Solitude: privacy analysis tool
Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating user privacy within an app accessible for everyone.
How does Solitude work?
Solitude runs an OpenVPN server inside of a docker container which then forwards all HTTP traffic to an HTTP intercepting proxy (mitmproxy) through a feature that makes use of the add-on API in mitmproxy.
How does Solitude searching work?
Solitude makes use of Yara rules to search through all the HTTP traffic that your proxy through the tool. Yara rules while relatively easy to write can be tedious so it does some of the heavy liftings for you. In the myrules.json file, define a key and value your pair of the type of data you would like to search for. There are some examples provided in myrules.json but feel free to add your own data. The key should be the type of data you are searching for such as “My phone number”. This key is used for the output generated when a match is found. The value should be the exact data you would like to match. Take into account different data formats so creating more entries for each piece of data might be necessary. For example, a phone number or birthday might have multiple formats. 03-03-1991 or March, 3rd 1991. If you want to add new rules in the JSON file Solitude will generate Yara rules for you each time you start the proxy.
Example: “phoneNumber”: “555-555-5555”, “Address”: “123 Sutter Street, San Francisco 94105”
- base64 and url recursive decoding (requests that are encoded say base64>url>base64 can be decoded and searched through)
- protobuf support (decodes the first layer of any protobuf request)
- Searches for MD5, SHA1, SHA256 of all data defined in myrules.json
- Built-in GPS, internal IP Address, and Mac Address regular expression searches
Copyright (C) 2021 nccgroup