13

I have read a paper which proposes an approach to capture network traffic from a specific android application.It says "We used tcpdump to collect all the network traffic from the virtual machine. We ported the strace utility to Android to log each networking system call performed by the app.We identified all the threads started by the app using the process id (pid) of the app. Based on this thread information,we can filter out the traffic that does not origin from the app". But I still could not know the operational principle.So how can I capture network traffic from a specific android application?Thanks for answering.

user3308958
  • 131
  • 1
  • 1
  • 4

1 Answers1

7

You can also use SandroProxy.It can capture also apps flow that do not respect android os proxy settings. There is also option to create pcap files for ssl flow. One option is also that creates ssl that can be decrypted with wireshark.

Idea is to intercept http/https flow as normal proxy or transparent proxy with iptables help, store it as request/responses or pcap files and forwarded further to server.

How to determine who is making requests: When you have open socket to proxy you must match information from /proc/net/tcp or /proc/net/tcp6 to get process uid. With this you can get packagesNames. It can be more that one.

You can examine how to make custom proxy and build one from sources here:

http://code.google.com/p/sandrop/source/browse/projects/SandroProxyPlugin/src/org/sandroproxy/plugin/gui/MainActivity.java

http://code.google.com/p/sandrop/source/browse/projects/SandroProxyPlugin/readme.txt

--- sent by SandroProxy support---

SandroProxy support
  • 538
  • 2
  • 7
  • The poster asked for an explanation of the *mechanism* used, not a commercial package doing so in an opaque manner. – Chris Stratton Mar 05 '14 at 15:57
  • 1
    This is free app. You can also build custom implementation from sources. http://code.google.com/p/sandrop/. But if you still find it not right, I can delete answer. – SandroProxy support Mar 05 '14 at 16:17
  • Changing the link to point to the sources would come closer to answering the question than linking to the finished app would, but best would be if you added a brief explanation of the mechanism used. – Chris Stratton Mar 05 '14 at 16:19
  • Will add also how to build custom one. – SandroProxy support Mar 05 '14 at 16:21
  • This is an improvement, but it would still be good if you explained how it worked - much as the question explains (most of) how another system works. The idea is that we'd like your answer to have value as a response to the question asked, even *without* following any of the links. So, for example, how do you know *which* app traffic is coming from (not how do you see that, but rather how does your program figure that out)? – Chris Stratton Mar 05 '14 at 16:24
  • I understand. But there is so much to tell :). I added how to find out who is making requests. – SandroProxy support Mar 05 '14 at 17:09
  • @SandroProxysupport This is awesome!!, It was really helpful for me, i was searching for such an app for long time and that ends here. The answer may not be perfectly relevant to the question, but for someone who search for something like this prebuilt , this answer is definitely useful – Prakash GPz Jul 15 '16 at 15:57