In this demo you will
- Start locally HAM server
- Install the HAM certificate on Android
- Connect to HAM through proxy
- Intercept all Android DNS calls
- Intercept Google calls and replace the logo!
For more info look here!
Remember to open the 1080 and 1081 ports on the machine with the HAM running!!
Download the tar.gz, ham only from github releases and extract it
Go on the "ham" directory and run "proxy.run.bat/sh"
This will start ham with all services
Download the certificate
Open the zip file and send it via mail to your phone
- Send via mail the .der file
- Download it on your phone
- Open your phone's Settings app
- Solution 1
- Tap Security Advanced
- Solution 2
- Security settings
- Tap Encryption & credentials
- Tap Install a certificate. Wi-Fi certificate
- In the top left, tap Menu
- Tap where you saved the certificate
- Tap the file. If needed, enter the key store password
- Select it as a CA Root Authority
- Enter a name for the certificate
- Tap OK
Should set the proxy to 127.0.0.1 And port 1080 for socks5 or 1081 for http/https
Click me for more explanations
- Open your Android's Settings
- Tap Wi-Fi
- Solution 1
- Tap and hold the Wi-Fi Network Name
- Select Modify Network
- Solution 2
- CLicke the wheel on the network name
- Click the top right pen
- Click Advanced Options
- Tap Manual.
- Change your proxy's settings. Enter the hostname and proxy port (e.g. [yourPcIp]:1081)
- Tap Save.
You can now use some app, browse some page. You can check the DNS names captured by ham here
Notice how many stuffs your phone is accessing! Here I used (to give an example).
- Chrome
- Slack App
- Linkedin App
Go on the certificates configuration page and add a new website with value www.google.com
Add a new dns mapping on the dns configuration with
- ip: 127.0.0.1
- dns: www.google.com
Restart the browser to be sure that all DNS caches are cleaned!
Go on https://www.google.com
When you click on the locker near the address you will see that the website certificate is generated through "CN=root-cert"... OUR AUTHORITY :)
On Firefox
Or on Android Chrome
Go on the js-filters plugin and create a "Google" filter.
- Phase: POST_CALL (change the content received)
- Host Address: www.google.com
- Path Address: /
- Script. Notice the "" added to the response text, this is just to force a cast from Java String to Javscript string
var regex=/\/images\/branding\/[_a-zA-Z0-9]+\/[_a-zA-Z0-9]+\/[_a-zA-Z0-9]+\.png/gm; var responseText = response.getResponseText()+""; var changedText = responseText.replace(regex,'https://upload.wikimedia.org/wikipedia/commons/thumb/c/c7/Bing_logo_%282016%29.svg/320px-Bing_logo_%282016%29.svg.png'); response.setResponseText(changedText); return false;
Navigate to https://www.google.com with BING! logo :D
On Firefox
On Android
