I have read a paper which proposes an approach to capture network traffic from a specific android application.It says "We used tcpdump to collect all the network traffic from the virtual machine. We ported the strace utility to Android to log each networking system call performed by the app.We identified all the threads started by the app using the process id (pid) of the app. Based on this thread information,we can filter out the traffic that does not origin from the app". But I still could not know the operational principle.So how can I capture network traffic from a specific android application?Thanks for answering.
You can also use SandroProxy.It can capture also apps flow that do not respect android os proxy settings. There is also option to create pcap files for ssl flow. One option is also that creates ssl that can be decrypted with wireshark.
Idea is to intercept http/https flow as normal proxy or transparent proxy with iptables help, store it as request/responses or pcap files and forwarded further to server.
How to determine who is making requests: When you have open socket to proxy you must match information from /proc/net/tcp or /proc/net/tcp6 to get process uid. With this you can get packagesNames. It can be more that one.
You can examine how to make custom proxy and build one from sources here:
http://code.google.com/p/sandrop/source/browse/projects/SandroProxyPlugin/src/org/sandroproxy/plugin/gui/MainActivity.java
http://code.google.com/p/sandrop/source/browse/projects/SandroProxyPlugin/readme.txt
--- sent by SandroProxy support---
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With