Does anyone know how to set up fiddler to monitor/sniff traffic from bluestacks? I've seen others mentioning that it can be done, but need some direction on configuring fiddler or configuring bluestacks to get it going. Currently fiddler is returning a message, some tunnel to message. Perhaps I would need to configure the port/proxy for bluestacks. If this is the case, does anyone know how this is to be done or can point me in the right direction?
You can capture Bluestacks traffic using:
Wireshark (problem: we can't see https (SSL) traffic)..
We can use ProxyCap software and setup all BlueStacks executables to work via our Fiddler local proxy. But we have an issue here - We can't import Fiddler Certificate into BlueStacks (at least I didn't found a way yet)..
one possible solution would be to:
KILL BlueStacks processes.
Find BlueStacks Root.fs file (in my case it's located here: c:\ProgramData\BlueStacks\Android)
edit that file using linux tools (it's an image .. we can do fdisk Root.fs to see partitions.. then mout it with loop rw .. and modify.. but that's need more digging).
one important note: we need to find a way to block BlueStacks autoupdates (and discard our changes in Root.fs)
Supposedly, BlueStacks doesn't support proxy settings (https://android.stackexchange.com/questions/27224/how-to-configure-bluestack-appplayer-to-use-proxy-settings-when-connecting-to-ne) which would imply that its traffic would not go through Fiddler.
However, you say "Fiddler is returning a message some tunnel to message" which implies to me that maybe they were incorrect and the traffic is going through Fiddler and the client merely needs to be configured to trust the Fiddler root certificate.
Can you share a screenshot of the Fiddler UI showing the "Tunnel to" in question?
If all you need is to set a browser within Bluestacks proxy, this proxy setting app worked for me:
https://play.google.com/store/apps/details?id=com.lechucksoftware.proxy.proxysettings
Related
I installed Nox Player emulator on my Windows PC and used both Fiddler Classic and Charles Proxy to capture traffic from the emulator. I have installed the certificate of Fiddler and Charles Proxy too. By using Frida I'm able to intercept all the traffic of all apps except one app. When I opened the app it run well without any errors but no single traffic was captured. I modified the .apk file by removing the pin-set in network_secufity_config.xml but no luck. Other apps can be intercepted but not this app. Is there any setup I missed or the app has extra protection?
This similar question has almost the same problem
Either it's not HTTP traffic, or it's not viewable.
If it's not HTTP Traffic, you might need a different tool like Wireshark.
If it is HTTPS traffic that the proxy can't decrypt, it might be PKP. To capture it you might want to produce the stack trace around basic connection classes, see who's producing the calls, and find how to decrypt it within frida. If you're using OS level platforms like Magisk, there are ways to always trust the certificates at the system level, which might save you a hustle.
Been using Charles Proxy for years now but recently I've been having issues setting up my Android device.
Certificates have been installed on the Android device. I've confirmed they are in fact listed as trusted certificates in my certificates list. Everything is setup correctly, but SSL traffic continues to be blocked.
I've tried reaching out for support, but they don't ever respond.
Has anybody had this issue before?
I was having all my traffic blocked. The issue was that "Allow list" (in Tools menu) was enabled, so only traffic to allowed locations were going through. After disabling that, issue got fixed.
Everything is setup correctly, but SSL traffic continues to be blocked.
Sometimes I used to see red cross on SSL requests coming from Android. I was unable to read the content. It started working fine for me after I setup the SSP Proxy Settings option. I checked the Enable SSL Proxying option as shown in the image and added the wildcard URL's that I want to filter. Eg: *.your-server-url.com
Update:
Also I don't think you can do it in release build of your application.
And for Android N and above there have been these changes you'll need to include in your project for it to work: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
Hope this helps a bit.
I am using VS 2013 to connect with the new VS2015 Android Emulator. This seems to work now and I can debug, set breakpoints etc which is all fine. (Now, I would use VS2015 but it won't deploy properly -never mind).
I am also developing the server app on my machine and using Fiddler as an http debug aid.. not an uncommon situation I am sure.
The server is running (also under debug in another instance of VS 2013) using IIS Express and I have added bindings to the applicationhost.config so the IISExpress server is visible on my LAN from other PC's and I've checked it is visible.
Try as I might I can not seem to get the Emulator to send the http requests back to my computer.
My javascript uses a servicebase to hold the url:
var serviceBase = 'http://192.168.2.4:64963/'; //'http://169.254.220.177:64963/'; //'http://10.0.2.2:64963/'; //'http://localhost:64963/';
The commented ones show the ones I have tried. None of these works.. the first is the IP of my machine on the LAN, the rest are various ones I have picked up here or the Android dev site.. I have also tried:
http://mymachinename:64963
Because I am bringing both web AND API services from this URL I have also tried a chrome browser on my real android phone (over wifi on my LAN) and this can't get to my dev machine either (where my other pc's can). So I get that it probably can't resolve the names? But really not sure where to go next? I wondered about the Hosts file on my PC but not sure if I can/should set an IP address as a host name? .. any pointers? Thanks, Brett
169.254.80.80 is the localhost loopback.
By going to Additional Tools in the VS emulator for Android (click the >> button on the right hand side) and selecting the Network tab, you will get all the information about the network connectivity.
For the localhost loopback, use the address listed under the Desktop Adapter #2. Desktop Adapter #1 should work as well, which is the IP address of your machine.
I am answering this because I have seen a lot of comments/questions about this topic and need to include some bits that it is hard to fit in the comments.. and I have solved it.
First the solution.. was to delete/replace the vsemu.vhd and vsemu.sdcard.vhd for the emulator with safe copies. This was because in my efforts to fix the problem I assume I had changed some setting in the emulator phone data. Sadly I am not sure what.
However, and this checklist may be useful to someone, before this I was led to it by the fact that because I had web services as well as API from my server URL I was able to test webpage access. This worked on pcs but failed on wifi connected android devices on my network with pc names.. as mentioned in my original question. But it wouldn't work with a numeric IP address either.
I had already added the numeric IP to the applicationhosts.config file of IISExpress, but what I hadn't done, because I thought its on the machine its referring to, was execute the
netsh http add urlacl url=http://192.168.2.1:94693/ user=everyone
command to let it all through.
Once I had done this, I was able to connect using the IP address from a phone, and this led me to discover that the Emulator had obviously got some form of problem. Replacing the VHD's fixed this and I am now communicating.
In case anyone else has this issue using the following IP's worked for me:
IP of the machine
169.254.80.80
However, do remember that VS Android emulator is running in a Hyper-v VM,
So I had to punch a hole in my firewall to allow for my application port to be reached by the emulator.
If your using Web API with visual studio 2015 and VS Android emulator this link helped me out a lot
Use 10.0.2.2, This is the loopback from emulator to your host machine.
See link:
http://developer.android.com/tools/devices/emulator.html
I was having the same issue, but none of the above answers were useful for me.
My BackEnd is a PHP SlimFramework Rest Api.
I decided to change the IP in the auto start of the Slim (was localhost:7888), I tried this: php -S 192.168.43.20:7888, and everything was working fine after I configure the calls to that ip.
I hope this may help someone...
In generic the IP you must consider is the IP of the network you are using/allocated to run the android emulator.
Very raw/rude method of finding it is by going to settings (gear symbol on right panel of emulator, not the one inside) and look for ip address. . Or by opening the ADB Logging window and it's on the top left corner.
Now in command prompt type ipconfig and match the first 3 numbers of IP and that's the network your localhost loopback.
Because in many cases we will have more than one ethernets or virtualbox host only networks are running.
Happy Coding!!
I'm having a problem to surf internet on my Emulator, wich is targeting Google API8.I followed all the instructions I have read, setting the proxy in MobileNetworks-->APN--->....,etc, and doesn`t work. If I remove the proxy, the browser navigates locally, and if I have the proxy configured it doesn't even navigate locally.
I tested the same coonfiguration on an emulator targeting API16 and did work!!!!(local and on the Internet), so please how can I solve this.Any help will be appreciated.
PD: I tested using -dns-server x.x.x.x too and happens the same.
Emulator uses the internet connection from the host computer where it's installed.
If the host computer doesn't need any special configuration to access internet (proxy, etc.), then your emulator doesn't need it either.
Only if your computer needs a proxy configuration (or other), you will need to replicate it in the emulator.
Regards.
How do I monitor network traffic sent and received from my android emulator?
There are two ways to capture network traffic directly from an Android emulator:
Copy and run an ARM-compatible tcpdump binary on the emulator, writing output to the SD card, perhaps (e.g. tcpdump -s0 -w /sdcard/emulator.cap).
Run emulator -tcpdump emulator.cap -avd my_avd to write all the emulator's traffic to a local file on your PC
In both cases you can then analyse the pcap file with tcpdump or Wireshark as normal.
It is also possible to use http proxy to monitor http requests from emulator. You can pass -http-proxy flag when starting a new emulator to set proxy (Example burp) to monitor Android traffic. Example usage ./emulator -http-proxy localhost:8080 -avd android2.2. Note that in my example I'm using Burp, and it is listening port 8080. More info can be found here.
For OS X you can use Charles, it's simple and easy to use.
For more information, please have a look at Android Emulator and Charles Proxy blog post.
Yes, wireshark will work.
I don't think there is any easy way to filter out solely emulator traffic, since it is coming from the same src IP.
Perhaps the best way would be to set up a very bare VMware environment and only run the emulator in there, at least that way there wouldn't be too much background traffic.
It is now possible to use Wireshark directly to capture Android emulator traffic. There is an extcap plugin called androiddump which makes it possible. You need to have a tcpdump executable in the system image running on the emulator (most current images have it, tested with API 24 and API 27 images) and adbd running as root on the host (just run adb root). In the list of the available interfaces in Wireshark (Qt version only, the deprecated GTK+ doesn't have it) or the list shown with tshark -D there should be several Android interfaces allowing to sniff Bluetooth, Logcat, or Wifi traffic, e.g.:
android-wifi-tcpdump-emulator-5554 (Android WiFi Android_SDK_built_for_x86 emulator-5554)
A current release of Android Studio did not correctly apply the -tcpdump argument. I was still able to capture a dump by passing the related parameter to qemu as follows:
tools/emulator -engine classic -tcpdump dump.cap -avd myAvd
I would suggest you use Wireshark.
Steps:
Install Wireshark.
Select the network connection that you are using for the calls(for eg, select the Wifi if you are using it)
There will be many requests and responses, close extra applications.
Usually the requests are in green color, once you spot your request, copy the destination address and use the filter on top by
typing ip.dst==52.187.182.185 by putting the destination address.
You can make use of other filtering techniques mentioned here to get specific traffic.
You can use Fiddler to monitor http traffic:
http://aurir.wordpress.com/2010/03/22/tutorial-getting-android-emulator-working-with-fiddler-http-proxy-tool/
You can also use Fiddler2 here.
You can monitor network traffic from Android Studio.
Go to Android Monitor and open Network tab.
http://developer.android.com/tools/debugging/ddms.html
UPDATE: ⚠️ Android Device Monitor was deprecated in Android Studio 3.1. See more in https://developer.android.com/studio/profile/monitor
You can start the emulator with the command -avd Adfmf -http-proxy http://SYSTEM_IP:PORT.
I used HTTP Analyzer, but it should work for anything else. More details can be found here:
http://stick2code.blogspot.in/2014/04/intercept-http-requests-sent-from-app.html
You can use
http://docs.mitmproxy.org/en/stable/install.html
Its easy to setup and won't require any extra tweaks.
I go through various tool but found it to be really good and easy.
While Android Studio's App Inspection's Network Inspector menu is helpful for tracking network requests, I've noticed that it doesn't track all requests. Here's the documentation.
The easiest way to track network requests for the android emulator that I know and use is HTTP Toolkit. It really quick to set up, and has a nice UI (similar to Chrome Dev Tools' Networks tab) for tracking the requests.
Just install it, click on the "Android device via ADB" option, and accept the prompts shown in the emulator (docs).