163

How do I monitor network traffic sent and received from my android emulator?

Janusz
  • 187,060
  • 113
  • 301
  • 369
mlindeboom
  • 1,631
  • 2
  • 11
  • 3

13 Answers13

122

There are two ways to capture network traffic directly from an Android emulator:

  1. Copy and run an ARM-compatible tcpdump binary on the emulator, writing output to the SD card, perhaps (e.g. tcpdump -s0 -w /sdcard/emulator.cap).

  2. Run emulator -tcpdump emulator.cap -avd my_avd to write all the emulator's traffic to a local file on your PC

In both cases you can then analyse the pcap file with tcpdump or Wireshark as normal.

Christopher Orr
  • 110,418
  • 27
  • 198
  • 193
  • 1
    So it is not real-time/online? I mean, the packets can only be analyzed at the end? – fikr4n Sep 22 '16 at 10:36
  • In the first case, you could analyse via stdout on the device rather than writing to a file. In the second case, you may be able to stream/tail the file as it's written. Or you can capture network traffic on the host machine, rather than on the emulator. – Christopher Orr Sep 22 '16 at 10:38
  • I've found the emulators I use already now have tcpdump installed, and the command #1 works without installing one. You can also run it with "adb -e shell tcpdump -s0 -w /sdcard/emulator.cap". – Les Mar 21 '17 at 12:43
  • 2
    If you're using 2nd solution and you're getting `The -tcpdump flag is not supported in QEMU2 yet and will be ignored.` warning, add **-engine classic** to your command like this: `emulator -tcpdump emulator.cap -avd my_avd -engine classic`. This will force deprecated emulator engine, but should work until they fix the issue. – Mladen Jun 12 '17 at 13:40
  • where the `avd` is located? – user3806649 Sep 08 '17 at 08:12
  • Where do I find `/sdcard/emulator.cap` in my host OS? – deathangel908 Mar 27 '18 at 10:40
  • 1
    the link from the page about the tcpdump binary is broken, where to get the binary from now? – Adam Burley Jul 12 '20 at 13:27
  • https://wiki.wireshark.org/CaptureSetup/Pipes for pipe solution to analyze with wireshark in realtime – Servus Jul 10 '21 at 19:20
22

It is also possible to use http proxy to monitor http requests from emulator. You can pass -http-proxy flag when starting a new emulator to set proxy (Example burp) to monitor Android traffic. Example usage ./emulator -http-proxy localhost:8080 -avd android2.2. Note that in my example I'm using Burp, and it is listening port 8080. More info can be found here.

Waltsu
  • 612
  • 6
  • 10
15

For OS X you can use Charles, it's simple and easy to use.

For more information, please have a look at Android Emulator and Charles Proxy blog post.

ricardopereira
  • 11,118
  • 5
  • 63
  • 81
Tom Susel
  • 3,397
  • 1
  • 24
  • 25
10

It is now possible to use Wireshark directly to capture Android emulator traffic. There is an extcap plugin called androiddump which makes it possible. You need to have a tcpdump executable in the system image running on the emulator (most current images have it, tested with API 24 and API 27 images) and adbd running as root on the host (just run adb root). In the list of the available interfaces in Wireshark (Qt version only, the deprecated GTK+ doesn't have it) or the list shown with tshark -D there should be several Android interfaces allowing to sniff Bluetooth, Logcat, or Wifi traffic, e.g.:

android-wifi-tcpdump-emulator-5554 (Android WiFi Android_SDK_built_for_x86 emulator-5554)

Prof. Moriarty
  • 601
  • 1
  • 6
  • 10
  • 1
    I'm on Windows 10, using AVD emulator. How do I install the plugin? How do I know if the emulator has tcpdump? – Rony Tesler Nov 30 '21 at 00:19
  • This worked out of the box with wireshark-qt 4.0.5 on Arch. Nothing extra to install. You need a "non google play" Image, as adb root will refuse otherwise – CaptainCrunch Apr 24 '23 at 16:19
8

Yes, wireshark will work.

I don't think there is any easy way to filter out solely emulator traffic, since it is coming from the same src IP.

Perhaps the best way would be to set up a very bare VMware environment and only run the emulator in there, at least that way there wouldn't be too much background traffic.

Bitdivision
  • 97
  • 3
  • Good suggestion, but it's tough to get an emulator running on top of a VM. Have you gotten this to work? – MikeSchem Dec 13 '16 at 19:32
  • What issues have you run in to? I haven't done it myself, but I can't imagine there would be any issues. – Bitdivision Dec 14 '16 at 14:24
  • In my case, the requests being sent were in green, all I did was shut down other browsers and I was able to spot the sweet green rows. Once you spot the request, copy the destination address and u can then use it in filter by putting ip.dst == "ip address that u copied" and seeing only the relevant requests. – Ritveak Jan 30 '20 at 13:14
6

A current release of Android Studio did not correctly apply the -tcpdump argument. I was still able to capture a dump by passing the related parameter to qemu as follows:

tools/emulator -engine classic -tcpdump dump.cap -avd myAvd
Tad
  • 4,668
  • 34
  • 35
6

I would suggest you use Wireshark.

Steps:

  1. Install Wireshark.
  2. Select the network connection that you are using for the calls(for eg, select the Wifi if you are using it)
  3. There will be many requests and responses, close extra applications.
  4. Usually the requests are in green color, once you spot your request, copy the destination address and use the filter on top by typing ip.dst==52.187.182.185 by putting the destination address.

You can make use of other filtering techniques mentioned here to get specific traffic.

Ritveak
  • 2,930
  • 2
  • 13
  • 28
4

You can monitor network traffic from Android Studio. Go to Android Monitor and open Network tab.

http://developer.android.com/tools/debugging/ddms.html

UPDATE: ⚠️ Android Device Monitor was deprecated in Android Studio 3.1. See more in https://developer.android.com/studio/profile/monitor

ricardopereira
  • 11,118
  • 5
  • 63
  • 81
Fivos
  • 558
  • 8
  • 19
  • 5
    can you tell from where to open detail network usage tab in android studio 1.5 (windows) as shown in image in the link, I am only getting a graph but not details? – Shreyans jain Feb 10 '16 at 14:37
  • Be aware that this option gives limited insight. I couldnt solve my problems where I want to find out why a request was denied, because Android didnt tell me anything about this request. Fiddler is more suitable here. – Highriser Sep 13 '18 at 06:03
4

You can use Fiddler to monitor http traffic:

http://aurir.wordpress.com/2010/03/22/tutorial-getting-android-emulator-working-with-fiddler-http-proxy-tool/

You can also use Fiddler2 here.

Laramie
  • 5,457
  • 2
  • 39
  • 46
  • 2
    Another link [here](http://blogs.msdn.com/b/jpsanders/archive/2013/04/03/configuring-fiddler-to-be-a-proxy-for-android-emulators.aspx). I would add that the proxy server should be `10.0.2.2` which is the host machine's IP address in Android emulators, no need to find out what it is. – Mendhak Jan 15 '14 at 08:32
2

You can start the emulator with the command -avd Adfmf -http-proxy http://SYSTEM_IP:PORT. I used HTTP Analyzer, but it should work for anything else. More details can be found here: http://stick2code.blogspot.in/2014/04/intercept-http-requests-sent-from-app.html

Paddy
  • 84
  • 4
2

While Android Studio's App Inspection's Network Inspector menu is helpful for tracking network requests, I've noticed that it doesn't track all requests. Here's the documentation.

The easiest way to track network requests for the android emulator that I know and use is HTTP Toolkit. It really quick to set up, and has a nice UI (similar to Chrome Dev Tools' Networks tab) for tracking the requests.

Just install it, click on the "Android device via ADB" option, and accept the prompts shown in the emulator (docs).

HTTP Toolkit UI

brondibur
  • 121
  • 2
  • 7
1

You can use http://docs.mitmproxy.org/en/stable/install.html

Its easy to setup and won't require any extra tweaks.

I go through various tool but found it to be really good and easy.

Dhiraj Himani
  • 1,062
  • 12
  • 9
0

I think running the traffic through an HTTP proxy is the best solution.

One of the main problems I encountered when trying to connect a MITM HTTP proxy to an Android emulator was inspecting SSL traffic.

Installing a root certificate on an emulated device was more trick than I expected.

One of my colleagues created an updated step-by-step guide on capturing SSL traffic on an emulated Android device.

Ido.Co
  • 5,317
  • 6
  • 39
  • 64