ChatGPT解决这个技术问题 Extra ChatGPT

Capturing mobile phone traffic on Wireshark

How can I capture mobile phone traffic on Wireshark?

Windows users can try this stackoverflow.com/a/65774666/10532966

A
AtomicBoolean

Here are some suggestions:

For Android phones, any network: Root your phone, then install tcpdump on it. This app is a tcpdump wrapper that will install tcpdump and enable you to start captures using a GUI. Tip: You will need to make sure you supply the right interface name for the capture and this varies from one device to another, eg -i eth0 or -i tiwlan0 - or use -i any to log all interfaces For Android 4.0+ phones: Android PCAP from Kismet uses the USB OTG interface to support packet capture without requiring root. I haven't tried this app, and there are some restrictions on the type of devices supported (see their page) For Android phones: tPacketCapture uses the Android VPN service to intercept packets and capture them. I have used this app successfully, but it also seems to affect the performance with large traffic volumes (eg video streaming) For IOS 5+ devices, any network: iOS 5 added a remote virtual interface (RVI) facility that lets you use Mac OS X packet trace programs to capture traces from an iOS device. See here for more details For all phones, wi-fi only: Set up your Mac or PC as a wireless access point, then run wireshark on the computer. For all phones, wi-fi only: Get a capture device that can sniff wi-fi. This has the advantage of giving you 802.11x headers as well, but you may miss some of the packets Capture using a VPN server: Its fairly easy to set-up your own VPN server using OpenVPN. You can then route your traffic through your server by setting up the mobile device as a VPN client and capture the traffic on the server end.

If you are interested in setting up a rogue access point on Windows 7 and above and capture packets using Wireshark, have a look at the steps I put together at mohit.io/blog/… This will work for any device that supports WiFi (Android, iOS, Wii, XBox, etc)
Regarding option 2: that's practically a non-existent option. From their page: "You will need [...] and a RTL8187 based wireless NIC"!!!!
For me, the option #3 is the easiest to do simple tasks such as check what calls a certain app does.
Most of those don’t work for packets that never leave the device or if you already use a VPN. So these are useless for solving MTU/fragmentation-related problems.
What if I want to do the opposite? Use my usb-connected smartphone to capture my PC's packets? Basically run a wireshark-like software on my Android phone
s
skrrgwasme

In addition to rupello's excellent answer, a "dirty" but very effective trick:

For all phones, any (local) network: Set up your PC to Man-In-The-Middle your mobile device.

Use Ettercap to do ARP spoofing between your mobile device and your router, and all your mobile's traffic will appear in Wireshark. See this tutorial for set-up details

You can also use Charles proxy on Mac OS, for capturing HTTP traffic, it has a very nice interface and functionalities. You'll need to set up your computer's local IP has a proxy on your phone. It can sniff TLS traffic too, and do it without a warning if you install Charles' certificate on the phone.
M
MazeChaZer

Another option which has not been suggested here is to run the app you want to monitor in the Android emulator from the Android SDK. You can then easily capture the traffic with wireshark on the same machine.

This was the easiest option for me.

That's interesting option. Can it handle ssl packets ?
The best and the easiest option is this one. Why messing with the phone? rooting, compiling tcpdump to be compatible with ARM CPUs, arpspoofing local network to direct traffic toward ethernet BLAH BLAH BLAH and eventually run wireshark and capture the packets??. Just install the app in an emulator and capture ethernet. easy-peasy
because there are some 3rd party libraries, which could not be changed, but detects that it running on emulator and change its behaviour. And such you need real device.
d
drbobdugan

Wireshark + OSX + iOS:

Great overview so far, but if you want specifics for Wireshark + OSX + iOS:

install Wireshark on your computer

connect iOS device to computer via USB cable

connect iOS device and computer to the same WiFi network

run this command in a OSX terminal window: rvictl -s x where x is the UDID of your iOS device. You can find the UDID of your iOS device via iTunes (make sure you are using the UDID and not the serial number).

goto Wireshark Capture->Options, a dialog box appears, click on the line rvi0 then press the Start button.

https://i.stack.imgur.com/mufET.png

Now you will see all network traffic on the iOS device. It can be pretty overwhelming. A couple of pointers:

don't use iOS with a VPN, you don't be able to make sense of the encrypted traffic

use simple filters to focus on interesting traffic

ip.addr==204.144.14.134 views traffic with a source or destination address of 204.144.14.134

http views only http traffic

Here's a sample window depicting TCP traffic for for pdf download from 204.144.14.134:

https://i.stack.imgur.com/4l7tC.jpg

F
Farrukh Najmi

For Android phone I used tPacketCapture: https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en

This app was a lifesaver I was debugging a problem with failure of SSL/TLS handshake on my Android app. Tried to setup ad hoc networking so I could use wireshark on my laptop. It did not work for me. This app quickly allowed me to capture network traffic, share it on my Google Drive so I could download on my laptop where I could examine it with Wireshark! Awesome and no root required!

Won’t work, if your problems only occur when using a VPN (and never end up on the hub/router either).
A
Akira Yamamoto

Packet Capture Android app implements a VPN that logs all network traffic on the Android device. You don't need to setup any VPN/proxy server on your PC. Does not needs root. Supports SSL decryption which tPacketCapture does not. It also includes a good log viewer.

That VPN not working... no page is opening or data is fetched... having that VPN is like having no internet connection...
A
AtomicBoolean

Preconditions: adb and wireshark is installed on your computer and you have a rooted android device.

Download tcpdump to ~/Downloads adb push ~/Downloads/tcpdump /sdcard/ adb shell su root mv /sdcard/tcpdump /data/local/ cd /data/local/ chmod +x tcpdump ./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap CTRL+C after you've captured enough packets. exit exit adb pull /sdcard/dump.pcap ~/Downloads/

Now you can open the pcap file using Wireshark.

P
Pieter De Clercq

Install Fiddler on your PC and use it as a proxy on your Android device.

Source: http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler

This is only useful for HTTP/HTTPS traffic.
P
Peter Jeffe

Similarly to making your PC a wireless access point, but can be much easier, is using reverse tethering. If you happen to have an HTC phone they have a nice reverse-tethering option called "Internet pass-through", under the network/mobile network sharing settings. It routes all your traffic through your PC and you can just run Wireshark there.

F
FireCruZ

Make your laptop a wifi hotspot for your phone (any) and connect it to internet. Sniff Traffic on your wifi interface using wireshark.

you will get to know a lot of anti privacy stuff!

Can you be more specific on how to do it on at least one platform (Windows, Linux or Mac OS X) ?
u
user276648

For Android, I previously used tPacketCapture but it didn't work well for an app streaming some video. I'm now using Shark. You need to be root to use it though.

It uses TCPDump (check the arguments you can pass) and creates a pcap file that can be read by Wireshark. The default arguments are usually good enough for me.

Shark is no longer available on Google Play.
Indeed, it seems to have been removed. The site swapper.n3o.lv also doesn't seem to hold the apks anymore.
e
emanuele-f

As a Wireshark alternative/companion for Android, you can try my open source app PCAPdroid. On non-rooted devices, it uses the VPNService to capture the traffic with some limitations. On rooted devices, it works like a user-friendly tcpdump.

You can analyze connections and packets payload directly into the app, or export the traffic in PCAP format to analyze it on a PC with Wireshark. It has many other cool features, give it a try!

Just the greatest solution for non rooted Android devices!
A
Andrey Egorov

I had a similar problem that inspired me to develop an app that could help to capture traffic from an Android device. The app features SSH server that allows you to have traffic in Wireshark on the fly (sshdump wireshark component). As the app uses an OS feature called VPNService to capture traffic, it does not require the root access.

The app is in early Beta. If you have any issues/suggestions, do not hesitate to let me know.

Download From Play

Tutorial in which you could read additional details

H
Haseeb Javed

For iOS Devices:

⦿ Open Terminal and simply write: 

rvictl -s udid

it'll open an interface on Wireshark with a name, In my case its rvi0.

https://i.stack.imgur.com/b0vHs.png

udid is iPhone's unique device id.

(How to find my iOS Device UDID)

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.