mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-06-11 21:01:45 +08:00

No-root network monitor, firewall and PCAP dumper for Android

Go to file

emanuele-f 50bc81e575 Show request plaintext regardless of the protocol		2021-06-03 12:27:28 +02:00
.github/workflows	Add gradle wrapper validation action	2021-02-04 13:59:57 -05:00
app	Show request plaintext regardless of the protocol	2021-06-03 12:27:28 +02:00
fastlane/metadata/android	Update full_description.txt	2021-05-01 16:47:47 +02:00
gradle/wrapper	Update gradle wrapper	2021-02-04 14:00:22 -05:00
ICONS_LICENSE	Rework layout via Navigation Drawer	2021-02-28 00:21:55 +01:00
submodules	Show request plaintext regardless of the protocol	2021-06-03 12:27:28 +02:00
tools	Update copyright	2021-03-04 18:48:24 +01:00
.gitignore	Delete unnecessary files	2021-02-04 14:03:40 -05:00
.gitmodules	Fix URL when an HTTP proxy is used	2021-05-01 16:42:53 +02:00
build.gradle	Upgrade tools	2021-05-19 21:36:00 +02:00
CHANGELOG.md	Bump version to 1.3.7	2021-05-19 22:08:03 +02:00
COPYING	Add license	2019-09-08 22:11:07 +02:00
DONORS.txt	Implement ability to capture packets as root	2021-05-01 12:02:48 +02:00
gradle.properties	First commit	2019-09-08 22:09:03 +02:00
gradlew	Update gradle wrapper	2021-02-04 14:00:22 -05:00
gradlew.bat	Update gradle wrapper	2021-02-04 14:00:22 -05:00
README.md	Add missing dependencies	2021-05-06 20:31:17 +02:00
settings.gradle	Simplify project structure and build	2021-01-22 14:33:36 +01:00

README.md

PCAPdroid

PCAPdroid is an open source network monitoring and capture tool. It can capture an Android device traffic without rooting the device. The traffic can be sent to a remote receiver.

Features:

Log and examine the connections made by the user and system apps
Extract SNI, DNS query, URL and remote IP address
Apply a filter to only capture the traffic of the selected app
Easily download a PCAP file of the traffic thanks to the integrated HTTP server
Stream the PCAP to a remote receiver for further analysis (e.g. wireshark)
Decrypt HTTPS/TLS traffic via a remote mitmproxy
On rooted devices, it can capture the packets while other VPN apps are running

Important: the PCAP generated by PCAPdroid is not 100% accurate. Check out PCAP Reliability for more details.

PCAPdroid leverages the Android VpnService to receive all the traffic generated by the Android apps. No external VPN is actually created, the traffic is locally processed by the app.

_{Google Play and the Google Play logo are trademarks of Google LLC.}

User Guide

Check out the quick start instructions or the full User Guide.

Community

You can help the PCAPdroid project in many ways:

Translate the app in your language
Improve the app theme and layout
Propose and discuss new features
Open bug reports with detailed information
Make a donation
Star the project on github and on the Play Store
Of course provide code pull requests!

You can reach the PCAPdroid community on the telegram group.

What is the netd app

Many applications rely on the Android DNS resolution service netd in order to resolve names. In such cases PCAPdroid will be unable to determine the originating app and will instead mark the connection with a question mark. Nevertheless, unless root capture is enabled, it will properly capture the selected app DNS traffic when an app filter is set.

Decrypting HTTPS/TLS Traffic

PCAPdroid supports decrypting TLS traffic by sending it to mitmproxy. Check out the User Guide for more details.

Third Party

zdtun: TCP/UDP/ICMP connections proxy
nDPI: deep packet inspection library, used to extract the connections metadata
nanohttpd: tiny HTTP server
CustomActivityOnCrash: handles app crashes gracefully and allows to copy the crash log

Building

Clone this repo
Install the native dependencies: autogen autoconf bison flex libtool pkg-config libpcap-dev libjson-c-dev
Run git submodule update --init
Build the app