CodeCow/PCAPdroid
1
0
Fork 0
mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-06-19 21:05:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
No-root network monitor, firewall and PCAP dumper for Android
26 Commits 6 Branches 72 Tags 24 MiB
Java 60.2%
C 38.2%
Python 0.8%
Lua 0.4%
CMake 0.3%
1494e7d06e
Go to file
emanuele-f 1494e7d06e Add UDP receiver python script 
It handles PCAP headers automatically in order to make it easy to pause
and resume a capture
2019-11-03 19:35:17 +01:00
.idea First commit 2019-09-08 22:09:03 +02:00
app Add option to enable/disable unknown app traffic capture 2019-11-03 18:58:40 +01:00
gradle/wrapper Update gradle version 2019-10-05 21:29:46 +02:00
ICONS_LICENSE/app_icon Add playstore assets and fix crash on some devices 2019-10-26 13:08:18 +02:00
playstore Add playstore assets and fix crash on some devices 2019-10-26 13:08:18 +02:00
tools Add UDP receiver python script 2019-11-03 19:35:17 +01:00
zdtun First commit 2019-09-08 22:09:03 +02:00
.gitignore First commit 2019-09-08 22:09:03 +02:00
build.gradle Update gradle version 2019-10-05 21:29:46 +02:00
COPYING Add license 2019-09-08 22:11:07 +02:00
gradle.properties First commit 2019-09-08 22:09:03 +02:00
gradlew First commit 2019-09-08 22:09:03 +02:00
gradlew.bat First commit 2019-09-08 22:09:03 +02:00
README.md Update README.md 2019-10-26 13:45:35 +00:00
settings.gradle First commit 2019-09-08 22:09:03 +02:00

README.md

Remote Capture

Remote Capture captures the android apps traffic to analyze it remotely (e.g. via Wireshark). The traffic is sent live via an UDP socket and can be easily captured remotely with:

Features:

  • Capture apps traffic without root
  • Send captured traffic via UDP
  • Show captured traffic realtime statistics
  • Apply a filter to only capture traffic for the selected app

Download:

https://github.com/emanuele-f/RemoteCapture/releases

Receiving the PCAP

In order to receive the PCAP on the collector host, perform the following steps in order:

  1. Ensure that the Remote Capture VPN is not running (key icon is not shown)
  2. Run the PCAP collector program (e.g. wireshark) on the host
  3. Start the Remote Capture VPN via the start button

To start a new capture, stop the VPN and repeat the steps above.

Examples

  • Analyze the traffic in Wireshark:
socat -b 65535 - udp4-listen:1234 | wireshark -k -i -
  • Analyze the traffic with ntopng:
socat -b 65535 - udp4-listen:1234 | ntopng -m “10.215.173.0/24” -i -
  • Write the traffic to a PCAP file:
socat -b 65535 - udp4-listen:1234 | tcpdump -w dump.pcap -r -

Note: the -b option of socat is required as the default UDP buffer size of 8192 B of nc or socat is not enough to handle the encapsulated packets.

Building

In order to build the app, you need to clone https://github.com/emanuele-f/zdtun beside the RemoteCapture directory