Android remote sniffing using Tcpdump, nc and Wireshark

If you want to sniff your devices traffic and visualize it on Wireshark, you'll need:

  • tcpdump
  • netcat
  • wireshark/tshark

Make sure you have tcpdump installed on your machine. I highly recommend you installing the Debian Kit which I've been using for years now. It makes things less complicated. Once you have done that, log in to your Android device and switch to the Debian environment:

[email protected]:/$ adb shell
# deb
[email protected]:/#

Now you can start tcpdump and pipe its output to netcat:

[email protected]:/# tcpdump -i wlan0 -s0 -w - | nc -l -p 11111

Afterwards you want to access port 11111 on the Android device using port forwarding:

[email protected]:/$ adb forward tcp:11111 tcp:11111

On your laptop/pentest machine you can run tshark:

[email protected]:/$ nc localhost 11111 | tshark -i -

Using wireshark that'd be:

[email protected]:/$ nc localhost 11111 | wireshark -k -S -i -

Happy hacking!

Prev: Redirect Androids traffic to Burp
Next: Decode Adobe Flex AMF protocol

comments powered by Disqus
2015-02-20 00:00