CodeCow/PCAPdroid
1
0
Fork 0
mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-06-19 21:05:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
736f4047fa
PCAPdroid/README.md
Emanuele Faranda 736f4047fa
Update README.md
2019-10-26 13:22:54 +02:00

1.4 KiB
Raw Blame History

Remote Capture

Remote Capture captures the android apps traffic to analyze it remotely (e.g. via Wireshark). The traffic is sent live via an UDP socket and can be easily captured remotely with:

Features:

  • Capture apps traffic without root
  • Send captured traffic via UDP
  • Show captured traffic realtime statistics
  • Apply a filter to only capture traffic for the selected app

Download:

https://github.com/emanuele-f/RemoteCapture/releases

Receiving the PCAP

In order to receive the PCAP on the collector host, perform the following steps in order:

  1. Ensure that the Remote Capture VPN is not running (key icon is not shown)
  2. Run the PCAP collector program (e.g. wireshark) on the host
  3. Start the Remote Capture VPN via the start button

To start a new capture, stop the VPN and repeat the steps above.

Examples

  • Analyze the traffic in Wireshark:
socat -b 65535 - udp4-listen:1234 | wireshark -k -i -
  • Write the traffic to a PCAP file:
socat -b 65535 - udp4-listen:1234 | tcpdump -w dump.pcap -r -

Note: the -b option of socat is required as the default UDP buffer size of 8192 B of nc or socat is not enough to handle the encapsulated packets.

Building

In order to build the app, you need to clone https://github.com/emanuele-f/zdtun beside the RemoteCapture directory