Location Spoofing/Google Map from iPhone

From mywiki
Jump to navigation Jump to search


EditDate

Related Threads: Location Spoofing, Privacy

Trying to be able to tell Google Map I'm anywhere in addition to where I current am.

Got the flows but for efficiency reason and security the geographic content is hard to pull out.Web References https://johnnywunder.info/mywiki/index.php/Location Spoofing/Google Map from iPhone

  • --Johnny 14:50, 7 February 2020 (EST) Making some progress. Looks like 2 approached.
  1. For automated spoofing, easiest and most flexible, probably limited to browser based map programs, no APPs. The APP from google makes extensive use of compression and probably under the covers proprietary efficient information exchanges that are anything but transparent. Browser based mapping and direction programs have limited intelligence at the client and are restricted to web information exchanges that can be done cross platform and thus are open and transparent.
  2. I suspect with some work the APP based proprietary interfaces can be recorded and played back. Key issue is time and date for both TLS session maintenance and reasonable sequencing of location paths. This will probably require an add-on to MITMPROXY on the server but they seem open to that and the coding does not sound that hard.

Client Request App

Have captured flow from iPhone and eventually if not moving it falls into a repetitive posting to https://clients4.google.com . The request is part of an earlier set-up TLS session that I seem to be able to bridge and replay through MITMPROXY on my linux machine though it originated on my iPhone. Questions I'm trying to answer are:

  1. Where is the geo data?
  2. How much can I know about a proprietary call between google maps on the client and google server? Is it better to just replay or tweak during replay?

Assumptions

  1. I need to restart the TLS Session in my flow or these spoofed flows have a limited life span.
  2. I would be best served by staying with mitmproxy, recording and playing back the flows without trying to dummy up the variables.
  3. I need a way to delay client playback so the times between requests reflect the actual times between originally recorded requests.


Google Location Data

36° 29' 56.18" N, 75° 55' 5.56" W [1] e2*211m2*211m1*211s0x89bacd85358426a5:0xb7dc52b657ca9a20*213e2 36° 29' 22.94" N, 75° 54' 45.31" W [2]

Loading map...

References and Metadata

  1. pb Pearl's !1m1!7e140!2s2.ml_20200203_0.61bd3!3shttps://www.google.com/maps/dir//Pearl's+Bay+Villa+Restaurant+and+Marina,+Bay+Villa+Lane,+Knotts+Island,+NC/@36.4989383,-75.9182114,12z/data=*214m7*214m6*211m1*214
  2. Entry 101 mitmMarketSafari_iPhone