如何在Genymotion/Android模拟器上嗅探非HTTP流量(套接字)? [英] How to sniff non-http traffic (sockets) on Genymotion/Android Emulator?

问题描述

我正在尝试对一个Android应用的流量进行逆向工程，它正在使用套接字，xmpp或其他功能，但在某些功能上不使用http(s).我之所以知道这一点，是因为Charles看不到某些请求，但是肯定可以肯定地来自服务器的数据(例如聊天消息).

I'm trying to reverse engineer one Android app's traffic and it's using sockets, xmpp or something else, but not http(s) on some features. I know this because Charles does not see some requests, but data is definitely coming from the server for sure (e.g. chat messages).

Android允许设置http(s)代理，而不是袜子. ProxyDroid在genymotion上不起作用，因为它是x86，而ProxyDroid不支持该功能.在genymotion上尝试过Drony应用程序，该应用程序应该允许袜子代理，但是一旦我尝试打开它，整个模拟器就会重新启动(可能会崩溃).

Android allows to set http(s) proxy, not socks. ProxyDroid doesn't work on genymotion, because it's x86 and ProxyDroid doesn't support that. Tried Drony app on genymotion, which supposedly should allow socks proxy, but once I try turning it on, the whole emulator restarts (probably crashes).

那么我如何在Genymotion/Android模拟器上嗅探/跟踪/检查套接字流量?

So how do I sniff/trace/inspect sockets traffic on Genymotion/Android emulator?

推荐答案

在主机端(例如，运行Genymotion的Windows/Mac/Linux计算机上)进行此操作可能会更好.

You might have better luck by doing it on the host side, ie from the Windows/Mac/Linux machine running Genymotion.

1. 安装 Wireshark

启动Wireshark并选择将您连接到Internet(或您感兴趣的服务器)的网络接口.对我来说是wlp1s0.

Start Wireshark and select the network interface which connects you to the Internet (or to the server you are interested in). For me it is wlp1s0.

1. 告诉Wireshark，您只希望通过在过滤器行中输入ip.dst == <server-ip>来使流量从设备流向您感兴趣的服务器.现在返回您的设备并使用与服务器通信的应用程序.流量应出现在Wireshark中.在这里，我正在浏览我的网站，其IP地址为5.135.144.176:

1. Tell Wireshark you only want traffic going from your device to the server you are interested by entering ip.dst == <server-ip> in the filter line. Now go back to your device and use the application which communicates with the server. Traffic should appear in Wireshark. Here I am browsing my web site, whose IP address is 5.135.144.176:

请注意，如果Wireshark知道服务器使用的协议，则可以对其进行过滤.这是与http过滤器相同的输出:

Note that if Wireshark knows about the protocol used by the server, you can filter it. Here is the same output with the http filter:

在当前设置下，如果您从主机访问服务器，则Wireshark也会记录此流量.为避免这种情况，您需要执行以下操作:

With the current setup, if you access the server from your host, this traffic will be logged by Wireshark as well. To avoid that you need to do the following:

1. 以桥接模式配置设备:停止设备，打开其设置对话框，然后选择桥接:

1. 获取设备IP地址:重新启动设备，打开设置"应用程序，然后转到关于手机>状态"，记下IP地址:

1. 将此IP地址添加到Wireshark的过滤器行中，如下所示:ip.src == <the-device-ip> and ip.dst == <the-server-ip>.

这篇关于如何在Genymotion/Android模拟器上嗅探非HTTP流量(套接字)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！