packet-sniffers

问题 I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages). Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I

问题 I've got a strange issue with the Scapy sniff() function. This is how my class is looking: from scapy.all import * import sys import datetime import Queue from threading import Thread class packet_sniffer(Thread): def __init__(self,pass_queue): super(packet_sniffer,self).__init__() print 'Packet sniffer started' self.queue=pass_queue self.device_dict={} self.not_an_ap={} def PacketHandler(self,pkt): if pkt.haslayer(Dot11): sig_str = -(256-ord(pkt.notdecoded[-4:-3])) mac_addr="" ssid="" try:

问题 I'm trying to figure out why REST calls sent from my handheld device (Windows CE / Compact Framework) are not making it to my server app (regular, full-fledged .NET app running on my PC). The handheld device and the PC are connected - I know that because I can see the handheld device in the PC's Windows Explorer, Windows Mobile Device Center verifies the connection between the two is valid, etc. I reach the breakpoint on my server app running on my PC when I pass the same REST call via

问题 I want to sniff a local HTTP request to an ASP.NET web application. Is telnet an option? How do you capture packets to a web application? 回答1: Depending on your exact requirements, Fiddler may be sufficient. 回答2: http://www.wireshark.org/ is a very advanced and free sniffer/protocol analyzer. I use it on our servers to monitor things from sip protocol info to raw http data. Its all you need and you can add filter rules to just get the data from certain IP etc. ie: ip.addr == 192.168.1.1 Raw

问题 I am trying to sniff the http headers by using tcpdump. This filter works well but I can't understand it - (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) I've googled it but I can't find any useful info Here is the whole tcpdump command sudo tcpdump -A 'dst [dest host] or src [src host] and tcp and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i eth0 回答1: It's not the BPF filter that gets http headers but the "-A" switch on your tcpdump command. Your tcpdump

问题 I'm curious as to how I could figure out the API URL an Android application (any app I have installed) uses if it makes API calls to some online server (a RESTful service for example). I presume I have to capture packets on the device and maybe analyse them in Wireshark or something to find the URL? I'm fairly competent in Java/Android development, but a bit lost when it comes to any sort of network analysis business. 回答1: you can do this with help of WireShark. I am listing steps here

问题 My apologies in advance if my question seems a little unprofessional... I am not much of a developer after all. As part of my university project I need to develop a program that will listen on the network and tell whether the traffic is encrypted or not? What's important is only to know if the traffic coming to a network end is encrypted and it's not really important to know the type and the algorithm of the encryption. I really have no clue where to begin. I'd appreciate it if anyone could

问题 Filter by TCP and port, using the BerkeleyPacketFilter Having problem converting the code on tutorial from Pcap.net. Need to be able to filter packets by TCP and insert port value. I am not able to understand the BerkeleyPacketFilter syntax. //choose port Console.WriteLine("Choose port nr"); string portnr = Console.ReadLine(); int port = Int32.Parse(portnr); // Compile the filter using (BerkeleyPacketFilter filter = communicator.CreateFilter(port)) { // Set the filter communicator.SetFilter

问题 I set up a squid proxy server, and I would like to monitor and modify certain HTTP POST requests before it goes out of squid. What are my options? 回答1: Take a look at the Squid page on Content Adaptation to find what you're looking for. Those are valid options, although the only really good one is new in Squid 3. Another option, and what I use personally for this, is to transparently redirect the request to a script which modifies it and then forwards the changed version to the original

问题 In order to learn how other applications connect to internet services I would like to monitor the traffic via Wireshark on my Linux PC. I know there are Wireshark tools for Android, but these require that the phone is rooted which mine isn't. I have read several places that if the phone and the pc running wireshark use the same wifi connection, it is possible to monitor the traffic from Wireshark on the pc if it is running in promiscous mode. I have tried that but I can't see any traffic