I would like to capture with wireshark one of the Android application's http messages.
I was trying to filter to android's ip address, then mac address without success. I'm sure the solution would be simply, but I couldn't figure it out yet.
Setup manual proxy in Genymotion & Burp Setup Burp proxy via ProxyàOptionsàAdd. Select All Interfaces and specify proxy port. Bingo, you are now setup to intercept all traffic between your Android application and server.
To capture network traffic, you can use tcpdump. This is a packet sniffer that can observe and record network traffic on an interface. In the following example, we capture 1,000 packets using tcpdump. An easier way to analyze network traffic is to use an actual network traffic analyzer, such as Wireshark.
Genymotion VMs have two network adapters in the underlying VirtualBox configuration. Which one you should capture on depends on what you're looking for. Also, some of the details (adapter names, etc.) depend on what OS you're using. However, the concepts are identical.
Adapter 1, usually vboxnet0
if you're on Ubuntu, is a host-only adapter used to support local interactions between the host and the VM. In the default Ubuntu setup, this is the 192.168.56.0
network. The host machine is 192.168.56.1
and the VM usually ends up getting 192.168.56.101
from VirtualBox's built-in DHCP server. This connection is used by the Android Debug Bridge (ADB) to connect development tools with the VM. For example, this is how Eclipse ADT and Android Studio are able to communicate with the VM for installing APKs, etc. When you do adb shell
you are also connecting over this network. If you want to examine how your dev tools are communicating with your VM, capture on vboxnet0
(or equivalent).
Adapter 2 is normally NATed to your host's network connection, usually something like eth0
or wlan0
on Ubuntu. This enables Internet access for the VM. If you want to see how your VM is interacting with the local network or Internet, capture against your host's main network adapter. Unfortunately, when the VM is NATed, your VM traffic will have the same IP as your host, making it difficult to filter. If this causes a problem, shut down your VM, open VirtualBox directly (i.e., no Genymotion launcher), change Adapter 2 to "Bridged Adapter", and select the current active host adapter in the VM's network configuration. If your local LAN uses DHCP (likely), this will allow the VM to get it's own IP which you can then filter on in Wireshark. Once you restart the VM (from the Genymotion Launcher), you can find out what address it's been assigned with adb shell ifconfig
from the host. Look for eth1
which corresponds to VIrtualBox Adapter 2 (eth0
is for the adb
connection over VirtualBox Adapter 1).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With