Menu
I am working on a project where I need to capture the incoming/outgoing packets and store them in a pcap file.
Android has provided VpnService for this purpose which was added in API Level 14. Although there seems to be a lot of questions regarding this on SO, surprisingly there are very less working examples of it. I tried using ToyVpn which is added in the samples but I was not able to make it work. Then i came upon this example.
VpnService Example
The example summarizes the capture in the following steps.
I created a TUN using the below code. I gave the address which were given in the above mentioned tutorial. Not sure, if there are the correct values. And how to decide this address.
Builder builder = new Builder();
ParcelFileDescriptor mInterface = builder.setSession("MyVPNService")
.addAddress("192.168.0.1", 24)
.addDnsServer("8.8.8.8")
.addRoute("0.0.0.0", 0).establish();
Next I got the file descriptor, and opened the tunnel.
FileInputStream in = new FileInputStream(
mInterface.getFileDescriptor());
DatagramChannel tunnel = DatagramChannel.open();
// I have created a EC2 instance on AWS, and gave the ip Address and port of that server. Not sure if this is the correct method.
tunnel.connect(new InetSocketAddress("54.254.187.207", 5000));
//d. Protect this socket, so package send by it will not be feedback to the vpn service.
protect(tunnel.socket());
Then applied a while loop for reading the packets.
while (true) {
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
while(true){
String line = reader.readLine();
if(line ==null){
break;
}else{
System.out.println("line is "+line);
}
// I am guessing that here after reading the packets, I need to forward them to the actual server.
}}
which was giving me the following output
02-21 19:12:26.074 16435-16778/awesomedroidapps.com.debugger I/System.out: line is E����@�'@��@������<��5��,��������������������graphfacebookcom������E����@�(@��
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is E����@0@��@����d�:�N����P�V�x�%0/�W�����
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��EP���
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is �%0.�%0/E����L�@��@�����Ɂ��5��8�[�����������������apploadingestcrittercismcom������E����@�:@��@�����d6�� �>�Wz� y�A�x�[����
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��T@�
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is y�1�y�7E����A�@��@��������5��-��-�����������������decidemixpanelcom������E������;@��@�F���d6�� �>�Wz�y�A�x������
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��]@���F����BA �+��q�ϔ���Jb2_'�D�y�̯��[:�1)���PΠ�ѡ���h71�L�3�=~������(�����������������S�~'U������9d_���"�I�E����@0@��@�
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ���d�:�N����P�V�x�%0/�W������
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ��^P���
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is �%0.�%0/E����=�@��@���������5��)l����������������t appsflyercom������E����=�@��@������6��5��)�.����������������t appsflyercom������E����@0@��@����d�:�N����P�V�x�%0/�W������
02-21 18:43:53.648 16435-16639/awesomedroidapps.com.debugger I/System.out: line is ���P���
From the logs it is clear that I am able to capture the outgoing packets in the TUN. The above logs somewhere print hosts like facebook.com which makes me believe I am on the right track.
But what should I do next after this? How to forward data to the server? I believe there are less working examples. But can someone give me step by step procedure on how to achieve this thing?
Update: Upon further digging, I came to know that I need to create a server and forward the intercepted packets to the server. I created a server on my computer and was able to successfully forward intercepted packets to my server. But I am not sure how to get the actual destination ip and port from the received packet so that I can send them to the intended destination.
PS: I also went through JnetPcap library, but it seems that to capture the live packets, the phone needs to be rooted which is not the requirement of my application.
627
To capture network traffic, you can use tcpdump. This is a packet sniffer that can observe and record network traffic on an interface. In the following example, we capture 1,000 packets using tcpdump. An easier way to analyze network traffic is to use an actual network traffic analyzer, such as Wireshark.
1. zAnti (Root) zAnti is not just a simple network sniffer, it is a complete penetration testing tool for your Android device. You can do complete network testing and a whole lot of other tests with a simple tap of a button.
Wireshark is not available for Android but there are some alternatives with similar functionality. The best Android alternative is CloudShark.
Pretty sure your best bet is to setup a proxy server and then use something like wireshark to monitor the traffic going to and from. I'm not an expert at this, but in the old days before switching routers were so cheap, it was very easy because all packets were broadcast to all computers on the same subnet. Maybe if you could get your hands on a hub/router that has the ability to disable switching you could use this method instead of a proxy.
These days most comm's is done using http and for that you have excellent tools like Charles (mac) and Fiddler (windows) which do exactly what you want except for http. They may at least be able to give you ideas on how to do the same thing with Wireshark
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
