Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to capture the traffic of Genymotion Emulator with WireShark?

I would like to capture with wireshark one of the Android application's http messages.

I was trying to filter to android's ip address, then mac address without success. I'm sure the solution would be simply, but I couldn't figure it out yet.

like image 553
b4l4zs Avatar asked Apr 16 '15 11:04

b4l4zs


People also ask

How do I intercept traffic in Genymotion?

Setup manual proxy in Genymotion & Burp Setup Burp proxy via ProxyàOptionsàAdd. Select All Interfaces and specify proxy port. Bingo, you are now setup to intercept all traffic between your Android application and server.

How do I capture network traffic?

To capture network traffic, you can use tcpdump. This is a packet sniffer that can observe and record network traffic on an interface. In the following example, we capture 1,000 packets using tcpdump. An easier way to analyze network traffic is to use an actual network traffic analyzer, such as Wireshark.


1 Answers

Genymotion VMs have two network adapters in the underlying VirtualBox configuration. Which one you should capture on depends on what you're looking for. Also, some of the details (adapter names, etc.) depend on what OS you're using. However, the concepts are identical.

Adapter 1, usually vboxnet0 if you're on Ubuntu, is a host-only adapter used to support local interactions between the host and the VM. In the default Ubuntu setup, this is the 192.168.56.0 network. The host machine is 192.168.56.1 and the VM usually ends up getting 192.168.56.101 from VirtualBox's built-in DHCP server. This connection is used by the Android Debug Bridge (ADB) to connect development tools with the VM. For example, this is how Eclipse ADT and Android Studio are able to communicate with the VM for installing APKs, etc. When you do adb shell you are also connecting over this network. If you want to examine how your dev tools are communicating with your VM, capture on vboxnet0 (or equivalent).

Adapter 2 is normally NATed to your host's network connection, usually something like eth0 or wlan0 on Ubuntu. This enables Internet access for the VM. If you want to see how your VM is interacting with the local network or Internet, capture against your host's main network adapter. Unfortunately, when the VM is NATed, your VM traffic will have the same IP as your host, making it difficult to filter. If this causes a problem, shut down your VM, open VirtualBox directly (i.e., no Genymotion launcher), change Adapter 2 to "Bridged Adapter", and select the current active host adapter in the VM's network configuration. If your local LAN uses DHCP (likely), this will allow the VM to get it's own IP which you can then filter on in Wireshark. Once you restart the VM (from the Genymotion Launcher), you can find out what address it's been assigned with adb shell ifconfig from the host. Look for eth1 which corresponds to VIrtualBox Adapter 2 (eth0 is for the adb connection over VirtualBox Adapter 1).

like image 81
Paul Ratazzi Avatar answered Sep 21 '22 16:09

Paul Ratazzi