Android 抓包分析
西狂杨过 2013-02-07
工具准备:
1. adb
2. tcpdump
3. wirshark
步骤:(下面仅适用于模拟器)
1. adb root
2. adb push c:\tcpdump /data/local/tcpdump
3. adb shell
4 # chmod 6755 /data/local/tcpdump /*修改读写权限*/
5.开始抓包
# cd /data/local
# ./tcpdump -p -vv -s 0 -w /sdcard/capture.pcap
/****************
"-p": disable promiscuous mode (doesn't work anyway)
"-s 0": capture the entire packet
"-w": write packets to a file (rather than printing to stdout) ...
do whatever you want to capture, then ^C to stop it ...
****************/
6. 导出pcap包,新开一个cmd:
adb pull /sdcard/capture.pcap c:\123.pcap
7. 用wirshark打开c:\123.pcap就可以分析了
步骤:(下面适用于真机)
1. ROOT真机
2. adb push d:\tcpdump /data/local/tcpdump
如果出现:
failed to copy 'd:\tcpdump' to '/data/local/tcpdump': Permission denied
那么选择其他能够push的文件夹,如sdcard
adb push d:\tcpdump /mnt/sdcard/tcpdump
3. adb shell
4. $ su
真机会显示shell已获得root权限,并且"$"变为"#"
5. shell@android:/ # cd /mnt/sdcard
cd /mnt/sdcard
6. shell@android:/mnt/sdcard # ./tcpdump
如果出现:
sh: ./tcpdump: cannot execute - Permission denied
那么要修改读写权限,注意在shell模式下是无法用chmod的,应该参照 http://blog.csdn.net/lassur/article/details/6563428
采用:mount命令
7. 1|shell@android:/mnt # mount -t yaffs2 -o remount,rw,noatime,nodiratime /mnt/sdcard
w,noatime,nodiratime /mnt/sdcard <
8. shell@android:/mnt/sdcard # ./tcpdump -p -vv -s 0 -w /sdcard/capture.pcap
./tcpdump -p -vv -s 0 -w /sdcard/capture.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 481
9. 打开新的终端,导出: adb pull /mnt/sdcard/capture.pcap d:\
10. 用wirshark分析
NOTE: 上面的push和pull过程也可以通过eclipse的DDMS来操作完成。
