Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/emanuele-f/PCAPdroid

No-root network monitor, firewall and PCAP dumper for Android
https://github.com/emanuele-f/PCAPdroid

android capture-traffic decryption firewall network-analysis no-root pcap pcap-files sniffer sniffing traffic-monitor wireshark

Last synced: about 2 months ago
JSON representation

No-root network monitor, firewall and PCAP dumper for Android

Awesome Lists containing this project

README 

        
# PCAPdroid



PCAPdroid is a privacy-friendly open source app which lets you track, analyze and block the connections made by the other apps in your device. It also allows you to export a PCAP dump of the traffic, inspect HTTP, decrypt TLS traffic and much more!



PCAPdroid simulates a VPN in order to capture the network traffic without root. It does not use a remote VPN server, instead data is processed locally on the device.












Features:



- Log and examine the connections made by user and system apps

- Extract the SNI, DNS query, HTTP URL and the remote IP address

- Inspect HTTP requests and replies thanks to the built-in decoders

- Inspect the full connections payload as hexdump/text

- [Decrypt the HTTPS/TLS traffic](https://emanuele-f.github.io/PCAPdroid/tls_decryption) and export the SSLKEYLOGFILE

- Dump the traffic to a PCAP file, download it from a browser, or stream it to a remote receiver for real-time analysis (e.g. Wireshark)

- Create rules to filter out the good traffic and easily spot anomalies

- Identify the country and ASN of remote server via offline DB lookups

- On rooted devices, capture the traffic while other VPN apps are running



Paid features:



- [Firewall](https://emanuele-f.github.io/PCAPdroid/paid_features#51-firewall): create rules to block individual apps, domains and IP addresses

- [Malware detection](https://emanuele-f.github.io/PCAPdroid/paid_features#52-malware-detection): detect malicious connections by using third-party blacklists

- [PCAPng format](https://emanuele-f.github.io/PCAPdroid/paid_features#53-pcapng-format): makes it easier to export and analyze decrypted traffic



If you plan to use PCAPdroid to perform packet analysis, please check out the specific section of the manual.





    Get it on F-Droid

 Get it on Google Play



You can test the latest features before the official release by adding the [Beta repository](https://pcapdroid.org/fdroid/repo/) to the F-Droid app.



## User Guide



Check out the [quick start instructions](https://emanuele-f.github.io/PCAPdroid/quick_start) or the full [User Guide](https://emanuele-f.github.io/PCAPdroid).



## Sponsors



The PCAPdroid project is sponsored by [AVEQ GmbH](https://aveq.info).



If you want to sponsor this project [drop me an email](mailto:[email protected]?subject=PCAPdroid%20sponsorship).



## Community



You can help the PCAPdroid project in many ways:



- [Make a donation](https://emanuele-f.github.io/PCAPdroid/donate)

- Translate the app on [Weblate](https://hosted.weblate.org/engage/pcapdroid/)



  Translation status




- [Discuss](https://github.com/emanuele-f/PCAPdroid/discussions) new features

- Improve the app theme and layout

- Star the project on Github and on [Google Play](https://play.google.com/store/apps/details?id=com.emanuelef.remote_capture)

- Of course provide code pull requests!



Join the international PCAPdroid community [on Telegram](https://t.me/PCAPdroid) or [on Matrix](https://matrix.to/#/#pcapdroid:matrix.org).



## Integrating into your APP



Some features of PCAPdroid can be integrated into a third-party app to provide packet capture capabilities.



- For rooted devices, the [pcapd daemon](https://github.com/emanuele-f/PCAPdroid/tree/master/app/src/main/jni/pcapd) can be directly integrated into your APK to capture network packets.

- For all the devices, PCAPdroid [exposes an API](https://github.com/emanuele-f/PCAPdroid/blob/master/docs/app_api.md) to control the packet capture and send the captured packets via UDP to your app. This requires to install PCAPdroid along with your app.



## Open Source



PCAPdroid is powered by open source technologies.



- [nDPI](https://github.com/ntop/nDPI): deep packet inspection library, provides the connections metadata

- [mitmproxy](https://github.com/mitmproxy/mitmproxy): a local proxy for the TLS decryption

- [zdtun](https://github.com/emanuele-f/zdtun): minimal TCP/IP stack for the non-root capture



For the complete list of third party libraries check out the "About" page in the app.



## Building



1. On Windows, install [gitforwindows](https://gitforwindows.org)

2. Clone this repo

3. Inside the repo dir, run `git submodule update --init`. The `submodules` directory should get populated.

4. Open the project in Android Studio, install the appropriate SDK and the NDK

5. Build the app



*Note*: If you get "No valid CMake executable was found", be sure to install the CMake version used by PCAPdroid (currently [3.22.1](https://github.com/emanuele-f/PCAPdroid/blob/master/app/build.gradle)) from the SDK manager