Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Traffic Sniffing

li0nsar3c00l
li0nsar3c00l
in Network Security

Featured Replies

Posted

I'm trying to sniff all traffic coming from my android phone (rooted), especially https, but I haven't found a way yet.

I assume the apk I'm primarily interested in, uses certificate pinning.

Can anyone recommend me a solution or provide some tipps?

thanks in advanced

Hey,

 

have you tried Burp Proxy? This is considered the most reliable solution. (Pro Version is out there somewhere)

https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-device-to-work-with-burp

It's also possible to bypass certificate pinning using "TrustKiller" or "SSLUnpinning"
https://github.com/iSECPartners/Android-SSL-TrustKiller

https://github.com/ac-pm/SSLUnpinning_Xposed

 

Or you could decompile the specific App and patch the certificate pinning function in it, sign it and upload it to your device. (Not recommended :-) )

I use burp proxy, it's very very easy and quick to setup. Takes less then 5 minutes. I use it for iphone and android.

You can test these APK. I made something similar in the past and use it:

http://www.appbrain.com/app/shark-for-root/lv.n3o.shark

http://www.kismetwireless.net/android-pcap/

The are a lot of alternatives sniffer apps if you want to do it directly on your smartphone or set up your PC as a wireless access point, then run wireshark on the PC.
Here for example: http://lifehacker.com/5369381/turn-your-windows-7-pc-into-a-wireless-hotspot

Hope it helps. ;)

  • Author
22 hours ago, Zulu said:

Hey,

 

have you tried Burp Proxy? This is considered the most reliable solution. (Pro Version is out there somewhere)

https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-device-to-work-with-burp

It's also possible to bypass certificate pinning using "TrustKiller" or "SSLUnpinning"
https://github.com/iSECPartners/Android-SSL-TrustKiller

https://github.com/ac-pm/SSLUnpinning_Xposed

 

Or you could decompile the specific App and patch the certificate pinning function in it, sign it and upload it to your device. (Not recommended :-) )

i tried burp suite, however i'm not able to see any app traffic besies i installed the cert. propably due to the fact, that the wifi proxy only works for the browser

so i tried to redirect the traffic using proxydroid, but not succesfull. on http it just goes through, with https mode it doesnt connect. i assume because of the untrusted cert. was that correct so far?

now i only need to find a way to install xposed on my sm-g900f, any tipps for deodexing a stock rom without wiping any data?

Edited by li0nsar3c00l

  • 5 weeks later...
  • Author

The problem occured due to certificate pinning. In general fiddldr or burp works fine

  • 3 months later...

You can disable certificate pinning if your phone is rooted. I believe it was called SSL Trust Killer. 

If it is something you are trying to intercept on an android phone, you could try and run an emulator in a virtual machine and intercept from outside it maybe? Memu is a nice emulator although there is more.. then run wireshark on the host of the virtual machine.. ( or debug what's going through the emulator.. has to be decrypted / encrypted somewhere ;) )

Edited by Nemo

Exactly as Nemo suggested, using an emulator for intercepting ssl traffic may prove helpful.

I have had success by installing the burp cert in the root ca store within emulator.
For intercepting traffic some tutorials suggests to set a manual proxy. This may not work as not all apps respect the proxy settings.

A better option is to use the -http-proxy command  line arg while launching the emulator.
For instance if burp is running on port 8080, you can use the following command. 

emulator -avd <avd name> -http-proxy 127.0.0.1:8080

Additionally, in newer versions of android (lollipop and above) you can use a reverse proxy.
To intercept ssl traffic on port 443 you can do, 

adb reverse tcp:443 tcp:8080

Lastly since SSL works in a different way compared to normal HTTP traffic you may only see the ip addresses and not the hostnames in your interception proxy.
This is particularly true in older versions of burp.

To workaround this problem you can rewrite the DNS requests before it reaches burp. A tutorial on this method is available on this blog post.

  • 3 weeks later...

Use SandroProxy apk.

  • 1 month later...

If you use a Mac, you might want to have a look at Debookee for network traffic analysis of your devices (it does not decrypt HTTPS yet, but this might be supported later).

If you want to view all HTTP/HTTPS traffic and modify any data sent/received, I can recommend Charles Web Debugging Proxy.

Edited by Alain

    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.