0

I want to capture the network traffic generated by an event activated on the GUI (e.g. a pressed button) of an android app (file .apk) installed on an AVD. First I captured the system call of the process using the strace command in the adb shell (I've obtained the PID of the process using the ps command):

strace -f -tt -s 200 -p 27707 -o syscallcap.txt

Then I analyze the txt file, but the main thread (27707) receive data (or send data) - system call recvfrom (sendto or sendmsg) - from an unknown process; the last two field are NULL):

27707 19:06:29.441356 recvfrom(72, "nysv\0\0\0\0}\323\33{\370\r\0\0W\36\1\0\0\0\0\0", 2400, MSG_DONTWAIT, NULL, NULL) = 24

How can I understand what system calls are important for my purposes? How can I capture the http/tcp/udp network traffic of an android app installed on the emulator starting from the system call? Any advice or idea it's welcome, because it's for a thesis project.

toha
  • 5,095
  • 4
  • 40
  • 52
Pax
  • 63
  • 5

1 Answers1

0

Well, there are two ways that i know to log network traffic of a device.

IPTABLES

IPTables is a firewall application for linux Netfilter module, used to configure chains and rules. We use iptables to intercept and redirect traffic to our internal proxy server, which then relays the traffic to configured proxy server.

Requires ROOT

Android firewall with VpnService

Using this method you can implement tunneling in your application which will log all the network traffic.

The Links provided should give you a direction

Now, for mapping traffic from foreground app, all apps have a unique app id which can be used to set/monitor a chain to log its traffic.

Community
  • 1
  • 1
Neji
  • 6,591
  • 5
  • 43
  • 66