Thats it. I want to capture every http request response sent to from an app running on android device. I am offering a bounty for the answer to this question. I don't think all features replay from emulator so I want to do this from the device itself. Now I know there is wireshark on the PC, some apps for wireshark like shark reader gives back a lot of hex. My goal is to simulate offline a whole http request/response scenario from the app. This question has been asked in the past, but no clear answer on how it can be done for android successfully so I am offering a bounty.
Question with bounty is here:
Android How To Simulate HTTP Communication for Offline Demo
This one can be closed.
Here is how I accomplished it from my old HTC Droid Eris:
Install ProxyDroid on your phone https://play.google.com/store/apps/details?id=org.proxydroid&hl=en
Download and install charlesproxy on your computer http://www.charlesproxy.com/
Open Browser on your phone and navigate to http://charlesproxy.com/charles.crt to install charlesproxy certificate
Open charlesproxy and go under Help -> Local IP Address to check your ip address
Open ProxyDroid on your phone enter your IP under host and 8888 under port and start ProxyDroid
Go back to charlesproxy and hit 'Start Recording' Now every request you make from your phone should be visible in charlesproxy
IMPORTANT: ProxyDroid requires a ROOTED device
Related
I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages).
Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I try turning it on, the whole emulator restarts (probably crashes).
So how do I sniff/trace/inspect sockets traffic on Genymotion/Android emulator?
You might have better luck by doing it on the host side, ie from the Windows/Mac/Linux machine running Genymotion.
The basics
Install Wireshark
Start Wireshark and select the network interface which connects you to the Internet (or to the server you are interested in). For me it is wlp1s0.
Tell Wireshark you only want traffic going from your device to the server you are interested by entering ip.dst == <server-ip> in the filter line. Now go back to your device and use the application which communicates with the server. Traffic should appear in Wireshark. Here I am browsing my web site, whose IP address is 5.135.144.176:
Note that if Wireshark knows about the protocol used by the server, you can filter it. Here is the same output with the http filter:
Watching only traffic from the device
With the current setup, if you access the server from your host, this traffic will be logged by Wireshark as well. To avoid that you need to do the following:
Configure your device in Bridge mode: stop the device, open its settings dialog and select Bridge:
Get the device IP address: restart the device, open the "Settings" application and go to "About phone > Status", note the IP address:
Add this IP address to the filter line in wireshark, like so: ip.src == <the-device-ip> and ip.dst == <the-server-ip>.
i have an Android App, where i would like to see, how it communicates with the servers (Its an App from the Playstore).
For that i tried to read it out through Fiddler (installed on PC) and the setup worked perfect. The only problem is, that if the App is going through the PC proxy (to be able for Fidler to read the data) its not connecting to the servers. Other Apps or browsers are working.
Tried it with a real smartphone and a android emulator, same result. My questions are right now, if there is a kinda Fiddler app directly for the smartphone (so i dont have to use the proxy) or is the only way to decompile the apk (if possible).
Btw.: I changed the wifi settings for proxy, would maybe help here a extra proxy app aswell?
Your problem ("if the App is going through the PC proxy (to be able for Fidler to read the data) its not connecting to the servers") does not really make sense.
In order to monitor traffic you start fiddler on your PC and get the IP address of your PC in the WiFi. Then you set this IP and the port 8888 as your proxy on your android device. That way you see all traffic from the device in Fiddler. Note you need to configure Fiddler to accept connections from remote computers: "Tools" -> "Options" -> "Connections" -> "Allow remote computers to connect".
I'm trying to capture traffic from an app on an Android phone and although I've set the proxy on the phone and can capture all other internet traffic coming from the phone (using Charles Proxy), I can't see any traffic for this one app.
How is this done, and how can I capture the traffic?
UPDATE:
If you need help setting up a wifi hotspot from your computer, so you
can connect your phone to it and Wireshark the traffic, just look at
the following link for directions:
http://www.wi-fiplanet.com/tutorials/article.php/3849841/How-to-Create-Wireless-Hosted-Networks-in-Windows-7.htm
If you want help decompiling an IOS app to assembly, look at this
link: http://www.infointox.net/?tag=arm
If you want a better Dex to Java decompiler than dex2jar, check this
out: https://github.com/skylot/jadx
There're several ways:
Connect your phone to your internal wifi access point (before connecting check advanced options and set a manual proxy).. Note: this method do not work for all network data.. some connections ignore this setting.
(works on rooted phones only) Install 'Shark for Root' application on your device... it will capture ALL traffic.. it will generated dump files that can be analized on your PC using Wireshark software
The best way: Setup your PC as a wifi access point and make your android device to use this wifi connection, then sniff the traffic using the same Wireshark application.
I strongly recommend you use something like "CharlesProxy" (or similar). Be aware of 2 things when u setup the proxy (I hope it is an application you are developing, otherwise be sure of what you do cause it can be ILEGAL):
1 - If you want to attack from your Android/iOS phone to the proxy installed in your local computer, you need the proxy to be configured to use the local IP:PORT (which means CharlesProxy needs to be configured as an address as 192.168.x.x if using a normal wifi network). Then, the Android/iOS phone needs to be setting the proxy to the same IP:PORT
2 - If the app uses https, there are several ways to manage HTTPS connections:
a) If your application accepts ALL Certificates, then it is not a problem for whatever proxy to capture and decrypt the information.
b) If your application accepts only system (and trusted) certificates, you have to export the charlesproxy certificate to your Android phone and to add it into the list of user's trusted certificates.
c) If your application is correctly doing "Certificate pinning", you won't be able to capture the traffic, unless you have the private certificate of your server and you add it in both (your phone) and the proxy configuration.
Hope it helps!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 months ago.
Improve this question
I have an android application which uses a third party jar in it.
Http request is sent from third party jar to server when application is running.
I need to capture HTTP Request that is sent from third party jar. I am wondering if there is an easy way to implement with non-rooted device
To start up :
I tried downloading "proxyDroid" but it need rooted phone
I have also tried downloading "shark for root" with "shark reader" which also need rooted device
I tried many other applications which could capture the complete request but all it need is rooted device
I need something what fiddler/wireshark can do for windows. A network packet analyzer which could be easily integrated with android application that could give request object with all header fields in it.
You could install Charles - an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet - on your PC or MAC.
Config steps:
Let your phone and PC or MAC in a same LAN
Launch Charles which you installed (default proxy port is 8888)
Setup your phone's wifi configuration: set the ip of delegate to your PC or MAC's ip, port of delegate to 8888
Lauch your app in your phone. And monitor http requests on Charles.
There are many ways to do that but one of them is fiddler
Fiddler Configuration
Go to options
In HTTPS tab, enable Capture HTTPS Connects and Decrypt HTTPS traffic
In Connections tab, enable Allow remote computers to connect
Restart fiddler
Android Configuration
Connect to same network
Modify network settings
Add proxy for connection with your PC's IP address ( or hostname ) and default fiddler's port ( 8888 / you can change that in settings )
Now you can see the full log from your device in fiddler
Also, you can find a full instructions here
I just installed Drony. It's not shareware and does not require root on a phone with Android 3.x or above.
https://play.google.com/store/apps/details?id=org.sandrob.drony
It can intercept and log requests.
It's 2020 now, for the latest solution, you can use Burp Suite to sniffing https traffic without rooting your Android device.
Steps:
Install Burp Suite
Enable Proxy
Import the certification in your Android phone
Change you Wifi configuration to listening to proxy
Profit!
I wrote the full tutorial and screenshot on how to do it at here: https://www.yodiw.com/monitor-android-network-traffic-with-burp/
You can use fiddler as webdebugger
http://www.telerik.com/fiddler/web-debugging
Fiddler is a debugging tool from telerik software, which helps you to intercept every request that is initiated from your machine.
you can use burp-suite. do follow below procedure.
Configure the Burp Proxy listener
In Burp, go to the “Proxy” tab and then the “Options” tab.In the “Proxy Listeners" section, click the “Add” button.
In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.Then select the “All interfaces” option, and click "OK".
Configure your device to use the proxy
In your Android device, go to the“Settings” menu.
If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, and tap the “Wi-Fi” button to access the "Wi-Fi" menu.
In the "Wi-Fi networks" table, find your network and tap it to bring up the connection menu.
Tap "Connect".If you have configured a password, enter it and continue.
Once you are connected hold down on the network button to bring up the context menu.Tap “Modify network config”.
Ensure that the “Show advanced options” box is ticked.
Change the “Proxy settings” to “Manual” by tapping the button.
Then enter the IP of the computer running Burp into the “Proxy hostname”.Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.Tap "Save".
Test the configuration
In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).
Open the browser on your Android device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA Certificate in your Android device.)
The request should be intercepted in Burp.
Set a https://mitmproxy.org/ as proxy on a same LAN
Open Source
Built in python 3
Installable via pip
Have a Docker image
If you're willing to use Genymotion (or another supported emulated device) you can use HTTP Toolkit, which can analyze and intercept/rewrite HTTP calls. For HTTPS you will need a rooted device, to be able to trust the root CA certificate as a system certificate. Genymotion devices are rooted by default.
To install the app you want to investigate, Genymotion supports Open GApps (for Google Play support) and drag-and-drop for APK files.
HTTP Toolkit also works on real devices, but then root privileges are required (most Android phones are not rooted).
https://httptoolkit.tech/docs/guides/android/#intercepting-traffic-from-your-own-android-app
SandroProxy seems to be better than Drony (by the same developer): You can
(but do not have to) conveniently view and analyze the traffic in your PC's browser.
Should work in emulators as well.
I got this crazy idea that I don't know is possible or not... what I want to do is set up my phone as wifi access point, then allow people to connect to it, but handle all incoming http traffic myself.
So:
phone wifi in access point mode; open wifi network (this tidbit works - yes I know it's not officially supported but then I have no intention to distribute put this app on the open market or so, it works on my phone and that's good enough for me).
client can connect to the phone (e.g. my laptop: this also works).
when client tries to open an http connection to any random server, this has to be intercepted by my app and handled by a local web server. This is the point that I'm stuck on.
The web server part shouldn't be too hard; there are (open-source) web servers available. But getting the traffic to that web server, there is the problem.
The behaviour I'm after is a bit similar to what you get when connecting to some open hotspot, like hotel hotspots, that then redirect you to a login page. This intercepting of the connection request (I suspect I have to look at DNS requests?) is what I'm after.
I have seen an app that is doing this but they require the phone to be rooted. I'm hoping to find a way to do it without rooting the phone.
Wifi hotspots would usually use IPTables to redirect port 80/443 traffic to a local web server.
I have run squid on linux machines in the past on port 3128, then sent all port 80/443 traffic to squid. Then I used squid redirect any url that I didnt explicitly allow to a local web server.
IPTables is accessible on rooted android devices only though.
And I doubt there are many proxy servers available on android, so you would have to send HTTP traffic to a proxy server over the network connection.
Like has been said, you'll need IPTables, but you'll also need a proxy server, like Squid.
Google "transparent proxy with squid", or check here:
Linux: Setup a transparent proxy with Squid in three easy steps
you do not need to have a proxy, you just need a full LAMP stack on your device and IPtables, you can mark all packets that have not been authenticated to forward through to your local page, then using php change the rule for that IP address once the address has authenticated, you could do the same for mac addresses if you wish, you would then also need a daemon that periodically reset each exception