问题
I need to monitor the VPN traffic i.e. I need to read incoming and outgoing VPN traffic.
For this, I am trying to create my own VPN client, but I did not find any working example of "android.net.VpnService", I looked at android sample application ToyVpn, but it is not working, I'm getting following exception:
E/ToyVpnService(2302): Got java.net.PortUnreachableException:
E/ToyVpnService(2302): Got java.net.SocketException: sendto failed: ECONNREFUSED (Connection refused)
Also, it is not mentioned anywhere, "how to set username".
It read that we can use hidden APIs but this will require root access, right now I don't have a rooted phone...
What I want to ask about this (hidden APIs) approach is that, the apps which use hidden APIs, do they create their own VPN client or uses the android's default client? And if they use android's default client then is this still possible to read the incoming and outgoing traffic?
I am seeking some guidelines, or a working example, about creating my own vpn client using "android.net.VpnService".
回答1:
I need to monitor the VPN traffic i.e. I need to read incoming and outgoing VPN traffic.
Unless this is your own VPN implementation that you hacked a backdoor into, this had better be impossible, for obvious security reasons.
I'm getting following exception
Off the cuff, my guess is that you are not running the ToyVPN server component, or it is not reachable from your test environment. However, it has been quite a while since I played with ToyVPN and I am not an expert on its code base.
Also, it is not mentioned anywhere, "how to set username".
I do not recall ToyVPN having the concept of a "username".
It read that we can use hidden APIs but this will require root access
Hidden APIs have nothing to do with root access.
do they create their own VPN client or uses the android's default client?
You would have to ask the authors of whatever apps you are referring to.
And if they use android's default client then is this still possible to read the incoming and outgoing traffic?
Only the "incoming and outgoing traffic" that they generate. It should not be possible to spy on other apps' VPN traffic, for obvious security reasons.
回答2:
I need to monitor the VPN traffic i.e. I need to read incoming and outgoing VPN traffic.
That's something of an ambiguous question, because the VPN has an incoming and outgoing stream, and should implement an incoming and outgoing tunnel stream.
For a conventional VPN you'll have to coordinate both; on one hand setting up a tunnel connection to a VPN server and writing the input stream of the VpnService's interface into the tunnel output stream, and on the other hand writing the tunnel response back into the interface output stream.
Contrary to what Mark states in his answer, you do get the raw network requests as the input stream of the VpnService interface. Bear in mind that you're getting the raw bytes that would be communicated over the network interface, so you'll actually have to go out of your way to parse the IP packet and its TCP or UDP payload.
来源:https://stackoverflow.com/questions/13228834/vpn-client-on-android-questions-about-vpn-client-and-use-of-hidden-apis