APNS spoof/fake - apple-push-notifications

I want to have a standalone network (no internet access) for testing. Is there any way to spoof the APNS servers to test notifications and MDM. Is there a way to create your own APNS server.

Sure. The APNS protocol is defined in Apple's documentation here: The Binary Interface and Notification Formats. Basically, it's just an SSL server that speaks a simple binary protocol. We have implemented a mock push server and feedback server for our internal testing.

Related

Gateway API - Apache APISIX with Secured Websockets

I am trying to add an API Gateway to a client-server system, which communicates through WebSockets.
The Server is an audio recognition engine that sits in a remote machine, and clients are connecting to it through WebSockets ('wss://...'), sending audio files and receiving their text translate representation.
My main goal is to add a free open-source API Gateway in the middle in order to authenticate\authorize\rate limit\etc (Tried Kong\Tyk\krakenD, but they are not free).
After searching the web, I focused on Apache APISIX gateway.
As a test, I managed to connect the APISIX to a client-server which communicates by http/https and it worked fine.
Moreover, I managed to connect the client with the server on regular websocket connection (ws://) and the data transactions were successful, but no matter what I do I cant connect to the secured connection. Are there any special configurations I should edit in the dashboard?
I'm wondering if anyone knows from experience if it's possible to use
the secured WebSockets with Apache APISIX and if yes, how exactly it should be done - because the docs are missing any informative info\examples, or if there are better solutions known to my problem.
The only WebSocket reference in APISIX dashboard -
What you should do is create an SSL object (you can find it in the sidebar on the left side). See https://apisix.apache.org/docs/apisix/admin-api/#ssl to learn the APISIX SSL object.
You can see an example at https://apisix.apache.org/docs/apisix/certificate
The SSL object provides the required TLS Certificate and Private Key so that this key pair can be used in a TLS handshake according to the TLS SNI sent from clients. After that, your client established a secured connection with APISIX, and now you can send the WebSocket traffic securely.

Push notification from local API in xamarin forms

I am having an API locally hosted in one of the servers (LAN). What I am looking to understand if it is feasible to enable push notification from the server in case of a record entry. Every time a post request is made to the local server, Is it possible to push a notification to a certain mobile device? Please note, I am not considering push notification from web services such as google, Azure, Firebase etc.
It is feasible.
As Sushi said, you can use WebSockets or other Sockets to keep connect between Apps and Server. When client connected to your server, server will record which app is connecting.
By the way, you can custom notification's url between server and app.Use some special characters to distinguish between your various parameters, such as &/[ ]. You are free to set the header and body style of the message. Also, when your message needs to be encrypted, some encryption methods can be used.
Here is a similar discussion about Building an Android notification server can be refer .

How to proxy gRPC calls

I'm trying to analyse what information an app is sending so I setup Charles but to my surprise nothing was logged out.
After decompiling the app I see that it doesn't use simple REST calls but rather a library called gRPC.
Is there a good tool out there that will allow me too see what is send out from the app?
The Mediator is a Cross-platform GUI gRPC debugging proxy like Charles but design for gRPC.
You can dump all gRPC requests without any configuration.
Mediator can render the binary message into a JSON tree, when you have the API schema.
It support decode gRPC/TLS, but you should download and install the Mediator Root Certificate to your device.
gRPC uses HTTP/2 as a transport protocol. Any proxy which supports HTTP/2 for both the front-end and back-end connections should be able to be used to inspect the packets a gRPC connection. Note, some proxies only support HTTP/2 for the front-end or back-end connections and those are incompatible with gRPC.
Envoy Proxy (https://www.envoyproxy.io/) supports proxying gRPC connections and can be configured to log out request information.
Some other example proxies include:
Nginx https://medium.com/nirman-tech-blog/nginx-as-reverse-proxy-with-grpc-820d35642bff
https://github.com/mwitkow/grpc-proxy
https://github.com/mercari/grpc-http-proxy
If you are asking for android there is a app called HttpCanry. It can log request/ respond.

Should I use a different certificate for the APNS HTTP2 API?

Recently, I want to change my codes of pushing notifications to apple from basing on old binary API to new http2 API. The question is that should I use a different certificate for this http2 API when I connect to apple ? Because when I send a notification to apple with a valid token(the token is valid when I send notifications with old API) using http2 API, it returns "BadDeviceToken". So I'm wondering whether the token is really bad or the certificate that I use is not qualified .
We were also trying to break our heads with such an issue where we were trying to send push to production device tokens using the HTTP/2 API but were getting {"reason":"BadDeviceToken"} as the response and it was a clear mistake from our side, we were using the same code that we were using for test push notifications on dev environment to send push notifications on production, which was sending push to
https://api.development.push.apple.com/3/device/
rather for production it should be
https://api.push.apple.com/3/device
Hope it helps somebody but one issue with the new API is the distribution SSL certificate works for both the sandbox and production, not the other way round so be careful.
You can still use your old certificate with the new HTTP/2 API.
The BadDeviceToken is most commonly because you are trying to push through their production gateway wth a development token or vice versa.
Tokens are only valid for either development or production, and this is determined by the provisioning profile of your app.

Send Push Notifications Through Proxy (APNs and GCM)

I have built both ios and android apps which will receive push notifications. The problems are NOT from device side but from server side.
Because our company's internal server must connect to external network through Proxy, when users send notifications to mobile devices, the server which handles sending notification request must send request to proxy server then proxy server forwards request to APNs and GCM.
I have no idea about how to send push notification requests through proxy. I have studies in this case for several days, but no solutions have been found.
I saw some guys said APNs does not allow connections coming from Proxy Server. Only direct connection is accepted. Is that true? Is there any official docs mentioned it?
Is there anyone able to help me?
I wanna know how to send push notification through proxy for ios and android.
If you are using Java.You can use javaApns enter link description here for ios. I my self have problem right now to get GCM to send through proxy on my Server local it works. If you can you can configure the application server to send through proxy.

Resources