Grab bag on Android platform

There are often some test requirements such as testing whether the Internet communication for an app on your phone is encrypted, or testing whether an app secretly links to certain sites.

There are two main ways to catch a packet:

1. In the router-side grab packet: Use a PC that is already connected to the router to crawl all data transfer information on the router.

2. In the terminal grab bag: In the terminal (cell phone, tablet, etc.) crawl the network transmission information of the secondary terminal equipment.

Note: You can easily download to a lot of the APK can be used to grab the package, but the premise is that Android phone or terminal to root, I tried the 一、二款, feeling not ideal.

In fact, these tools on the Internet are also using tcpdump this command line tool to achieve the capture package, the following I would like to briefly say Method 2, that is, the specific operation of the terminal capture package:

Ready

Of course it is necessary to download good tcpdump this tool: Http://www.strazzere.com/android/tcpdump

You can also download the source code from Tcpdump's official website, but the tcpdump of the Android system can be obtained from the website as above. The tools downloaded from the website above do not depend on the CPU architecture of the mobile phone, so it is safe to use whether the arm or the x86 platform can run.

Installation

The ease of installation varies depending on whether the terminal is root or not. Please use ADB to transfer tcpdump to SD card.

$> ADB push tcpdump/sdcard/

For machines that have already been rooted, use adb root, adb remount,

$>ADB root$>adb remount

Then copy the tcpdump to/system/xbin, modify the Execute permission (you can use chmod 777 tcpdump)

For machines that do not have root, you can use tools such as "Brush Wizard" to get root privileges. The author uses the R.e browser to manually copy tcpdump from SDcard to/system/xbin and then add execute permissions.

After doing so, you should ensure that your tcpdump this file is already under/system/xbin, and that you have the executable permissions.

"Grab Bag"

Depending on the scene used, the parameters of the tcpdump are set accordingly, and a common tcpdump-p-vv-s 0-w/sdcard/log1.pcap is listed here.

The output is written in the Log1.pcap file on the SD card.

If you encounter a similar problem with "device not suitable" using the command above, the execution permissions are not correct. I generally use the following command to grab the bag

$> adb shell su tcpdump-p-vv-s 0-w/sdcard/log1.pcap

Su is to allow tcpdump to run under root.

If Tcpdump runs successfully, you will see that the command line has been suspended, this time you need to test the app, the data is captured.

Analysis

The resulting data file Xx.pcap can be analyzed using the Wireshark tool, which can be obtained from http://www.wireshark.org/download.html.

If Wireshark is installed successfully, you can find that the packet you have caught has a small icon:

Double-click the file and the Wireshark will give you a message:

Here is not going to introduce the data analysis method, simply say, first of all to determine the data you want to analyze the layer (the application layer, or the transport layer, or another layer), find the corresponding protocol, and then analyze the data.

Summary

The above is the method of grasping the package, also can be used on Linux base system.