i have an Android App, where i would like to see, how it communicates with the servers (Its an App from the Playstore).
For that i tried to read it out through Fiddler (installed on PC) and the setup worked perfect. The only problem is, that if the App is going through the PC proxy (to be able for Fidler to read the data) its not connecting to the servers. Other Apps or browsers are working.
Tried it with a real smartphone and a android emulator, same result. My questions are right now, if there is a kinda Fiddler app directly for the smartphone (so i dont have to use the proxy) or is the only way to decompile the apk (if possible).
Btw.: I changed the wifi settings for proxy, would maybe help here a extra proxy app aswell?
Your problem ("if the App is going through the PC proxy (to be able for Fidler to read the data) its not connecting to the servers") does not really make sense.
In order to monitor traffic you start fiddler on your PC and get the IP address of your PC in the WiFi. Then you set this IP and the port 8888 as your proxy on your android device. That way you see all traffic from the device in Fiddler. Note you need to configure Fiddler to accept connections from remote computers: "Tools" -> "Options" -> "Connections" -> "Allow remote computers to connect".
Related
I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages).
Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I try turning it on, the whole emulator restarts (probably crashes).
So how do I sniff/trace/inspect sockets traffic on Genymotion/Android emulator?
You might have better luck by doing it on the host side, ie from the Windows/Mac/Linux machine running Genymotion.
The basics
Install Wireshark
Start Wireshark and select the network interface which connects you to the Internet (or to the server you are interested in). For me it is wlp1s0.
Tell Wireshark you only want traffic going from your device to the server you are interested by entering ip.dst == <server-ip> in the filter line. Now go back to your device and use the application which communicates with the server. Traffic should appear in Wireshark. Here I am browsing my web site, whose IP address is 5.135.144.176:
Note that if Wireshark knows about the protocol used by the server, you can filter it. Here is the same output with the http filter:
Watching only traffic from the device
With the current setup, if you access the server from your host, this traffic will be logged by Wireshark as well. To avoid that you need to do the following:
Configure your device in Bridge mode: stop the device, open its settings dialog and select Bridge:
Get the device IP address: restart the device, open the "Settings" application and go to "About phone > Status", note the IP address:
Add this IP address to the filter line in wireshark, like so: ip.src == <the-device-ip> and ip.dst == <the-server-ip>.
my app is sending some http request, and I want during test step to get all requests and responses.
In browser I was used BrowserMobProxy to get all responses but it's look like it's work just on browser.
Is some one know how can I get responses from app in test step ?
You can re-route all connections through a proxy running on your development PC.
Note that I assume that you have a local Wifi router and a local network both your computer and the Android phone are connected to.
All you need is that the IP of your development PC is accessible from the Android phone you use for app testing.
On the PC install a inspection proxy like Fiddler (Windows), Burp Suite (Java) or Charles proxy (OSX).
By default most proxies only listen on localhost connection, but they can be configured to accept connections from other computers (or in this case an Android phone).
For Fiddler you find it in menu Tools -> Fiddler Options -> Tab Connections -> Allow remote computers to connect.
Configure it accordingly and then change the Wifi setting on the Android phone for the used Wifi network.
Enable the manual proxy configuration and enter your computer's IP address in your local network and the port number the proxy is listening on.
After saving the new Wifi settings all apps on the Android phone should use the proxy on your PC, which will allow you to see also the traffic of your app.
I've connected my Android device to my PC wi-fi using an application called Connectify , which make it easier to browse the internet using PC'S internet connection , when I did make connection to a web server using my android device , Fiddler didn't capture the traffic .
I am using windows 7
Routing my Android Wi-Fi connection to a proxy doesn't work , my router redirects all requests from local network to the Log in page to the router settings
To monitor the network traffic of an Android device using fiddler
Open Fiddler on your pc
Go to Tools >Fiddler Options >Connections. Make sure 'Allow remote computers to connect' is checked'.
In your android device, go to your wifi settings, long press on your current Wifi and click on 'Modify network'
Click 'Advanced Options' and set proxy to manual.
Under 'proxy hostname', enter the local IP of your computer.Under 'proxy port', type '8888' (this is the default port that fiddler listens on)
Now, you should be able to see the Android network traffic on your fiddler.
Hope this helps :)
First of all, do not use the Connectify. Uninstall it.
Follow the exact instructions on the fiddler documentation. It has screenshots for setting up the proxy and everything.
Make sure that your PC shares its internet connection when you first connect it to your wifi network.
Do not attempt this at a coffee shop or in an hotel, where wifi isolation is often practiced as a security measure.
It goes without saying, do not forget to turn off the mobile data of your android device.
I'm trying to capture traffic from an app on an Android phone and although I've set the proxy on the phone and can capture all other internet traffic coming from the phone (using Charles Proxy), I can't see any traffic for this one app.
How is this done, and how can I capture the traffic?
UPDATE:
If you need help setting up a wifi hotspot from your computer, so you
can connect your phone to it and Wireshark the traffic, just look at
the following link for directions:
http://www.wi-fiplanet.com/tutorials/article.php/3849841/How-to-Create-Wireless-Hosted-Networks-in-Windows-7.htm
If you want help decompiling an IOS app to assembly, look at this
link: http://www.infointox.net/?tag=arm
If you want a better Dex to Java decompiler than dex2jar, check this
out: https://github.com/skylot/jadx
There're several ways:
Connect your phone to your internal wifi access point (before connecting check advanced options and set a manual proxy).. Note: this method do not work for all network data.. some connections ignore this setting.
(works on rooted phones only) Install 'Shark for Root' application on your device... it will capture ALL traffic.. it will generated dump files that can be analized on your PC using Wireshark software
The best way: Setup your PC as a wifi access point and make your android device to use this wifi connection, then sniff the traffic using the same Wireshark application.
I strongly recommend you use something like "CharlesProxy" (or similar). Be aware of 2 things when u setup the proxy (I hope it is an application you are developing, otherwise be sure of what you do cause it can be ILEGAL):
1 - If you want to attack from your Android/iOS phone to the proxy installed in your local computer, you need the proxy to be configured to use the local IP:PORT (which means CharlesProxy needs to be configured as an address as 192.168.x.x if using a normal wifi network). Then, the Android/iOS phone needs to be setting the proxy to the same IP:PORT
2 - If the app uses https, there are several ways to manage HTTPS connections:
a) If your application accepts ALL Certificates, then it is not a problem for whatever proxy to capture and decrypt the information.
b) If your application accepts only system (and trusted) certificates, you have to export the charlesproxy certificate to your Android phone and to add it into the list of user's trusted certificates.
c) If your application is correctly doing "Certificate pinning", you won't be able to capture the traffic, unless you have the private certificate of your server and you add it in both (your phone) and the proxy configuration.
Hope it helps!
I have my device connected to debug Android apps, but I need to see the HTTP requests and responses (inc. header info).
I've seen a similar question asked on how to do this for an emulator, but how to do this when a real device is connected?
You can use Charles, is a really powerful tool that does exactly what you need.
Charles allows you to sniff the packets sent through HTTP from your actual device, the way you use it is simple:
Download and install Charles, run the program and specify the proxy port
Connect the Android Device to the very same network of the computer running Charles
Go to Wifi-Settings in Android Device and long tap on the network connected, then go to Modify Network-> Show advanced Options
Set Proxy as Manual and in Proxy Host name set your computer IP "192.xxx.x.x" and in the Proxy port add the same port specified in Charles Proxy Settings.
And that's it, all the traffic from your phone will be proxy to charles and it will show you headers, parameters, etc...
Hope it Helps
Regards!