What is Reddit's opinion of
Packet Capture?
From 3.5 billion Reddit comments
Popularity Score: 86
This app was mentioned in 100 comments, with an average of 2.20 upvotes
Best Comments
I recommend using this app to intercept packets from apps, but...
...if your phone has Android 6.0+ and the app uses HTTPS, the certificate will fail due to some changes in Android's security, so, if you want to intercept HTTPS, you need to edit some XML files in the app so the app will accept the certificate: https://serializethoughts.com/2016/09/10/905/ (And sometimes the app blocks VPNs so it is kinda a hit or miss, it is VERY good if it works with the app you want to use it but, if it doesn't, you need to go thru the painful way of decompiling the app)
Follow this comment: https://www.reddit.com/r/pebble/comments/6720xw/none_of_my_apps_seem_to_have_icons_anymore_i_cant/dgn4kuj/
TL;DR: Force close Pebble app, Install Packet Caputre from play store, run the app, start capture and open the Pebble app again.
FYI if you want to poke around some Android apps' APIs without setting up mitmproxy on another server, you can use Packet Capture to do the same thing on the device itself.
I use https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture for Android packet capture. It supports SSL capture (but you obviously have to accept their root CA which is a safety concern).
The thing I like about this app is that it doesn't use a low level system service to do packet capture but it connects you to a "VPN" on your device (no external server). That means you can always see when the App is active. You still have to trust them that they don't screw you over but I feel a lot safer giving apps like this no root access.
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
It's a non root packet capture app. Though you will need to patiently go through whatever it logs because there would be lot of connections to Google's server play services .... Yes could you tell me about the app you are using for the magazines ? Seems interesting.
Just like bitcoin! So if you can do all the work to understand bitcoin enough to spend your money on it, you can probably follow basic directions for using software.
Edit: Since this is an app, you don't even need to google how to use wireshark. If you can google "packet sniff android" there is an app that does it for you.
For my wifi tests I used the burp suite installed on my PC. You just have to export the CA certificates as pk12, import it on your phone and configure it as a proxy and you'll be able to intercept SSL traffic.
For non wifi tests I'm using this app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
This also allows you to intercept SSL traffic if you allow it to install a new CA certificate.
This should help you capture packets on your phone: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
You could run a packet capture but it would be a chore to find relevant information. If you want to, I recommend Packet Capture.
OR, you could tell us the name of the app and there are other things like reputation of the developer and their privacy policy and history that we could speculate this on.
But in all likelihood, they asked this to know if you have any filters for such emails or there is a bug which automatically and recursively marks such emails as unread.
> them having access to my emails (which should NOT occur for an email app).
Well I am not sure what email app you are using but you probably did authorise it to access your email, so they can.
I didn't find that program but I'm trying this app:
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
I installed it 10 mins ago and my phone is sending a lot of data...
FYI if you want to see exactly what kind of data your apps are sending home, you want a "packet sniffer" app:
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
But you have to sift through a lot of incomprehensible data to see any user-readable information though.
Okay, so going purely off of the video and the article, here's what I think is going on.
- Create open hotspot with a redirect to your ad of a free burger. Include link to Play Store. A red flag for sure, but I could absolutely see people falling for it.
- User installs app from the Play Store. I wasn't able to find "Burger Deal" from Promon AS in the Play Store, so I'm guessing it's not public right now.
- The app might prompt to install a certificate and start a VPN similar to how Packet Capture works. This would be a huge red flag to anyone. Hopefully.
- User doesn't get a burger (or does, maybe the thief won't leave them hungry?), and keeps the app running in the background. Frustrated, user logs into the Tesla app to summon their car (for the first time? I don't know how the Tesla app handles sessions).
- Thief has login credentials, and drives away, only to be tracked by Musk and his team of space drone hunters.
This can be prevented by employing common technology safety precautions on the user side, and certificate pinning on Tesla's app side.
On non-rooted Android this packet capture app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture (saves plaintext file)
iOS: no idea.
Guesswork: so far (except for Le Mans) only the circuit name has changed in the links (take a look at Nurburgring links: http://paste.ubuntu.com/21058651/)
Short answer: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
Long answer: My Nexus 5X has terrible standby time due to Android OS keeping the phone awake. I used both battery stats, root apps and the battery historian tool to analyze what was causing the drain but came up with jack shit. I used the above packet capture app to see what was pinging my phone so often and it came out to be Google services. Once again this is just a theory, there may as well be something else that's draining the battery.
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
This packet sniffer app will bare minimum show you which IP addresses the app is contacting. No root needed. Looks like you can use it further to actually see what data is being transmitted, if you wanted to look.
You can whitelist the servers used, or whitelist the county. Or find alternative apps if you don't want you data going to that country.
That certificate is for the Packet Capture app. It doesn't send the information it captures anywhere to my knowledge, it simply displays the data packets sent and received by the phone.
AdGuard has a log, and you can block directly from it.
For capturing everything, what about Packet Capture.
If you're interested in this for AdHell 3, you should suggest it as a feature on the Gitlab.
EDIT: What lists are you using in AdHell 3 currently?
Most popular hosts lists out there aren't aimed at mobile experiences, so adding more won't necessarily help. The only one that I can think of that might be better than the AdHell 3 default list is the default one used by Blokada, but it's way too large for Knox (247K). Also, some ads can't be blocked by the method AdHell/Knox is using, like promoted posts in Reddit.
It's best if you just find out what domains the ads are coming from. I'd recommend trying the following.
Download and install AdGuard (free 7 day trial).
Open AdGuard, go to Settings -> Ad Blocker -> and check all the lists except "filter unblocking..."
Go to back to its home screen and turn it on.
Open app(s), and browse for a while and see if the ad(s) is blocked. Keep AdHell 3 on.
Open AdGuard and go to Filter Log to see what AdGuard blocked that AdHell 3 didn't. Items there were filtered are highlighted in red.
Add the domain to your blacklist in AdHell 3.
If AdGuard didn't block it, it's doubtful that you can block it with AdHell 3.
Alternatively, you can use an app like Packet Capture too. This one you just install, go through the set-up, and turn it on. Then browse your app, and come back to it and see what domains it captured. Try blocking ones that seem like they're ad servers.
If you can convince the app to download the video anew (for example by first instructing Android to delete the app's data), and run a packet capturer at the same time, you should be able to work out the source URL. You can then try and download it with a browser or any other download tool. You might need send along a captured cookie and spoof your user agent string. But the information from the packet capturer should provide you with all you need to spoof the app.
That's it.
Agoop data collection is built in to Samsung phones sold by Sprint that i know of (not sure about the s9). In the default weather app.
If you perform data collection, you can see it collecting data and sending it off. You can use an app like this one to capture the data.
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Unfortunately, it doesn't.
There's the long way, but it's without SWEX and it's only mean to upload your profile to swarfarm
For Android: Install this app Packet Capture or any other VPN to sniff, it will setup a vpn on your device to capture, "sniff", network packets and save them into a file, *something*.pcap
Instead the option "Import SW JSON", you click "Import PCAP capture" and upload it.
It MIGHT work, sometimes it doesn't
To emphasize, this is doable on Android with no external devices and no root access if you use the Packet Capture app:
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
I can't see any mention of nefariousness about the app; can anyone vouch for this more positively?
No ill effects so far, AFAICT.
I would capture some packet flow from the app (given that the data is unencrypted). Use wireshark to analyse what's going on and you'll hopefully get much more than just the IP of the server. If the traffic is encrypted, I'd recommend trying this app. Basic on what you find I would peak around to try and get some details on the server. Maybe you'll find an attack vector or some version information about software it is running. Then look around at CVE Details to see if there are any exploits for versions of software it is running.
It is really easy to watch the replays on your PC if you know the URLs to the replays.
You can find them out via this app (Android) or just search this sub or google. I saw some links to a pastebin that contained the replay URLs of Silverstone.
The URLs for the Spa replays barely changed (silverstone in the URL was replaced by spa) but you have one more URL for Spa (race07) which contains the victory ceremony.
You can watch those replays with a program like MediaPlayerClassic or VLC or you can just download them (e.g. with jDownloader).
I downloaded all of them and merged the single race replays into one file (you can use mkvtoolnix for this). So I can watch them, even when the replays are not available online anymore.
I used to use packet capture to work out which apps were making requests. You're effectively making a MITM attack on your device, so I wouldn't be surprised if CalyxOS prevents it. Sorry I'm not able to test this right now.
I used this app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Security restrictions in either Android or the Navy Federal app might have changed since then, but if you have an iOS device I highly recommend using Charles mobile. It's a couple bucks but works really reliably and supports decrypting TLS connections.
I am not sure but it must be, if you want to make it sure use tools like sslcapture or httpcanary and see what is going on there.
I used an app on Android that's actually just called Packet Capture. It works great for me, but my phone is ancient and runs Android 6. It seems from the reviews that it might not work so great on newer versions.
Side note: I just went looking at reviews for other packet sniffers and I found this amazing review. Jesus. Be careful out there.
It's likely a Task action you have, Net > HTTP Request etc.
Tasker would only ping Google servers to verify it's authentication at most. Other calls would be to Google services (Drive, WaveNet etc).
Just sniffed Tasker using Packet Capture for a while and the only web requests it's made are to servers I have it talk to.
Non ho dimestichezza nel campo ma forse potresti anche usare applicazioni tipo (questa)[https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture] se non hai voglia di configurare wireguard per sniffare tutto il traffico di rete. In particolare poi io non ho mai usato quell'app. Altrimenti ci sono anche delle applicazioni che installi su computer e fanno da server proxy, poi configuri android per usare quel proxy e da pc vedi tutto il traffico del telefono. Ne usai una tempo fa ma proprio non ricordo il nome.
You've installed a user certificate from somewhere. A couple of apps do this, e.g. Packet Capture which can assist in sniffing SSL traffic.
Phone settings > Security > Trusted Credentials > User
Is where you can find them.
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture is the right tool for what you are trying to do. It starts a local VPN for proxying all apps and view their traffic, optionally with decrypting SSL/TLS connections.
Since most Android applications use HTTP*S*, plain HTTP capture will be useless. Android does not allow to configure proxy for HTTPS through network settings.
Use an Android 7 or lower and try this app; https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Reason why 7 or lower, is in 8+ it made it difficult to do this without root due to new restrictions around user certs. Android 7 and below don't suffer this and apps will accept them.
I used this to reverse engineer my TV remote and Tuya bulbs.
I also downloaded netguard to check, turns out it's a pro feature, sorry! You can use something like Packet Capture. Start a capture by pressing the play button in the top right and use your app for a bit while keeping the capture app running. If you go to your capture it should show you if the app has sent or received any data.
If requests are send via internet I would try Packet Capture. Then you would call http request action with same parameters as seen in captured data.
If it's via Bluetooth that might be more difficult. Last time I ended up decompiling the app I needed and figuring things out from inside :/. Maybe someone knows better solution than that.
I used "Packet Capture" once. Don't know if there is a better app. It doesn't show you the company and location explicitly (like you described), but it does show you the url or ip address the data is sent to. https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
You can see what software is connecting to what.
Some routers allow you to see what devices are connected to what sites as well.
Peutêtre tu peux observer les appels API des sites avec Fiddler ou ceux qui ont une app Android https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en_US Bon courage en tout cas :)
I know Packet Capture and NetGuard
If you keep it by WiFi then you can also use the computer to log
SABS, notSABS, AdHell 3 and certain versions of AdHell 2 will have the same basic functionality for adblocking. It mainly depends on the host lists you have. You could try just using the default host list that AdHell 3 uses:
If you want to find the ads, download Packet Capture and run it while you use these apps. Check which domains are accessed and add the ones that look like ad domains to your blacklist.
One domain that's probably not in your list is graph.facebook.com. It serves ads and some Facebook content, so some people leave it off their lists. Another one that might be missing is *.google-analytics.com.
Perhaps use wireshark and route your phone's wifi through your PC with a proxy setting? Kind of a man in the middle attack on yourself. I've done this in the past when I suspected something on my device. This app or others like it also look like they would work and be more convenient, though I haven't tried it myself.
Thank you! If they're all connected to the same network, perfect! The easiest way is to download the Packet Capture app if you have an Android phone: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Start capturing in the app and then switch to the Google Home app. Try doing as many things as you can like viewing the devices in the group, adding new devices to a group, removing devices, changing the group name and anything related to those groups, really. You might not want to try some things like removing devices (since you'll need to add them back later), leave that out if you want. After everything's done, switch back to Packet Capture and stop recording. The capture can be exported as a file.
Thanks again for all of this :)
There is proof.
There are programs that you can use to monitor data your phone sends to various servers. Security researchers constantly look at the kinds of data various apps send to servers. We don't have to speculate about what data leaves your phone, we can actively look at it. Your phones aren't magic after all. If Google or Facebook want to get data from your phone to their servers, it'll have to go over the internet and through your wifi router. We can look at all of this data to find all of the audio data, and see whether it matches up with the amount of audio data that you think should be going over the internet.
The most famous of these programs is called wireshark (https://www.wikipedia.oeg/wiki/en/Wireshark).
There are plenty of security researchers that constantly study the kinds of data a variety of programs send out, and where that data goes. If Google or Facebook ever tried to actually record your audio without your permission, people would instantly be able to see that audio data going to their servers, and it would instantly be huge news.
But if you really don't want to trust anyone else other than your own eyes and conclusions, you can feel free to download some of these programs and study all the traffic your own phone sends out.
For example, on android, this is the app I use and reccomend: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
It'll require a bit of knowledge to understand how to make sense of the data in these logs, but there are plenty of great youtube videos
You can actually disprove it. There are apps that let you see exactly what data your phone is sending to what servers. Here's one such app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
Security researchers and constantly studying what gets sent to company servers. If these apps sent non-consensual audio recordings, we would be able to see it and know for sure. But we can see that they dont.
I don't get why people act like this is something that can't be known for sure and we just have to speculate. Like, we can check and find out.
See a longer debunking of this theory I wrote here: https://www.reddit.com/r/AskReddit/comments/73leh7/what_are_we_not_in_the_golden_age_of/dnrhjc2/?context=3
I don't have the JSON file URL at the moment since it seems to have stopped appearing in Go's traffic list (that image came from a PoGo Dev discord).
You may be able to use something like Packet Capture to get it when it re-appears though.
Try capture some packets from your phone's network and see which app is doing the upload and what data it uploaded. My suggestion: Packet Capture
Packet Capture https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
Note that Android lives in a separate container on Chromebooks. So it will only capture Android packets, not Chrome OS packets.
For Chrome OS, there is this : https://chrome.google.com/webstore/detail/network-sniffer/coblekblkacfilmgdghecpekhadldjfj?hl=en
You will be surprised to learn (on Android) the app never stops running.. ever. Prior to the US government issue, it was also sending location information (lat, long) to their servers every couple of minutes. It is much more active now also pinging their Amazon AWS server. I am seeing it up to 5 times a second on a packet sniffer hitting amazonaws.com.
If you are on Android and want to see for yourself just how bad it is download this app and include the certificate installation it asks for. This is also good for identifying other trouble apps.
Oh man, nice!
I don't suppose there's any way it could work with a non-root proxy like tPacketCapture?
Or this Packet Capture? https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
Thanks so much for your efforts! With the recent lag on FFRKreeper I've been pondering what it'd take to make a dedicated proxy app, but I have no android dev experience.... But this is exactly how I imagined it! But instead of a useless idea it's an implemented thing!
I thought thats how they always looked lol. The packet capture worked.
For those with Androids here's the app. https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en&rdid=app.greyshirts.sslcapture
Wireshark would be tough to pick up on SSL traffic. Which a good chunk of traffic being sent from her phone will probably be over SSL/TLS.
Something like this would be better to capture the traffic most likely. I haven't used it before myself, but it does offer SSL decryption (seemingly through a local proxy with a self-signed cert or something).
Try that or another packet capturing program of your preference and start to sift through the traffic to find something questionable. It will be tedious, require some knowledge of how a packet capture program works, plus how to read the data in the packets.
Seeing if I can get this to work, but I'm missing something. I downloaded Packet Capture on android and I'm seeing some similar script, but all it ever pulls up is the Host being lcd-prod.appspot.com and I'm getting "Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxx" Am I in the right direction (the right information is in there somewhere?) or am I a lost cause.
Interesting. I was getting a blank screen on a Sprint Galaxy S6. I installed a packet sniffer, Packet Capture, and your site displayed fine for me afterwards. It added a certificate to monitor my packets which likely changed something. I removed the certificate and uninstalled the app and it's back to a blank screen.
I am not the best at reading packet captures, but I did figure out I could run a packet capture on my phone without it needing to be rooted..... The app I used was super easy to understand. https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
You can use this app in their phones to check which app is making these requests: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Packet capture, there's the android version, not sure if there's any for iOS
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
First off, good on you for taking the time to dig deeper into an app before blindly trusting!
To break down what you are seeing, would I be correct in guessing you are using an Android phone and the app Packet Capture to grab a pcap for Wireshark? If so, what you are seeing is completely correct and legitimate. Packet Capture is breaking and inspecting the TLS connection and saving the content in the clear when you export the pcap. Wireshark is then correctly identifying that it can read the data unencrypted, which is expected and not an issue when coming from that app. The thumbnails you referenced were being PUT to an Amazon S3 bucket which uses TLS by default. Poking around pretty quickly I did not see anything too out of the ordinary.
For their response, their FAQ is misleading. The "P2P with end-to-end encryption" appears to only apply to the live feed. The storage of clips uploaded from motion detection is "stored on our backend server is protected by generating randomized URLs with very short lifecycle, which greatly minimizes the possibility of getting hacked." No mention of encryption of data at rest, just in transit using TLS.
Finally, I personally would not use them for recording anything I was worried about strangers seeing. Below is an excerpt from their Terms of Service/Privacy Policy:
"In addition: for content that is covered by intellectual property rights such as videos, you specifically give us the following permission, subject to the limitations set forth in our Privacy Policy: you grant us a non-exclusive, perpetual, irrevocable, transferable, sub-licensable, royalty-free, worldwide license to use any Content that you post on or in connection with Alfred.
Furthermore, although we always appreciate your feedback or other suggestions about Alfred, you understand and acknowledge that we may use them without any obligation to compensate you for them, just as you have no obligation to offer them to us."
Remember if you are not paying them, you are the product.
Install Packet Capture like /u/WindowOnInfinity suggested in this thread. If that alone doesn't work, follow /u/BlackHawk1912's instructions from this thread:
> Try to completly shut down the pebble app, clear the cache, start Packet Capture and THEN restart the pebble app.
This brought back the Weather app for me.
Hello! Before I answer your questions, let me try to explain how ad blocking in AdHell 3 works. It's not well documented yet, since the developers' focus is on new features and bug fixing. Sorry if I go into too much detail for you, but I want to add this to a guide later on.
Ad blocking
All the functions AdHell 3 is capable of are done through Knox SDK APIs.
In the case of "ad blocking", this is achieved by blocking the domain of the ad servers, similar to modifying your hosts files. AH3 passes a list of domains to Knox, and Knox denies access to these domains (deny list). This deny list is defined by the "provider lists" given to AH3. One provider list comes with AH3 and works for most people without additional intervention. You can add additional lists on the Domains -> Providers tab; they can be local files on your phone or direct links to the lists. AH3 supports domains in a variety of formats, such as:
domain1.com sub.domain1.com ||domain2.com^ (format found in "filter lists") 0.0.0.0 domain3.com (format found in "hosts files")
Knox only supports domains specific formats, and AH3 attempts to covert domains from lists into acceptable formats. Knox supports formats like:
www.google.com android.com www.samsung google * denotes a wildcard where it can be any character and any number of them.
The above is important because if you try to add lists that AH3 doesn't handle correctly and converts weirdly, then it can cause false positives when it's sent to Knox. It's best to stick with lists that are most similar to the format Knox uses, and those would be "hosts files" or "hosts lists". You can find many hosts files online, but many of them are too large for Knox to handle. Based on some testing, we've found Knox can only handle lists ~100K entries large. Most hosts files are also created by desktop users and aimed at desktop users, so they often won't help blocking ads within apps besides internet browsers. You can find some mobile ad domain lists out there, but the default provider list already includes one of them.
An arguably better approach is to add individual domains to your blacklist (Domains -> Blacklist -> button -> Add Domain). Finding the domains the ads are coming from is tricky. You'll have to use an app like Packet Capture that can show you what domains the app in question is contacting. Another method would be to install another ad blocking app like AdGuard, see what domains it blocks that AH3 isn't, and add those.
It's also important to know that Knox keeps using the same deny list until AH3 sends it a new one. Currently, AH3 only sends a deny list when you toggle that button for domain rules on the home page. Any time you make a change to your provider lists, blacklist or whitelist, you need to toggle the rules off and on again for changes to take effect. The amount of time it takes to send the list also will increase if you have a larger list, or any whitelist entries.
Questions
> So now what? It just blocks all ads?
In its default configuration, it will block many ads, but because of how it works, won't catch all of them. If you use Chrome, you should add the following firewall rule to your blacklist com.android.chrome|*|53. That'll allow it to block ads in Chrome. Also, you should consider adding graph.facebook.com as a domain to your blacklist. Many ads are served from this domain, but adding it can break Facebook login/authentication in apps. That's why it isn't in the default lists.
>What are ads that it doesn't block? (I've already got YouTube vanced).
Beside YouTube ads, ads that comes from the same domain as content can't be blocked with this method without blocking the content. One example of this are "promoted posts" in the official Reddit app. I think Instagram has similar ads.
> What's the difference between the 3.0.0 and 3.1.1?
3.0.0 is the older version of AH3 that used the older "Knox Standard SDK", and will no longer be updated by the dev. Samsung is phasing SDK out, and removed the legacy keys that were used for it. It can still work with Samsung Knox EDU Enteprise keys, or if you still have a legacy Enteprise key.
3.1.1 is the newest version of AH3 that uses the current "Knox SDK", which requires the readily available Samsung Knox License (SKL) key. It has already has a few of updates that 3.0.0 doesn't, but I don't think any major new features. It does have one major difference from 3.0.0 already due to the different SDK. The new SDK no longer lets you disable any app permission you want; we can only disable 'dangerous' level permissions. This restricts our ability to control apps a little, which is why I've kept the 3.0.0 in the MediaFire folder.
it's pretty easy. If you just sniff the app network data, the account login information is visible. https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
(Edit: another way is to set up mitmproxy on a computer.)
This probably isn’t the most efficient method, but here’s what I do on my Android phone:
First you need to do some set-up (just once). On the phone, I installed Packet Capture. Any other similar app should work, but this was the first I found and I’m quite happy with it. When you launch it for the first time (I think), it will ask if you want to install a local certification authority (CA) to capture encrypted (SSL/TLS/HTTPS) connections. ~~Recent versions of Digimon Linkz encrypt all of the game-related communications, so say “yes”. Android may warn you that this is dangerous and that this may “let a third party listen in on you”. To some extent this is true, but you’ll have to trust the developer of Packet Capture that this is only going to happen when you explicitly request Packet Capture to capture some encrypted communications, and that it doesn’t send your decrypted data anywhere but keeps it on your device.~~ Only the Japanese version of Linkz uses HTTPS; the global version of Links still uses unencrypted HTTP, so you don’t need the custom CA. Also, the custom CA probably doesn’t work on recent versions of Android. Anyway, Packet Capture lets you intercept all apps’ communications or just a single app’s; for your own safety and convenience, I recommend you to tell it to listen in only on Linkz.
(I’m afraid I don’t know if the same is possible on iOS barring jailbreak. Apparently it’s possible, if you have a Mac, to connect the iOS device to the Mac and do packet capture via the Mac, but you additionally need to undo Linkz’ encryption somehow.)
Now you can open Packet Capture, press the button to capture a single app’s packets (the green triangle with the digit one next to it), and select Digimon Linkz. If you then switch to Linkz, do something and switch back to Packet Capture, it’ll display a new connection (or several) that it has captured. There’s also a button to stop capturing. Each connection is like a little conversation between the game and the server and usually consists of a single request made by the game to the server and a response from the server, but it may also include multiple requests. (Game actions in Linkz are always a single request per connection though, from what I’ve seen.) Anyway, tap a connection and you’ll see all the things that the game and the server talked about. You’re most interested in the last piece, the response from the server. Packet Capture automatically displays it in a human-readable form (other apps may not do this). You may not immediately understand every bit of it as it may require some knowledge of game internals, but some parts can be pretty clear as you’ll see in a moment.
Imagine you still have your HiAndromon and specifically want to see which DNA it has. You’ll need the game to request information about your HiAndromon from the server to be able to capture it. Perhaps the easiest way for you may be to make your HiAndromon participate in a battle (any quest is fine, even the 2-stamina normal quests; multiplayer is probably fine too, but I’m not sure exactly what the packets will look like) and capture the packets at the end of the battle, when you tap on the “tap to end battle” screen after winning. (Single-player battles don’t require the app to be running, so if you want to capture as little as possible to make it easier to find the right piece of data, you can safely start the battle in Linkz and reach the “tap to end battle” screen, then switch to Packet Capture and start capturing, then switch back and tap on this screen, then go back to Packet Capture and stop the capture.) The game makes several connections at this point: the first is to notify the server that you won, which gets a very short response of type “090003”; the second is to fetch updated information about your Digimon (to display the gained XP and friendship)—this is the one you want! It gets a longer response of type “020101” like this:
... "020101": { "userMonsterList": [ { "userMonsterId": "...", "userId": "...", "monsterId": "...", ... lots of other properties ... "defaultSkillGroupSubId": "2", ... more properties ... }, { ... "defaultSkillGroupSubId": "2", ... }, { ... "defaultSkillGroupSubId": "1", ... } ] }, ...
This response doesn’t mention the Digimon’s names (only numbers, which you’ll find hard to interpret), but it does list their stats and probably lists the Digimon in left-to-right order as they’re entered in your party, so you can determine which one is the HiAndromon. Then look for “defaultSkillGroupSubId”, and voilà!
By capturing the communications between the game and the server like this, you can learn some other interesting things, like which moves AI opponents are programmed to use and what stats they have, or what are the maximum stats of each species of player Digimon. Most of the data that is of public interest (AI moves/stats for high levels) is regularly posted on the Web by other kind people, e. g. Growlmon.net, Digimon Linkz Brazil and this wiki (mostly useful for the AI moves). Of the stuff that can be useful for yourself but not for others and that therefore isn’t already posted, I can’t think of anything other than the DNA right now, but I may be forgetting something.
For a lot of people (including myself) downloading and activating Packet Capture seems to work
Right here
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
You have to understand how to read a PCAP but this will show you your phones network traffic.
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
it is called 'packet capture'...
Per vedere le richieste HTTP effettuate da un'app, puoi usare questa app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Yeah, this Packet Capture app. It has to do with the certificates. I tried to explain it a bit in another post but there's a full discussion in this old thread where the solution was first discovered.
I'd give it another try. It didn't work for me the first time but did the subsequent times.
I'm surprised no one know Packet Capture. No root need, capturing SSL too:
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en maybe? I dunno, I wouldn't know how to check what data Facebook is sending.
A year ago, When I have given internet access to relatives' kids, they play this same shit daily. I had an additional router so I checked all the IPs for freefire using this [app](https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture) and blocked it in the router and give access to them for certain hours only. [Here's](https://gist.github.com/coderthemonk/2d2a750ac4c3aa14dfc048f86cf23e2d) the list I saved at that time. I don't know if it works now. If it doesn't just check the current IP of free-fire and block it. I belive you can skip all this and block DNS only too.
I know this is not a good way to handle but they are so much into it, they won't listen. Even I didn't listen back then when I was a kid or playing PUBG the whole day and night a few hours ago.
The best I can say is to try to understand and spend time with him and keep him busy in other activities and outdoor games.
Check this video https://www.youtube.com/watch?v=WHInEzFgobg&feature=youtu.be at 4:55.
Go to the google play store of your NoxApp GearVR emulated environment on your PC/Mac and from there you should be able to find and install the Packet Capture android app.
It is this one ftr : https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
Don't know about termux but this app could help...
I use Grey Shrits Packet Capture https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en_US
I don't think it is open source though.
Thanks a lot again. I think it's due to some issue with the certificate, as I could see the websocket request being captured in 'Packet Capture' ( https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture ).
Maybe because I added the BURP cert as a root authority on my phone ( https://awakened1712.github.io/hacking/hacking-install-ca-android/ ).
​
I tried removing those certs but in vain ( couldn't find it in `/system/etc/security/cacerts` ).
Try Packet Capture
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Download this app:
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
I'll try to reverse-engineer the Android app, I've done stuff like this before. Would you be comfortable DMing me your account credentials? It would probably make it easier, if not though I can still try to help you.
Also, would you mind trying to do a packet capture using this app? https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture. If the app uses SSL pinning, you might need to install this Xposed module to bypass it, which would need a rooted device (and Xposed breaks SafetyNet). This might have some necessary info, such as encryption keys. I doubt they would use a different encryption key for downloading vs streaming.
EDIT: nevermind, see my new top-level post
Sometimes i use below
Network traffic sniffer app with SSL decryption
Packet Capture
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
- Graph API - Documentation - Facebook for Developers - https://developers.facebook.com/docs/graph-api/
Try this https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Can save to pcap so you should be able to analyze it with any tool you like afterwards.
Find out the domains the apps are coming from using an app like Packet Capture and add them to the blacklist.
Like /u/Citizen_V said, your ad blocking is probably working fine but there are domains simply not blocked.
Finding out which those are can be complicated and may not always work, my methods include:
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
And
https://m.apkpure.com/debug-proxy/com.dans.apps.webd
The latest app is removed from play store so I had to link a different site.
You open one of the apps, start capturing -
then open the game or app that has ads.
then you'll see which domains are being loaded. One of them could be where the ads are coming from.
If you see nothing, there's a possibility you might have to install a SSL certificate or allow it or something. even then it might simply just not show HTTPS domains :/
Method 2:
Add these providers: https://bit.ly/2HfsqkV
https://raw.githubusercontent.com/mmotti/mmotti-host-file/master/wildcard_standard_hosts.txt
http://getadhell.com/standard-package.txt
https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts;showintro=0
I'm using txt's with 40.000+ domains but I don't think you can use that many without editing the code.
If nothing works sorry man you can try patching the APK for no ads with lucky patcher APK or with APK Editor pro (you need to download no ads plugin/zip)
For anyone wondering author is using this app
It's an Android app: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en
I found it in a thread earlier, just set this appup and it fixes it. I'm assuming it only works on Android though
huh, i never had that
in case you install diferent aps, i'm using this one
Something called Packet Capture https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture&hl=en might work, I'm not sure if it is compatible with the FireOS innards though.
Try this sniffer: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
You could use a packet sniffer to examine what ad servers Terrarium TV is connecting to..
I use Packet Capture and so far I'm very happy with it. It also filters the results on a per app basis. https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Something like this app?
Depending on what you need it for you could also download Fiddler and set your phone to use Fiddler as a proxy