Ask Your Question
0

Can Wireshark help you to trace what webpages an android device surf?

asked 2020-10-02 15:55:13 +0000

Leon gravatar image

updated 2020-10-02 19:25:20 +0000

Jaap gravatar image

I would like to find out what webpages an android app surf to. Yes, the webpage, that is the url link, not the website visited only. Is that possible?

edit retag flag offensive close merge delete

Comments

If the pages are https, then you can't do that without breaking the encryption which is difficult. This is why most websites are now using https.

grahamb gravatar imagegrahamb ( 2020-10-02 16:01:01 +0000 )edit

Is that possible if it is starting with only http: ? How detailed the url you can get? Where to get a demo?

Leon gravatar imageLeon ( 2020-10-02 16:06:00 +0000 )edit

I am interested to test that with a simple app I write, if you can show me the way.

Leon gravatar imageLeon ( 2020-10-02 16:07:12 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2020-10-02 16:17:09 +0000

grahamb gravatar image

If you have plain http traffic, then the URL will be in the http.request.full_uri field.

You can see this in action if you download the sample http capture from the wiki and open it in Wireshark and select packet 4 in the packet list, in the protocol details pane, expand the Hypertext Transfer Protocol item and look at the [Full request URI:...]" field.

The field can be added as a column, by right-clicking it and selecting "Apply as Column".

edit flag offensive delete link more

Comments

On the wireShark welcome screen there is a list to select, which capture filter I should be used? There isn't a eth0 despite I am using a wired ethernet on the window 10 computer

Leon gravatar imageLeon ( 2020-10-03 16:51:57 +0000 )edit

The list you see is the interface list, the capture filter is an edit box to enter a capture filter to restrict the traffic that is actually captured. On a Windows system you won't (normally) have an interface called eth0 as that's usually found on non-windows OSs. The interface is likely to be called something like Ethernet.

You can ignore all interfaces similar to "Local Area Connection* xx", what else is in your list?

grahamb gravatar imagegrahamb ( 2020-10-04 13:35:07 +0000 )edit

Please see the uploaded screen. Https://postimg.cc/JDSLhCwd

I get the four non- Android captures. The others are found after I started a memu play (android emulator). It is also possible I can start a sharepoint to a real android device.

Leon gravatar imageLeon ( 2020-10-04 14:05:35 +0000 )edit

There seems to be something up with your installation, no physical interfaces are listed. Can you copy and paste the contents of the Help -> About Wireshark -> Wireshark tab?

grahamb gravatar imagegrahamb ( 2020-10-04 14:09:27 +0000 )edit

I run a portable version of it.

3.2.7 (v3.2.7-0-gfb6522d84a3a)

Compiled (32-bit) with Qt 5.12.9, with WinPcap SDK (WpdPack) 4.1.2, with Glib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1909), build 18363, with        Intel® Core™
i5-3230M CPU @ 2.60GHz (with SSE4.2), with 8049 MB of physical memory, with
locale English_Hong Kong SAR.950, with light display mode, without HiDPI ...
(more)
Leon gravatar imageLeon ( 2020-10-04 14:30:34 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-10-02 15:55:13 +0000

Seen: 110 times

Last updated: Oct 02