I would like to monitor network traffic of my Android Phone. I was thinking using tcpdump for Android, but I'm not sure if I have to cross-compile for the phone.
Another question is the following, If I want to monitor the trafic data for a certain application, there's any command for doing that?
TCPDUMP is one of my favourite tools for analyzing network, but if you find difficult to cross-compile tcpdump for android, I'd recomend you to use some applications from the market.
These are the applications I was talking about:
Shark: Is small version of wireshark for Android phones). This program will create a *.pcap and you can read the file on PC with wireshark.
Shark Reader : This program allows you to read the *.pcap directly in your Android phone.
Shark app works with rooted devices, so if you want to install it, be sure that you have your device already rooted.
Good luck ;)
If you are doing it from the emulator you can do it like this:
Run emulator -tcpdump emulator.cap -avd my_avd to write all the emulator's traffic to a local file on your PC and then open it in wireshark
There is a similar post that might help HERE
Note: tcpdump requires root privileges, so you'll have to root your phone if not done already. Here's an ARM binary of tcpdump (this works for my Samsung Captivate). If you prefer to build your own binary, instructions are here (yes, you'd likely need to cross compile).
Also, check out Shark For Root (an Android packet capture tool based on tcpdump).
I don't believe tcpdump can monitor traffic by specific process ID. The strace method that Chris Stratton refers to seems like more effort than its worth. It would be simpler to monitor specific IPs and ports used by the target process. If that info isn't known, capture all traffic during a period of process activity and then sift through the resulting pcap with Wireshark.
For Android Phones(Without Root):- you can use this application tPacketCapture this will capture the network trafic for your device when you enable the capture.
See this url for more details about network sniffing without rooting your device.
Once you have the file which is in .pcap format you can use this file and analyze the traffic using any traffic analyzer like Wireshark.
Also see this post for further ideas on Capturing mobile phone traffic on wireshark
The DDMS tool included in the Android SDK includes a tool for monitoring network traffic. It does not provide the kind of detail you get from tcpdump and similar low level tools, but it is still very useful.
Oficial documentation: http://developer.android.com/tools/debugging/ddms.html#network
Preconditions: adb and wireshark are installed on your computer and you have a rooted android device.
Download tcpdump to ~/Downloads
adb push ~/Downloads/tcpdump /sdcard/
adb shell
su root
mv /sdcard/tcpdump /data/local/
cd /data/local/
chmod +x tcpdump
./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap
Ctrl+C once you've captured enough data.
exit
exit
adb pull /sdcard/dump.pcap ~/Downloads/
Now you can open the pcap file using Wireshark.
As for your question about monitoring specific processes, find the bundle id of your app, let's call it com.android.myapp
ps | grep com.android.myapp
copy the first number you see from the output. Let's call it 1234. If you see no output, you need to start the app. If you still don't see the app via ps try using top.
Download strace to ~/Downloads and put into /data/local using the same way you did for tcpdump above.
cd /data/local
./strace -p 1234 -f -e trace=network -o /sdcard/strace.txt
Now you can look at strace.txt for ip addresses, and filter your wireshark log for those IPs.
You would need to root the phone and cross compile tcpdump or use someone else's already compiled version.
You might find it easier to do these experiments with the emulator, in which case you could do the monitoring from the hosting pc. If you must use a real device, another option would be to put it on a wifi network hanging off of a secondary interface on a linux box running tcpdump.
I don't know off the top of my head how you would go about filtering by a specific process. One suggestion I found in some quick googling is to use strace on the subject process instead of tcpdump on the system.
Without root, you can use debug proxies like Charlesproxy&Co.
Packet Capture is the best tool to track network data on the android.
DOesnot need any root access and easy to read and save the calls based on application.
Check this out
Try this application
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
We can view all networking communications .. even SSL encrypted communications.
The common approach is to call "cat /proc/net/netstat" as described here:
Android network stats
Related
I am doing some investigation of a closed-source app using ADB. I would like to log the commands this app is making, the ADB binaries it uses are in the same directory. Would I be able to sniff the commands by faking an ADB device or maybe modding the source code of the build tools to include a log?
Best regards.
I tried using some apps on a physical android device to log the incoming packets, though I got nowhere. I expect to be able to know what this closed source app is doing on my device.
PS: I am sorry if this sounds dumb, I know ADB is open source, part of the Android Open Source Project, but I made this post to make sure I am not missing some small detail. I am not an expert in the ADB protocol so excuse my clumsiness.
Answer:
Copied from this answer to How to fetch ADB shell traffic?
It is as simple as listening on the ADB server's port through Wireshark (TCP port 5037) since all the commands pass through the adb server/daemon before going to USB.
It is also possible to sniff the USB traffic using USBPcap, as it also is unencrypted.
i'm writing an app on android which will read data from DB or just textfiles, and i'll run it on multiple emulators, each of them has different data.
the question for me is, how can i manage the data in each android emulator programmatically on windows?
you may say that DDMS may help, but it's not programmatically(or something i don't know about DDMS?).
so if i write a management program running on windows to handle my question, what tech. should i use, telnet, ddms or somethingelse? any advise will be appreciated. thank you.
You can address different emulator / device independently by its serial number. The easiest way is to use command line adb.
To see all of your devices and their serial number
adb devices
To send command to specific device
adb -s <serial> <command>
For example to push a file to a specific device sdcard
adb -s <serial> push <file> /sdcard/
More info here
http://developer.android.com/tools/help/adb.html
I was using earlier adb to debug Android applications over wifi, usb - it was great.
Right now I am wondering if it is possible to connect phone with adb via bluetooth.
I did a quick research but didn't find anything - have you tried it already ?
It is not supported by the current adb software, however you could probably make it possible if you have a rooted device (or possibly even if not - see below) either by modifying adb or by using bluetooth to tunnel a channel it does support, such as tcp.
You would need to obtain the source for the adb program - the same source is used to build both the PC and the device versions. First step is to just build it with unmodified functionality, which may take a fair amount of build system modification unless you do so as a part of a complete android source build (the way it was intended to be done)
Then you would modify it to add a bluetooth channel as an option and install it on the device (why you need root) and in your path on the PC. You'd think you could run it from an alternate location on the PC, and you likely can as long as you use it from the command line, but if your fire up DDMS it may kill off the running adb server and launch a new one using the default in the path, so ultimately you'll have to put your modified version there.
IF you can already get your device to accept adb connections over tcp (possible with root, perhaps possible in some cases without) there is another option, which is to not modify ADB (or at least not modify the device side) and instead come up with something running on the device which accepts bluetooth connections and forwards the traffic via local loopback to the tcp port on which the stock adb is operating. This would save the trouble of having to rebuild adb.
If you have some kind of tethering or similar network-over-bluetooth solution, you might even be able to leverage that to carry adb-over-tcp-over-bluetooth without writing any code.
Finally note that it is not 100% essential that the adb daemon run as a more privileged userid or be installed in place of the official one - you can run an adb daemon as an ordinary application and do many of the expected things with it. However, whichever adb daemon is running first will grab the unix domain java debug socket, and so only that adb daemon will be able to provide the full java debug services. More primitive things like logcat, shell, running process list, push/pull, etc will at least partially work without this, provided that your adb daemon doesn't quit (modification may be required) when it is unable to claim the debug socket. If you can kill the official adb daemon and exploit a race condition, you may be able to get an unofficial one started before it restarts - you would probably need to have a script or program to do this and run it with setsid from the official adb shell, meaning you'd need to connect via USB first. At that point, you'd also be able to start your unofficial adb daemon running as the same userid as the official one.
You may want to spend some time estimating or testing if the performance (speed) will be satisfactory before investing in a lot of time setting this up for real.
I know this is a bit old but I seem to have found a post that does this. All credit goes to the author of fomori.org for finding this and making the information available. Today it helped me, maybe tomorrow I'll help you by making it easier to find.
Source
How do I monitor network traffic sent and received from my android emulator?
There are two ways to capture network traffic directly from an Android emulator:
Copy and run an ARM-compatible tcpdump binary on the emulator, writing output to the SD card, perhaps (e.g. tcpdump -s0 -w /sdcard/emulator.cap).
Run emulator -tcpdump emulator.cap -avd my_avd to write all the emulator's traffic to a local file on your PC
In both cases you can then analyse the pcap file with tcpdump or Wireshark as normal.
It is also possible to use http proxy to monitor http requests from emulator. You can pass -http-proxy flag when starting a new emulator to set proxy (Example burp) to monitor Android traffic. Example usage ./emulator -http-proxy localhost:8080 -avd android2.2. Note that in my example I'm using Burp, and it is listening port 8080. More info can be found here.
For OS X you can use Charles, it's simple and easy to use.
For more information, please have a look at Android Emulator and Charles Proxy blog post.
Yes, wireshark will work.
I don't think there is any easy way to filter out solely emulator traffic, since it is coming from the same src IP.
Perhaps the best way would be to set up a very bare VMware environment and only run the emulator in there, at least that way there wouldn't be too much background traffic.
It is now possible to use Wireshark directly to capture Android emulator traffic. There is an extcap plugin called androiddump which makes it possible. You need to have a tcpdump executable in the system image running on the emulator (most current images have it, tested with API 24 and API 27 images) and adbd running as root on the host (just run adb root). In the list of the available interfaces in Wireshark (Qt version only, the deprecated GTK+ doesn't have it) or the list shown with tshark -D there should be several Android interfaces allowing to sniff Bluetooth, Logcat, or Wifi traffic, e.g.:
android-wifi-tcpdump-emulator-5554 (Android WiFi Android_SDK_built_for_x86 emulator-5554)
A current release of Android Studio did not correctly apply the -tcpdump argument. I was still able to capture a dump by passing the related parameter to qemu as follows:
tools/emulator -engine classic -tcpdump dump.cap -avd myAvd
I would suggest you use Wireshark.
Steps:
Install Wireshark.
Select the network connection that you are using for the calls(for eg, select the Wifi if you are using it)
There will be many requests and responses, close extra applications.
Usually the requests are in green color, once you spot your request, copy the destination address and use the filter on top by
typing ip.dst==52.187.182.185 by putting the destination address.
You can make use of other filtering techniques mentioned here to get specific traffic.
You can use Fiddler to monitor http traffic:
http://aurir.wordpress.com/2010/03/22/tutorial-getting-android-emulator-working-with-fiddler-http-proxy-tool/
You can also use Fiddler2 here.
You can monitor network traffic from Android Studio.
Go to Android Monitor and open Network tab.
http://developer.android.com/tools/debugging/ddms.html
UPDATE: ⚠️ Android Device Monitor was deprecated in Android Studio 3.1. See more in https://developer.android.com/studio/profile/monitor
You can start the emulator with the command -avd Adfmf -http-proxy http://SYSTEM_IP:PORT.
I used HTTP Analyzer, but it should work for anything else. More details can be found here:
http://stick2code.blogspot.in/2014/04/intercept-http-requests-sent-from-app.html
You can use
http://docs.mitmproxy.org/en/stable/install.html
Its easy to setup and won't require any extra tweaks.
I go through various tool but found it to be really good and easy.
While Android Studio's App Inspection's Network Inspector menu is helpful for tracking network requests, I've noticed that it doesn't track all requests. Here's the documentation.
The easiest way to track network requests for the android emulator that I know and use is HTTP Toolkit. It really quick to set up, and has a nice UI (similar to Chrome Dev Tools' Networks tab) for tracking the requests.
Just install it, click on the "Android device via ADB" option, and accept the prompts shown in the emulator (docs).
I develop all my sites on a OS 10.5.8 server with PHP and MySQL, and I've configured my /etc/hosts and httpd.conf files to display my site at example.dev in any browser on that machine.
I recently installed Android's software development kit which I'd like to use to develop and test stylesheets targeted to mobile Webkit-- but I can't access my locally-hosted projects in the Android browser.
This makes sense, since it's emulating the whole Android OS, but is there a workaround? Or can I only test projects that exist somewhere on the actual computer internet, perhaps in a hidden directory?
Someone suggested that I edit my /etc/resolv.conf file, but I don't know the correct way to format a locally-hosted domain in the resolv.conf-- I tried variations of the following, and nothing works:
domain example.dev
nameserver 127.0.0.1
Or...
domain example.dev
nameserver localhost
In my hosts file, it is set up like this:
127.0.0.1 localhost example.dev example2.dev [etc]
You should be able to use the IP address of your mac in the URL from the android emulator and be able to access your sites that way. Of course, make sure that Web Sharing is turned on under Sharing in System Preferences, and that your firewall isn't blocking the address.
Alternately, you can use the virtual host IP address, which is 10.0.2.2. This will always map to your host mac when running the emulator.
If for some reason you prefer not to use IP addresses in your urls, you can map your mac's IP address to any name you choose by modifying /etc/hosts in your emulator. To do so, you'll need to first make the filesystem read-write, then add your mac's IP and whatever hostname you want to /etc/hosts:
adb -e shell
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock0 /system
# echo '10.0.2.2 cat-yodeling.local' >> /etc/hosts
Then access "http://cat-yodeling.local" from your browser. You should be good to go.
I was having this same issue. #emmby's solution sounded like it should do exactly what I needed, but strangely it didn't seem to work. The commands ran, but looking at the hosts file afterward showed that it wasn't actually being updated.
But I did a bit more research, and I've worked out what the problem was.
The core issue I was having was that the emulated device's operating system was already taking up 100% of available storage, so the edits were not getting written to the hosts file. However there was no error message being given either.
My guess is that the reason #emmby didn't have this problem is because the issue varies depending on the version of Android that you put on the emulator; some versions may give you some free space to work with.
If you do have this problem, the solution to this is to start the emulator with more storage. This can be done with the -partition-size argument for the emulator command, like so:
emulator -partition-size 128 #MyEmulatedDevice
You can then use the adb -e shell command and edit the file as per #emmby's answer.
However, if editing the file from the shell is a pain, adb does also give you the facility to copy it down from the emulator to your host OS, edit it locally, and copy it back up again. It also deals with the remount. You would do it like this:
adb pull /system/etc/hosts C:\wherever\you\want\to\save\it
Then edit it in your favourite editor.
Then remount the emulator to read/write mode, and copy the file back:
adb remount
adb push C:\wherever\you\saved\hosts /system/etc/hosts
Note that since the emulator is reset back to default state whenever you restart it, this might be a better solution, because you can keep the edited file locally, so you don't have to repeat the adb pull and editing steps every time; you can simply start the emulator, do the remount and push, and you're in business.
Hope that helps.
I worked around similar issue by using computers IP address in local network.
Follow the instructions on the following two links:
http://www.codingonstilts.com/2012/04/android-emulator-hosts-file-entry.html (make sure to pay attention to the tabs between the IP address and the hostname and the newline at the bottom of the file)
I did a "[SDKLOCATION]/platform-tools/adb pull /system/etc/hosts WHATEVERHOSTFILENAME" to see the format of the original hostfile first and then use that to push it back.
And then:
http://www.codingonstilts.com/2012/06/sync-os-x-hosts-file-to-android.html
Works for me - good luck!!
As per android docs you can access your system 127.0.0.1 IP using 10.0.2.2 on your emulator which is a special alias to your host loopback interface.