Major project for Advanced Topics in Computer Science. Using mitmproxy to automatically detect if private data has been leaked in network traffic data by certain android applications.
Mitmproxy is a interactive proxy that includes 3 tools: mitmproxy, mitmdump and mitmweb. This project makes use of mitmdump in order to capture the network traffic from an Android device. The original repository can be found at https://github.com/mitmproxy/mitmproxy/.
To run this project in its entirety, you will need:
- An Android device with USB debugging enabled
- Python 3.6
- A dataset of APKs to test with the names as "com.package.name.apk"
- Mitmproxy
- A network that both the Android device and testing PC can connect to
- Device information as produced by sharing from the application Device ID located at: https://play.google.com/store/apps/details?id=com.evozi.deviceid
The Android device needs to be connected to the same Wi-Fi network that the PC is connected to in order to intercept the traffic with mitmproxy. Then modify the Wi-Fi settings of the Android device to connect to a manual proxy with the address as the local IP address of the PC and the port as 1259 as set in network_traffic_analyser.py. Once this is completed, the certificate must be installed by visiting http://mitm.it/ as explained in the mitmproxy documentation at https://docs.mitmproxy.org/stable/concepts-certificates/. This project can be run using python3 network_traffic_analyser.py
Data will be collected from the Android applications that are saved as APKs in the APKs folder. This project automatically installs and runs these applications one by one to the connected Android device to get their network traffic. APKs are not included in this repository due to size requirements. Each application is run for the same amount of time to ensure a fair test. The script produces an output for each application which is located in "output/com.package.name.apk-mitmproxy.txt". This file includes all the netowrk requests that were generated during the time the app was run for the review of the user.
Once the data is collected from the apps, the script checks to see in which requests were personal information shared. Personal information can be set in the deviceInfo.txt file. The version of the file used is a direct copy from the Device ID app, however, any information can be put into this file on a new line, following the same format: Information name: Information. The script automatically detects which URLs were sent personal information and is able to then blacklist them.