Packet capture app once started doesn't have internet connectivity for other apps anymore

Question

I have installed packet capture on my android phone - Samsung Galaxy S7 edge running Android version 8.0. It is not rooted

I followed all the steps and installed the SSL cert as well.

Here is the app link

When i click on the start button to capture traffic internet connectivity for apps doesn't work. Chrome works on the phone though.

The apps that i tried which lost access to internet were Amazon, Owl Cam, Arlo

Any idea what setting or changes i am missing?

Looked up similar question on stackoverflow without any answers

1) Question1

Answer 1

Short answer:

There is no complete solution for your problem. And it is impossible to solve it. The reason why this problem occurs is the existence of "Certificate Pinning". Even simple rooting can not solve your problem.

Still there is a partial solution. Turn off 'SSL Capture'. Then all apps will start working. But you won't be able to decrypt the contents of packets sent over an SSL connection. But you will still be able to see the source and destination address of the packets. If your packet sniffer application does not have an option to turn off SSL packet sniffing, in that case uninstall the app, remove any custom CA certificate installed and then re-install the app.

Long answer:

How a normal packet sniffer (that do not require root) works on Android.

Android allows an app to act as a 'VPN Gateway app'. When an app tells Android that it wants to provide a VPN connection, Android will forward all IP packets destined to internet from all other apps to the VPN App. The VPN app then usually encrypt those packets and send it to the VPN server, from where the packets would go to their original destination.

Packet Sniffer packets make use of the above mentioned feature. They appear like a VPN app to Android. So, once turned on, Android will send all IP traffic to this app. But in order to forward them to a VPN server, the Packet Sniffer app would simply sent them to their original destination. This way the Packet Sniffer apps simply act like a transparent proxy. The app is able to all incoming and outgoing traffic. Those apps are essentially acting like a "man-in-the-middle".

TSL/SLL and Ccertificate Authority

SSL (and HTTPS) is built almost entirely for the purpose of preventing any kind of "man-in-the-middle" attack. SSL runs over normal TCP connection. What it does is that it encrypt all traffic that is being sent between a client and server with a secrete key that is know only to the client and server. You may read more detailed and accurate information about how SSL works here

While setting up a TLS/SSL connection, a client device will ask the server to show it's digital signature certificate (AKA SSL certificate) proving that the server is whom it is claimed to be. That is when Amazon App tries to connect to amazon.com, it will ask the server to produce a digital signature certificate proving that the server is in fact amazon.com . When the server sends the certificate back, the app will ask Android Operating System if the certificate is digitally signed by someone the Android
trusts. If the certificate is in fact signed by a CA (Certificate Authority) that the Android Operating System trusts, the connection proceeds. Otherwise app will show an error that it is unable to connect.

How Packet Sniffing apps are normally able to sniff TLS/SSL packets?

Packet Sniffer apps will ask user to install a custom CA Certificate on the system on Android. That CA(Certificate Authority) certificate will make the Packet Sniffer app be treated as legitimate and trusted TSL/SSL certificate issuer authority on that device.

Now all apps by default will accept a TSL/SSL certificate signed by the Packet Sniffer app. So if an app like Amazon App tries to make an SSL/TLS/HTTPS connection while the Packet Sniffer app is running, the PacketSniffer app will establish to TLS/SSL/HTTPS connections - one between Amazon App and the Packet Sniffer, another between the Packet Sniffer app and the amazon.com server. The Packet Sniffer will show a fake SSL certificate claiming that it is in fact amazon.com server. Since Android now trust any SSL certificate that is signed by the Packet Sniffer app, the connection proceeds fooling the Amazon App.

This way a Packet Sniffer app would normally able to capture and decrypt even those packets that are sent over an SSL connection.

Certificate Pinning

If a packet sniffer app like the one described above can decrypt information sent over an SSL connection, then same thing can be done by a malicious person too. All he needs to do is somehow convince the user to install his CA certificate on Android. Then he will be able to read all WhatsApp messages, banking passwords from Bank apps, Credit Card information that Amazon app send to amazon.com .... and what not.

So makers of some apps, particularly those which handle highly confidential data like credit card details, decided that they can no longer put trust on Android OS (or iOS, Ubuntu and Windows) in determining whether app is in fact connected the legitimate server or not.

So they started following the practice of certificate pinning.

What makers of those app do is that they may either embed a copy of server's SSL certificate itself with-in the app or embed a copy of SSL certificate of a Certificate Authority they use.

Those apps would then compare any certificate produced by the server with the certificates that is embedded with-in the app. If they do not match, the apps will simply refuse to connect. Those apps do not place the trust on Operating System. Hence the custom CA certificate that the Packet Sniffer app installed would have no effect on those apps.

There is no known way to easily bypass certificate pinning (other than decompiling each app and replace the embedded certificate, that too on a rooted device). Certificate pinning exist solely for the purpose of preventing exactly what you are trying to achieve. If you enable SSL sniffing on your Packet Sniffer app, all apps that uses certificate pinning will stop working.

Solution

Turn off SSL Capture. If your packet sniffer application does not have an option to turn off SSL packet sniffing, in that case uninstall the app, remove any custom CA certificate installed and then re-install the app.