emanuele-f/PCAPdroid emanuele-f/PCAPdroid

  • Stars
    star
    1,794
  • Rank 25,728 (Top 0.6 %)
  • Language
    Java
  • License
    GNU General Publi...
  • Created over 4 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
emanuele-f/PCAPdroid
github

emanuele-f

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

No-root network monitor, firewall and PCAP dumper for Android

PCAPdroid

PCAPdroid is a privacy-friendly open source app which lets you track, analyze and block the connections made by the other apps in your device. It also allows you to export a PCAP dump of the traffic, inspect HTTP, decrypt TLS traffic and much more!

PCAPdroid simulates a VPN in order to capture the network traffic without root. It does not use a remote VPN server, instead data is processed locally on the device.

Features:

  • Log and examine the connections made by user and system apps
  • Extract the SNI, DNS query, HTTP URL and the remote IP address
  • Inspect HTTP requests and replies thanks to the built-in decoders
  • Inspect the full connections payload as hexdump/text
  • Decrypt the HTTPS/TLS traffic and export the SSLKEYLOGFILE
  • Dump the traffic to a PCAP file, download it from a browser, or stream it to a remote receiver for real-time analysis (e.g. Wireshark)
  • Create rules to filter out the good traffic and easily spot anomalies
  • Identify the country and ASN of remote server via offline DB lookups
  • On rooted devices, capture the traffic while other VPN apps are running

Paid features:

  • Firewall: create rules to block individual apps, domains and IP addresses
  • Malware detection: detect malicious connections by using third-party blacklists

If you plan to use PCAPdroid to perform packet analysis, please check out the specific section of the manual.

Get it on F-Droid Get it on Google Play

You can test the latest features before the official release by adding the Beta repository to the F-Droid app.

User Guide

Check out the quick start instructions or the full User Guide.

Sponsors

The PCAPdroid project is sponsored by AVEQ GmbH.

If you want to sponsor this project drop me an email.

Community

You can help the PCAPdroid project in many ways:

Translation status
  • Improve the app theme and layout
  • Star the project on Github and on Google Play
  • Of course provide code pull requests!

Join the international PCAPdroid community on Telegram or on Matrix.

Integrating into your APP

Some features of PCAPdroid can be integrated into a third-party app to provide packet capture capabilities.

  • For rooted devices, the pcapd daemon can be directly integrated into your APK to capture network packets.
  • For all the devices, PCAPdroid exposes an API to control the packet capture and send the captured packets via UDP to your app. This requires to install PCAPdroid along with your app.

Third Party

  • zdtun: TCP/UDP/ICMP connections proxy
  • nDPI: deep packet inspection library, used to extract the connections metadata
  • mitmproxy: a local proxy used to perform TLS decryption

For the complete list of third party libraries and the corresponding licenses check out the "About" page in the app.

Building

  1. On Windows, install gitforwindows
  2. Clone this repo
  3. Inside the repo dir, run git submodule update --init. The submodules directory should get populated.
  4. Open the project in Android Studio, install the appropriate SDK and the NDK
  5. Build the app

Note: If you get "No valid CMake executable was found", be sure to install the CMake version used by PCAPdroid (currently 3.22.1) from the SDK manager

More Repositories

1

PCAPdroid-mitm

Mitm addon for PCAPdroid
Java
134
star
2

zdtun

zdtun: add VPN-like features to any app without additional dependencies
C
49
star
3

dhcp-spoof

Memo and tool for the DHCP spoofing attack
C
14
star
4

RemoteCapture

Capture traffic on Android devices and send the PCAP via UDP. No root privileges required.
Java
14
star
5

DNSleak

A tool to locally detect DNS leaks
C
13
star
6

PCAPReceiver

A sample app to show how to receive packets via PCAPdroid
Java
10
star
7

gbcoid

Gameboy and Gameboy Color emulator for Android phones (gbcoid)
C
9
star
8

netwatch

Netwatch is a tool to monitor the presence of the devices into a network.
CSS
6
star
9

remote-deauth

Server/Client model to perform targeted deauth attacks
C
5
star
10

Just-Player-Receiver

An app to play videos by URL on Just Player via HTTP
Java
5
star
11

pcapd-bin

pre-compiled pcapd binaries
Makefile
5
star
12

chaquopy-wheels

Pre-built wheels for Chaquopy
2
star
13

hostap

wpa_supplicant patched to connect to AP with same MAC but different channel
C
2
star
14

udpcat

Simple UDP program which outputs the received UDP data
C
2
star
15

PCAPdroid_res

Binary resources for PCAPdroid
Shell
2
star
16

lumen-control

Detatched server and clients to control Tabu Lumen device
Java
2
star
17

pcapng_parser

A pcapng file parser written in C
C
2
star
18

easysocks

Connect programs to SSH socks proxy with ease
Python
2
star
19

udpping

C
2
star
20

TouchInjector

Android app which simulates touch events by translating inputs from a remotely connected gamepad
Java
2
star
21

pbridge

ptrace based framework for 64 bits linux process injection
C
2
star
22

ushark-test

2
star
23

tcp_forwarded_for

X-Forwarded-For with TCP proxies
C
1
star
24

a52s_debloat

Lista debloat privacy per galaxy A52S 5G (versione italiana)
1
star
25

0ad-units

Web formatter and filter for 0ad strategy game units
HTML
1
star
26

ntop

ntop legacy - clone of https://svn.ntop.org/svn/ntop/trunk/ntop
C
1
star
27

pcap_parser

A PCAP file parser to print PCAP headers, data and offsets
C
1
star