嗅探一个Android应用程序，以找到API网址 [英] Sniffing an Android app to find API URL

问题描述

我很好奇，我怎么能弄清楚，如果它使API调用一些在线服务器（例如RESTful服务）的Andr​​oid应用程序（任何应用程序我已经安装）使用API​​的URL。我presume我要捕捉设备上的数据包，也许分析它们在Wireshark的或有事找的网址是什么？我在的Java / Android开发相当能干，但有点失落，当涉及到任何种类的网络分析业务。

I'm curious as to how I could figure out the API URL an Android application (any app I have installed) uses if it makes API calls to some online server (a RESTful service for example). I presume I have to capture packets on the device and maybe analyse them in Wireshark or something to find the URL? I'm fairly competent in Java/Android development, but a bit lost when it comes to any sort of network analysis business.

任何指针有用的信息，甚至一个简单的步行通过将不胜AP preciated。

Any pointers to useful information or even a brief walk-through would be greatly appreciated.

感谢

推荐答案

您可以用 Wireshark的帮助做到这一点。我列出的步骤这里

you can do this with help of wireshark. I am listing steps here

1. 您的计算机上安装的Wireshark
2. 现在，我们要创建的Andr​​oid虚拟设备（ADV），所以我们会从官方网站下载Android SDK。 Android SDK中附带模拟器测试
3. 在建立的Andr​​oid SDK后，创建一个Android虚拟设备（AVD）上，我们将安装的应用程序
4. 在启动该虚拟设备。您可以使用命令行启动（模拟器@＆LT; AVD名称＆gt; ）
5. 在创建使用虚拟设备上安装应用程序后，亚行命令 ADB安装app_file_name.apk
6. 现在，我们就可以开始捕捉数据包，所以我会建议关闭其他应用程序在计算机这是通过网络，我们捕获的数据包会更相关的。
7. 现在，开始Wireshark的具有root访问权限

8. 要捕捉并单击Start开始捕获选择界面。你可以看到屏幕截图在 http://i.stack.imgur.com/C891Q.png 或低于

1. Install wireshark on your computer
2. now we have to create Android virtual device(ADV) so we will download Android SDK from official site. Android SDK come with emulator for testing
3. after setting up Android SDK, create a Android virtual Device(AVD) on which we will install app
4. start that virtual device. you can use command line to start (emulator @<AVD name>)
5. after creating virtual device install app using adb command adb install app_file_name.apk
6. now we can start capturing the packets so I will suggest to close other application on your computer which are using network so our captured packets would be more relevant.
7. now start wireshark with root access

8. select interface which you want to capture and click start to start capturing. you can see screenshot at http://i.stack.imgur.com/C891Q.png or below

现在开始使用该应用程序，以便数据包传输来来回回和Wireshark将捕获它。你会看到在 http://i.stack.imgur.com/9Brdl.png或低于

now start using that app so packets will transfer to and fro and wireshark will capture it. you will see details in wireshark like this sreenshot at http://i.stack.imgur.com/9Brdl.png or below

如果你已经使用的应用程序，涵盖所有种类的活动，那么你可以停止Wireshark来捕获数据包。

if you have used app covering all sort of activity then you can stop wireshark to capture packets.

现在开始主要业务仔细分析数据包，但不是所有的数据包是有用的为我们的工作。所以让我们报文过滤这是与您有关。让您的IP地址为192.168.0.32，然后筛选其IP是这一切的数据包。所以过滤器EX pression将 ip.addr == 192.168.0.32 应用此过滤器。还是我们的应用另一个过滤器列出了只有那么可能是该应用程序在访问使用HTTP协议的API，以便适用于HTTP过滤器唯一相关的数据包。 EX pression将 HTTP 。您可以同时应用是过滤后的一次 ip.addr == 192.168.0.32和http preSS输入申请。现在你将看到最相关的数据包你。你可以看到的截图在 http://i.stack.imgur.com/rZ6Vu.png 或低于

now start main business to analyse packets carefully but not all packets are usefull for our job. so lets filter packets which are relevant for you. lets your IP address is 192.168.0.32 then filter all the packets whose IP is this. so filter expression will be ip.addr==192.168.0.32 apply this filter. still we an apply another filter to list up only relevant packets only so possibly that app is accessing API with HTTP protocol so apply HTTP filter. expression would be http. you can apply both are filter at once ip.addr==192.168.0.32 and http press enter to apply. now you will see most relevant packets for you. you can see the screenshot at http://i.stack.imgur.com/rZ6Vu.png or below

中显示的信息仔细列出的数据包，你会看到很多重要的细节，API密钥，饼干等

see the info carefully for listed packets you will see lot of important details, API keys, cookies etc

这篇关于嗅探一个Android应用程序，以找到API网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！