/* * This file is part of the Symfony package. * * (c) Fabien Potencier * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\String; if (!\function_exists(u::class)) { function u(?string $string = ''): UnicodeString { return new UnicodeString($string ?? ''); } } if (!\function_exists(b::class)) { function b(?string $string = ''): ByteString { return new ByteString($string ?? ''); } } if (!\function_exists(s::class)) { /** * @return UnicodeString|ByteString */ function s(?string $string = ''): AbstractString { $string = $string ?? ''; return preg_match('//u', $string) ? new UnicodeString($string) : new ByteString($string); } } Capture Android Traffic Remotely With Wireshark – OWASP Jakarta

Capture Android Traffic Remotely With Wireshark

Published by adminowasp on

Capture Android Traffic Remotely With Wireshark

Android network traffic interception is a process of capturing and analyzing network traffic that is transmitted or received by an Android device. This can be useful for various purposes, including debugging network issues, monitoring network activity, and identifying security vulnerabilities.

There are several ways to intercept Android network traffic, each with benefits and limitations. Here are some standard methods I used to capture android network traffic

1. Using a proxy tool: A proxy tool is software that sits between the Android device and the internet, allowing you to intercept and modify the traffic passing through it. Some popular proxy tools for Android include Burp Suite, Fiddler, and Charles. These tools are usually used by developers and security professionals to test an application’s security or debug network issues.

2. Using a packet capture tool: Packet capture tools allow you to capture and view the raw network traffic transmitted or received by the Android device. Some popular packet capture tools for Android include WireShark and tcpdump. These tools are often used by network administrators and security professionals to troubleshoot network issues and monitor network activity

3. Using a VPN: A virtual private network (VPN) is a service that encrypts and tunnels your internet traffic through a secure server. Using a VPN, you can intercept and analyze the traffic transmitted or received by the Android device.

In this article, you will learn how to capture android app traffic using Wireshark without any physical connection.

As a Malware Researcher, I have experienced that some android malware is heavily obfuscated, and we cannot use them on emulators. In that case, we must use that malware on the physical device. The Network Interception thing is that we have to pay a closer look, so I used Wireshark to study the behaviour of the Command and Control servers.

I Will show you the exact process I used to remotely capture mobile traffic using Wireshark.

Requirements

  • Physical Android Device
  • Remote PCAP Android App
  • Wireshark

Physical Device Setup

No setup is required to start, but you must install the Remote PCAP Android App.

PCAP Remote is a non-root network sniffer app that allows you to debug and analyze

Android traffic on your desktop PC using the app’s built-in SSH server. It uses the VPN service to do the Job.

After Downloading, Open the app, go to Settings, and Click on Install. It will install a Certificate. 

After that, in the main Menu, you can choose which you want to intercept the traffic and set Capture Mode to SSH Server. 

Now Click on the Start or Play Button

Click on Options, then Network Interfaces. You will see the IP addresses which you have to configure on Wireshark.

Capture android traffic remotely

In the menu, you can choose any app to capture that app’s traffic

Setup for Wireshark

First of all, download and Install Wireshark from their Official Wireshark.

While Installing, you have to install the SSH Dump from the Components.

SSH Dump Wireshark

After that, You have to Open Wireshark and click on the SSH Capture settings icon, configure the IP address you will get from the PCAP Remote’s Network interfaces, configure the port, and use any username and password for authentication.

Now you are all set. Click on save and double-click on the SSH Capture. You will notice Wireshark started capturing the traffic.

Wireshark SSH Capture

Conclusion

Hope you guys learnt how to capture android network traffic with Wireshark remotely, you can use USB dump, and there are many other methods available to do the job.

[ad_2]




Categories: News
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
News

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, Read more…

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
News

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan Japan’s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating Read more…

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
News

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could Read more…