How to sniff non-http traffic (sockets) on Genymotion/Android Emulator?

限于喜欢 提交于 2020-01-06 07:04:33

问题


I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages).

Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I try turning it on, the whole emulator restarts (probably crashes).

So how do I sniff/trace/inspect sockets traffic on Genymotion/Android emulator?


回答1:


You might have better luck by doing it on the host side, ie from the Windows/Mac/Linux machine running Genymotion.

The basics

  1. Install Wireshark

  2. Start Wireshark and select the network interface which connects you to the Internet (or to the server you are interested in). For me it is wlp1s0.

  1. Tell Wireshark you only want traffic going from your device to the server you are interested by entering ip.dst == <server-ip> in the filter line. Now go back to your device and use the application which communicates with the server. Traffic should appear in Wireshark. Here I am browsing my web site, whose IP address is 5.135.144.176:

Note that if Wireshark knows about the protocol used by the server, you can filter it. Here is the same output with the http filter:

Watching only traffic from the device

With the current setup, if you access the server from your host, this traffic will be logged by Wireshark as well. To avoid that you need to do the following:

  1. Configure your device in Bridge mode: stop the device, open its settings dialog and select Bridge:

  1. Get the device IP address: restart the device, open the "Settings" application and go to "About phone > Status", note the IP address:

  1. Add this IP address to the filter line in wireshark, like so: ip.src == <the-device-ip> and ip.dst == <the-server-ip>.


来源:https://stackoverflow.com/questions/48062494/how-to-sniff-non-http-traffic-sockets-on-genymotion-android-emulator

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!