I'm trying to capture traffic from an app on an Android phone and although I've set the proxy on the phone and can capture all other internet traffic coming from the phone (using Charles Proxy), I can't see any traffic for this one app.
How is this done, and how can I capture the traffic?
If you need help setting up a wifi hotspot from your computer, so you can connect your phone to it and Wireshark the traffic, just look at the following link for directions:
If you want help decompiling an IOS app to assembly, look at this
If you want a better Dex to Java decompiler than dex2jar, check this out: https://github.com/skylot/jadx
There're several ways:
- Connect your phone to your internal wifi access point (before connecting check advanced options and set a manual proxy).. Note: this method do not work for all network data.. some connections ignore this setting.
- (works on rooted phones only) Install 'Shark for Root' application on your device... it will capture ALL traffic.. it will generated dump files that can be analized on your PC using Wireshark software
- The best way: Setup your PC as a wifi access point and make your android device to use this wifi connection, then sniff the traffic using the same Wireshark application.
Without rooting your phone, setup a rogue access point on Windows 7 (and above). Then capture the traffic using WireShark and store for further analysis. You can use the same trick for iOS or other WiFi devices. Please see (my) blog where I have documented this in good detail.
I strongly recommend you use something like "CharlesProxy" (or similar). Be aware of 2 things when u setup the proxy (I hope it is an application you are developing, otherwise be sure of what you do cause it can be ILEGAL):
1 - If you want to attack from your Android/iOS phone to the proxy installed in your local computer, you need the proxy to be configured to use the local IP:PORT (which means CharlesProxy needs to be configured as an address as 192.168.x.x if using a normal wifi network). Then, the Android/iOS phone needs to be setting the proxy to the same IP:PORT 2 - If the app uses https, there are several ways to manage HTTPS connections:
a) If your application accepts ALL Certificates, then it is not a problem for whatever proxy to capture and decrypt the information. b) If your application accepts only system (and trusted) certificates, you have to export the charlesproxy certificate to your Android phone and to add it into the list of user's trusted certificates.
c) If your application is correctly doing "Certificate pinning", you won't be able to capture the traffic, unless you have the private certificate of your server and you add it in both (your phone) and the proxy configuration.
Hope it helps!