I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages).
Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I try turning it on, the whole emulator restarts (probably crashes).
So how do I sniff/trace/inspect sockets traffic on Genymotion/Android emulator?
You might have better luck by doing it on the host side, ie from the Windows/Mac/Linux machine running Genymotion.
The basics
Install Wireshark
Start Wireshark and select the network interface which connects you to the Internet (or to the server you are interested in). For me it is wlp1s0.
Tell Wireshark you only want traffic going from your device to the server you are interested by entering ip.dst == <server-ip> in the filter line. Now go back to your device and use the application which communicates with the server. Traffic should appear in Wireshark. Here I am browsing my web site, whose IP address is 5.135.144.176:
Note that if Wireshark knows about the protocol used by the server, you can filter it. Here is the same output with the http filter:
Watching only traffic from the device
With the current setup, if you access the server from your host, this traffic will be logged by Wireshark as well. To avoid that you need to do the following:
Configure your device in Bridge mode: stop the device, open its settings dialog and select Bridge:
Get the device IP address: restart the device, open the "Settings" application and go to "About phone > Status", note the IP address:
Add this IP address to the filter line in wireshark, like so: ip.src == <the-device-ip> and ip.dst == <the-server-ip>.
Related
i have an Android App, where i would like to see, how it communicates with the servers (Its an App from the Playstore).
For that i tried to read it out through Fiddler (installed on PC) and the setup worked perfect. The only problem is, that if the App is going through the PC proxy (to be able for Fidler to read the data) its not connecting to the servers. Other Apps or browsers are working.
Tried it with a real smartphone and a android emulator, same result. My questions are right now, if there is a kinda Fiddler app directly for the smartphone (so i dont have to use the proxy) or is the only way to decompile the apk (if possible).
Btw.: I changed the wifi settings for proxy, would maybe help here a extra proxy app aswell?
Your problem ("if the App is going through the PC proxy (to be able for Fidler to read the data) its not connecting to the servers") does not really make sense.
In order to monitor traffic you start fiddler on your PC and get the IP address of your PC in the WiFi. Then you set this IP and the port 8888 as your proxy on your android device. That way you see all traffic from the device in Fiddler. Note you need to configure Fiddler to accept connections from remote computers: "Tools" -> "Options" -> "Connections" -> "Allow remote computers to connect".
my app is sending some http request, and I want during test step to get all requests and responses.
In browser I was used BrowserMobProxy to get all responses but it's look like it's work just on browser.
Is some one know how can I get responses from app in test step ?
You can re-route all connections through a proxy running on your development PC.
Note that I assume that you have a local Wifi router and a local network both your computer and the Android phone are connected to.
All you need is that the IP of your development PC is accessible from the Android phone you use for app testing.
On the PC install a inspection proxy like Fiddler (Windows), Burp Suite (Java) or Charles proxy (OSX).
By default most proxies only listen on localhost connection, but they can be configured to accept connections from other computers (or in this case an Android phone).
For Fiddler you find it in menu Tools -> Fiddler Options -> Tab Connections -> Allow remote computers to connect.
Configure it accordingly and then change the Wifi setting on the Android phone for the used Wifi network.
Enable the manual proxy configuration and enter your computer's IP address in your local network and the port number the proxy is listening on.
After saving the new Wifi settings all apps on the Android phone should use the proxy on your PC, which will allow you to see also the traffic of your app.
How can I direct all android data traffic excluding calls and SMS through a proxy server before it actually reaches its destination, I was able to retrieve and edit some system information like the net.eth0.gw. Will that help and if so, what exactly should I do with it? I'm very new to android and networking, any help will be appreciated.
Thank you.
You can direct your Android to use a Fiddler proxy. Or any HTTP proxy for that matter.
I do this from time to time on my Android phone for debugging HTTP network traffic. And that covers about 90% of everything you could think of needing to capture.
Setup Fiddler on your PC and enable it as a proxy server for other nodes. From the Fiddler Tool's menu, select Fiddler Options, and then Connections Tab. Then enable the "allow remote computers to connect" checkbox.
Then configure your Android device's Wifi settings such that a manual proxy setting is specified for the current Wifi connection. (You give it your PC's IP address at port 8888).
Then browse some websites on your phone. You should see the request/response flows in the Fiddler window.
This obviously only works for HTTP traffic - for code that uses the typical class libraries built into the connection. It doesn't work for code using sockets. Anything over HTTPS will be hard to view since its encrypted, although Fiddler has a few options that you can try (YMMV).
I have my device connected to debug Android apps, but I need to see the HTTP requests and responses (inc. header info).
I've seen a similar question asked on how to do this for an emulator, but how to do this when a real device is connected?
You can use Charles, is a really powerful tool that does exactly what you need.
Charles allows you to sniff the packets sent through HTTP from your actual device, the way you use it is simple:
Download and install Charles, run the program and specify the proxy port
Connect the Android Device to the very same network of the computer running Charles
Go to Wifi-Settings in Android Device and long tap on the network connected, then go to Modify Network-> Show advanced Options
Set Proxy as Manual and in Proxy Host name set your computer IP "192.xxx.x.x" and in the Proxy port add the same port specified in Charles Proxy Settings.
And that's it, all the traffic from your phone will be proxy to charles and it will show you headers, parameters, etc...
Hope it Helps
Regards!
I got this crazy idea that I don't know is possible or not... what I want to do is set up my phone as wifi access point, then allow people to connect to it, but handle all incoming http traffic myself.
So:
phone wifi in access point mode; open wifi network (this tidbit works - yes I know it's not officially supported but then I have no intention to distribute put this app on the open market or so, it works on my phone and that's good enough for me).
client can connect to the phone (e.g. my laptop: this also works).
when client tries to open an http connection to any random server, this has to be intercepted by my app and handled by a local web server. This is the point that I'm stuck on.
The web server part shouldn't be too hard; there are (open-source) web servers available. But getting the traffic to that web server, there is the problem.
The behaviour I'm after is a bit similar to what you get when connecting to some open hotspot, like hotel hotspots, that then redirect you to a login page. This intercepting of the connection request (I suspect I have to look at DNS requests?) is what I'm after.
I have seen an app that is doing this but they require the phone to be rooted. I'm hoping to find a way to do it without rooting the phone.
Wifi hotspots would usually use IPTables to redirect port 80/443 traffic to a local web server.
I have run squid on linux machines in the past on port 3128, then sent all port 80/443 traffic to squid. Then I used squid redirect any url that I didnt explicitly allow to a local web server.
IPTables is accessible on rooted android devices only though.
And I doubt there are many proxy servers available on android, so you would have to send HTTP traffic to a proxy server over the network connection.
Like has been said, you'll need IPTables, but you'll also need a proxy server, like Squid.
Google "transparent proxy with squid", or check here:
Linux: Setup a transparent proxy with Squid in three easy steps
you do not need to have a proxy, you just need a full LAMP stack on your device and IPtables, you can mark all packets that have not been authenticated to forward through to your local page, then using php change the rule for that IP address once the address has authenticated, you could do the same for mac addresses if you wish, you would then also need a daemon that periodically reset each exception