Capture APP packets based on transparent proxy on Android

Mobile 2023-06-12 09:42:29 views: null

brief description

Use iptables to transfer all the tcp traffic of the mobile phone to the specified transparent proxy;
then use redsocks to forward the traffic to the forward proxy, such as Charles's socks5 proxy

Based on iptables + redsocks2 + Charles, the Android APP is finally realized to capture packets, and the APP has no perception
, that is, the APP cannot judge whether there is packet capture behavior by checking the system proxy or VPN

Prepare

One rooted Android phone, one computer
redsocks2 download address: https://fh0.github.io/assets/android-redsocks2.tgz

step

Create a configuration file named redsocks.conf with the following content:

base {
    log_debug = off;
    log_info = on;
    log = stderr;
    daemon = off;
    redirector = iptables;
}

redsocks {
    bind = "127.0.0.1:8080";
    relay = "192.168.0.132:7777";
    type = socks5;
    autoproxy = 0;
    timeout = 10;
}

Among them, bind is the transparent proxy address, and relay is the proxy address of Charles.

Open the terminal adb shell to connect to the phone

  1. save existing iptables rules
iptables-save > /data/local/tmp/iptables.rules
  1. If you want to restore the rules, you need to restart the phone or enter
iptables-restore /data/local/tmp/iptables.rules
  1. Upload files and enable transparent proxy
adb push redsocks2_arm64 /data/local/tmp/redsocks
adb shell chmod +x /data/local/tmp/redsocks
adb shell
su
cd /data/local/tmp
iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1:8080
./redsocks
  1. Charles sets Socks5 proxy port 7777

Designated port, App

After the above steps are completed, the goal of capturing the app without perception is achieved.
If you don’t want the global traffic to go through the proxy

  1. Designated port
    In fact, it has been written above, currently it is the designated port 80, 443, you can also specify 0-65535, just change it to --dports 0:65535
  2. Specifies that the App
    must first find the uid of the App

First open your APP, then use the ps -ef command to find the line with your application package name, the first column is uid,
usually you see something like u0_a428, then the following commands, uid-related can be written as u0_a428, or Write it as 10428
and then replace the command with

iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10428 --dports 80,443 -j DNAT --to-destination 127.0.0.1:8080

Reference
https://blog.seeflower.dev/archives/207/
https://mp.weixin.qq.com/s/P0ESUUXBmq2aQnrqDHsDaw
https://blog.mythsman.com/post/62791fb4b5467000017d5c6e/

Guess you like

Origin blog.csdn.net/A_I_H_L/article/details/130795338
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com