many oranges I have by going echo $myList[“oranges”];

To do something like this in JAVA is a bit different than just defining a normal array. In JAVA you need to use a Map:

HashMap myList = new HashMap();
myList.put("oranges", 15);
myList.put("apples", 25);

If you need to store two strings, then change the object type (I.e. HashMap).
To get the value, simply use the get method.

myList.get("oranges");

How to get the version name from the AndroidManifest.xml file

Use the following code snip in your application:

try
{
    String VersionName = this.getPackageManager().getPackageInfo(this.getPackageName(), 0).versionName;
}
catch (NameNotFoundException e)
{
    Log.v(tag, e.getMessage());
}