Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to capture network traffic from a specific android application.

I have read a paper which proposes an approach to capture network traffic from a specific android application.It says "We used tcpdump to collect all the network traffic from the virtual machine. We ported the strace utility to Android to log each networking system call performed by the app.We identified all the threads started by the app using the process id (pid) of the app. Based on this thread information,we can filter out the traffic that does not origin from the app". But I still could not know the operational principle.So how can I capture network traffic from a specific android application?Thanks for answering.

like image 685
user3308958 Avatar asked Feb 14 '14 05:02

user3308958


1 Answers

You can also use SandroProxy.It can capture also apps flow that do not respect android os proxy settings. There is also option to create pcap files for ssl flow. One option is also that creates ssl that can be decrypted with wireshark.

Idea is to intercept http/https flow as normal proxy or transparent proxy with iptables help, store it as request/responses or pcap files and forwarded further to server.

How to determine who is making requests: When you have open socket to proxy you must match information from /proc/net/tcp or /proc/net/tcp6 to get process uid. With this you can get packagesNames. It can be more that one.

You can examine how to make custom proxy and build one from sources here:

http://code.google.com/p/sandrop/source/browse/projects/SandroProxyPlugin/src/org/sandroproxy/plugin/gui/MainActivity.java

http://code.google.com/p/sandrop/source/browse/projects/SandroProxyPlugin/readme.txt

--- sent by SandroProxy support---

like image 114
SandroProxy support Avatar answered Oct 16 '22 17:10

SandroProxy support