I recently switched phones from a LG G4 to a Sony Xperia X Performance (isn't that a mouthful!), so I had a spare Android phone lying around. What better use for than to sniff some traffic! First up is ai.type Free Emoji Keyboard, a free keyboard that has built in text-swiping features, emoji, a calculator and much more. Android keyboards have the ability to read what you type, mostly just to improve text correction and prediction. This is an understandable permission but has the opportunity for misuse.
I loaded up Burp Suite, added the proxy setting to the phone and off I went. First request right off:
Holy leaking information batman! The app sent my email addresses, latitude, longitude, IP address and device info to their server over HTTP.
Now you may be thinking "well ads display in apps too, they must send juicy tracking information back too", so let's take a look.
Ads on your mobile device can use a fair chunk of your monthly data, so I set out to create a way to disable them while browsing. If you happen to have a rooted Android phone, AdAway is the easiest solution that I have found. Another solution is creating your own DNS server, to have all traffic to unwanted domains be unresolved. While that's great, one can only set the DNS servers manually for wifi, not for mobile data (3G/LTE). The fix this issue, what I did was create an OpenVPN server with Bind9 zones to block unwanted domains.
To bootstrap installing VPN, I used this script to quickly set up an OpenVPN server. Its all very straight forward and will prompt for a few options.
If all went well, it will generate a client profile for you to use (.ovpn). Next, I installed bind9 and followed this tutorial. Once that is all set up, you'll have an ad blocking DNS server! Only thing left to do is force clients to use the DNS.
The Makefile for SnackLinux has been updated, I made it a bit easier to build SnackLinux from scratch. I'd like to update GCC to at least 5.x something, and add a few more packages to SnackLinux. Eventually, adding a PKGBUILD-like system to fbpkg would be preferable. Right now, it's just a bunch of instructions on the snacklinux.com.
There are countless tools and software stacks out there to monitor your servers out, though some are not the easiest to setup. I went with Nagios since it's straightforward to configure and easy to setup. For reference, I used Nagios 4.0.8 on Debian 7 using Debian 7 slaves. The Nagios master node already had lighttpd and PHP set up so I'll gloss over that.
Start by downloading Nagios and Nagios plugins: