Blog

How I capture traffic of a mobile app

During development or debugging, it’s necessary to track application traffic to figure out what data was sent in the request and how the server responded. In this article, I’m going to tell you how I capture and filter unencrypted traffic of iOS and Android applications with the use of Internet Sharing and Wireshark. How to capture and decrypt SSL/TLS traffic – in the next articles.

Internet Sharing

We’re going to capture traffic from a real device. First we need to route all traffic from the phone to the computer. The easiest way is to enable Internet Sharing on the computer and connect the phone to it over Wi-Fi.

  • Open System Preferences / Sharing

System Preferences / Sharing

  • Enable Internet Sharing

Enable Internet Sharing

  • Connect the phone to the computer’s Wi-Fi

All traffic of the phone goes through the computer now. Let’s capture it with Wireshark.

Wireshark

At first glance, Wireshark seems complicated. Don’t worry, there are only a few things to know there for our purpose.

On the first screen we need to choose an interface used for an internet connection. It’s “Ethernet: en0” in my case.

Wireshark Screenshot

Let’s type http into the field to see only HTTP traffic.

Filter HTTP traffic

Here are some filters you might find useful as well:

  • http || websocket – HTTP and Websocket traffic
  • http.host contains "ivanzotov.com" – a specific host
  • http.request.method == POST – only POST requests

I think you get the main idea and can play around with it to find the information you need.

And the last thing I’m going to show you is how to add a couple of new columns like host and response code:

  • Right click on columns’ header and select “Column Preferences…”

Menu of columns

  • And add columns as shown on the screenshot:

Column preferences

I hope that’s helpful to you. Good luck!