Several ways to grab a bag on Android phone

First, grab the packet with Burp (HTTP and HTTPS)

Make the phone and PC in the same LAN, on the PC open burp set proxy for the IP of the PC, the port can be customized, on the phone with proxydroid set up the network or manually modify the agent for the PC's IP and port is OK.

Some app client communication using HTTPS, first on the computer with Burp and browser access to these HTTPS sites, Then, in the browser, export all the certificates (. cer) associated with these HTTPS websites, copy the certificate to the phone for installation so that the phone has a certificate, it can be burp to catch the package.

Reference:

1, http://drops.wooyun.org/tips/749

2, http://resources.infosecinstitute.com/ android-application-penetration-testing-setting-certificate-installation-goatdroid-installation/

3, http://www.freebuf.com/articles/web/6577.html

4, Http://wenku.baidu.com/link?url=QgXSSsCYv2eeZLfQAVg2ETE5k6bGOe-rozBjsGYIhBHkn2VONG6iesQTOrtTafvazaFGWYiDpMKC _2zyhqzt-ghhkarcat6fkmffnloksfy

Second, on the mobile phone with tcpdump grab bag and then use Wireshark analysis

ADB root

ADB push e:/tcpdump/system/bin/

ADB shell chmod 777/system/bin/tcpdump

ADB shell/system/bin/tcpdump-i any-vv-p-S 0-w/data/local/1.pcap//press CTRL + C to stop grasping the bag

ADB pull/data/local/1.pcap e:/

Or install better Terminal Emulator Pro on your phone, upload tcpdump, press the volume down button + C stop grabbing the bag

Write a sh file to simplify the packet capture operation:

Note: The phone must be root,tcpdump to catch all the bags, Wireshark can not change the package. After Android 5, the system forces the binary file Support Pie (position-independent-executable) to improve system security, the Tcpdump package can be found basically no pie can not be executed, you need to modify the Tcpdump compilation options ( Very troublesome), just found compiled ready: http://www.liudonghua.com/?p=372 (Test available).

Reference:

1, http://zone.wooyun.org/content/4143

Third, the computer to open WiFi hotspot, mobile phone with WiFi, with Wireshark real-time catch wireless network card packet Analysis

Some apps that can't get a package through burp may be taking other protocols, and this method is handy because you don't have to pull pcap files back and forth.

Reference:

1, HTTP://LOUDONG.360.CN/BLOG/VIEW/ID/9

2, http://zone.wooyun.org/content/20107

3, http://www.cnblogs.com/TankXiao/archive/2012/10/10/2711777.html

Several ways to grab a bag on Android phone