legal contact rss

Simple *all traffic* interception of an Android app

The aim: Catch *all* traffic that is created by an Android app and capture it for analysis.

First create a new interface within Andy. (Now it's good to have a virtual box)

While the most used tool to redirect traffic in linux is "iptables", it's kind of complicated to identify the source of a traffic being a specific application.

The parameters for iptables I could find only allowed to tap traffic of:

  • a specific user
  • a specific source port
  • a specific destination ip
  • a specific destination port

Nothing from above list would let me (easily) identify *all* traffic that a certain programm creates.

BUT, there is a cool feature with android. - Every programm/app runs as it's own user, so the task is quite easy to achieve.

Install busybox on your android

Install a shell o your android

become root

find the app/user your intrested in

craft your iptables command