During development or debugging, it’s necessary to track application traffic to figure out what data was sent in the request and how the server responded. In this article, I’m going to tell you how I capture and filter unencrypted traffic of iOS and Android applications with the use of Internet Sharing and Wireshark. How to capture and decrypt SSL/TLS traffic – in the next articles.
Internet Sharing
We’re going to capture traffic from a real device. First we need to route all traffic from the phone to the computer. The easiest way is to enable Internet Sharing on the computer and connect the phone to it over Wi-Fi.
- Open System Preferences / Sharing
- Enable Internet Sharing
- Connect the phone to the computer’s Wi-Fi
All traffic of the phone goes through the computer now. Let’s capture it with Wireshark.
Wireshark
At first glance, Wireshark seems complicated. Don’t worry, there are only a few things to know there for our purpose.
On the first screen we need to choose an interface used for an internet connection. It’s “Ethernet: en0” in my case.
Let’s type http
into the field to see only HTTP traffic.
Here are some filters you might find useful as well:
http || websocket
– HTTP and Websocket traffichttp.host contains "ivanzotov.com"
– a specific hosthttp.request.method == POST
– only POST requests
I think you get the main idea and can play around with it to find the information you need.
And the last thing I’m going to show you is how to add a couple of new columns like host and response code:
- Right click on columns’ header and select “Column Preferences…”
- And add columns as shown on the screenshot:
I hope that’s helpful to you. Good luck!