CodeCow/PCAPdroid
1
0
Fork 0
mirror of https://github.com/emanuele-f/PCAPdroid.git synced 2026-06-16 21:10:57 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
No-root network monitor, firewall and PCAP dumper for Android
88 Commits 6 Branches 72 Tags 24 MiB
Java 60.2%
C 38.2%
Python 0.8%
Lua 0.4%
CMake 0.3%
8aa40bcf85
Go to file
emanuele-f 8aa40bcf85 Bump version to 1.2.7
2021-01-07 23:52:43 +01:00
.idea Update nDPI to version 3.4-stable 2020-11-15 21:42:49 +01:00
app Bump version to 1.2.7 2021-01-07 23:52:43 +01:00
assets Bump version to 1.2.1, add CHANGELOG 2020-01-06 20:56:51 +01:00
gradle/wrapper Update gradle version 2019-10-05 21:29:46 +02:00
ICONS_LICENSE/app_icon Update icon 2019-11-03 23:12:34 +01:00
ndpi Add nDPI library module 2019-11-09 22:07:00 +01:00
nDPI Show nDPI information 2019-11-10 00:30:31 +01:00
tools Fix some traffic not being monitored 2020-06-09 19:02:42 +02:00
zdtun First commit 2019-09-08 22:09:03 +02:00
.gitignore Update nDPI to version 3.4-stable 2020-11-15 21:42:49 +01:00
build.gradle Update gradle version 2019-10-05 21:29:46 +02:00
CHANGELOG.md Bump version to 1.2.7 2021-01-07 23:52:43 +01:00
COPYING Add license 2019-09-08 22:11:07 +02:00
gradle.properties First commit 2019-09-08 22:09:03 +02:00
gradlew First commit 2019-09-08 22:09:03 +02:00
gradlew.bat First commit 2019-09-08 22:09:03 +02:00
README.md Remove redundant information 2020-11-18 20:26:24 +00:00
settings.gradle Add nDPI library module 2019-11-09 22:07:00 +01:00

README.md

PCAPdroid

PCAPdroid is an android app to capture the phone traffic and analyze it remotely (e.g. via Wireshark). The traffic can be easily downloaded from a remote device thanks to the integrated HTTP server, or streamed to a remote UDP receiver.

Realtime Traffic Analysis:

tools/udp_receiver.py -p 1234 | wireshark -k -i -

Features:

  • Capture apps traffic without root
  • Easily download a PCAP file thanks to the integrated HTTP server
  • Stream the PCAP on UDP to a remote receiver
  • Show captured traffic realtime statistics
  • Apply a filter to only capture traffic for the selected app
  • Get active connections details, including server name, DNS query and URL
  • Decrypt HTTPS/TLS traffic via a remote mitmproxy

Download:

https://github.com/emanuele-f/PCAPdroid/releases

https://play.google.com/store/apps/details?id=com.emanuelef.remote_capture

User Guide

Check out the quick start instructions or the full User Guide.

Community

You can help the PCAPdroid project in many ways:

  • Translate the app in your language
  • Improve the app theme and layout
  • Propose and discuss new features
  • Open bug reports with detailed information
  • Star the project on github and on the Play Store
  • Of course provide code pull requests!

You can reach the PCAPdroid developers and community on the telegram channel.

App filter and DNS Traffic

Many applications rely on the Android DNS resolution service netd in order to resolve names. All the DNS requests sent via this service will come from netd, so it's not possible to which app made the request, so the app filter won't work. In order to circunvent this, PCAPdroid will dump all the DNS traffic from netd regardless of the app filter. This can be disabled by toggling off the "Capture Unknown Traffic" preference.

How it Works

In order to run without root, the app takes advantage of the Android VPNService API to collect the packets on the device (they are not sent to an external VPN server). The zdtun connections proxy library is used to route the packets back to their original destination. Here are some diagrams of how it works:

Decrypting HTTPS/TLS Traffic

PCAPdroid supports decrypting TLS traffic by sending it to a customized version of mitmproxy. Check out the User Guide for more details.

Third Party

PCAPdroid integrates nDPI to detect the application protocol of the network connections and extract the SNI from TLS connections.

Building

  1. Clone this repo locally
  2. Clone https://github.com/emanuele-f/zdtun beside this repository
  3. Clone https://github.com/ntop/nDPI beside this repository
  4. Link the cmake file into nDPI: from this repo execute: ln -s $(readlink -f nDPI/CMakeLists.txt) ../nDPI
  5. Inside the nDPI directory, run git checkout 3.4-stable; ./autogen.sh; ./configure --disable-gcrypt
  6. Build the zdtun and ndpi modules first
  7. Then build the app module