From our past Android experience and papers available on Internet, it only mentioned about intercepting browser based application traffic. Some of the papers mentioned about native apps but those apps eventually communicate over HTTP protocol. Read here for traffic interception for HTTP based application.

‍

Challenge Scenario

Native app perfectly works fine when no proxy is set-up on emulator and is connected to internet over wi-fi. The moment we change APN settings of Android emulator, application stops and throws a “Network Error” without any more details.

‍

The Solution

Initially we wanted to capture and modify the traffic as we do for normal Android web app and apply web app security test cases. After digging into the problem for quite some time, we got my hands onto debugging of Android with tcpdump. This allowed us to create a pcap file and then conduct analysis using wireshark in a normal traffic analysis way.

‍

The Steps

Start Android emulator using emulator.exe under /tools/emulator.exe

‍

Issue command:

emulator.exe avd avd_name -tcpdump apptraffic.pcap

This command will start your emulator in a new window and will dump all traffic sent and receive to a apptraffic.pcap file.

The file can then be imported to wireshark for further analysis. Here’s a screenshot:

With careful analysis of TCP packets you can detect server IP address and port. To further filter out your result and capture only for specific port use below switch:

emulator.exe avd avd_name -tcpdump apptraffic.pcap port 10004‍

Share this post