Capturing packets on your mobile app

- [Instructor] While Wireshark doesn't run on an Android phone, another nifty tool called Packet Capture does. This is an incredibly useful tool for recovering network traffic to and from an application, and determining the strengths of network security in the application. Packet Capture is particularly easy to use. Like Wireshark, it will capture all network traffic on the mobile interface. So the first thing you need to do is open the Packet Capture app, and press the green run key. Fortunately, on mobile devices, there's much less traffic than typically exists on a Windows system.

You can then start the target app and run it for as long as you want to have traffic captured. Then press the red stop button on Packet Capture to stop the traffic capture. The session will be displayed as a single capture on the main packet capture screen with a record of the number of packets captured. The packets can be reviewed by double clicking the session entry. This will display the packet index in chronologic order, providing a summary of the packets. By double clicking on a packet, we get the packet exchange data. This is captured in ASCII representation.

By clicking on the menu item at the top left, we have the option to select hex representation. This then re-displays the packet in hexadecimal format. Some packets will include SSL traffic, which is encrypted. Packet capture includes an SSL stripping option to recover plain text out of the cipher. Here, we have a packet enforcing strict transport security, and its recovered plain text document. Here, we have a capture of the myHome app being used for a Mi power plug mini.

The device sends a post request sg.api.io.mi.com and receives an encrypted response in return. We can press the magnifying glass symbol at the top, and this decrypts the data. Now we can see the json string that is being recovered.