Identify the IP address of the server(s) the app is communicating with. Close all apps in the background to reduce the “noise”. Here are a few tips when analysing the traffic with Wireshark:. Simply login and use the functions of the app. Once Wireshark is running and is capturing the network packets from the mobile device, identify the network traffic of the app you want to test. In all approaches described above the network packets can be analysed in real-time by Wireshark, which is much more efficient than creating pcap files on the device and then analyse them later on your machine. What you also need is Wireshark to analyse the network traffic. Check the OWASP MSTG on how to configure it: To capture the traffic on Android you can use a combination of netcat, adb and tcpdump. Note: This only works for devices that use iOS 12 and below! For Linux and Windows there is a Python script available that allows you to capture the traffic. On macOS you can use a so called Remote Virtual Interface (RVI). To capture the traffic on iOS we need to differentiate if you are having a Mac or Linux/Windows:. 
Connect your mobile device via USB to your laptop.
This blog post want’s to demonstrate you how you can capture and analyse the whole network traffic from an iOS and also Android device:
If that’s the case you would need to analyse the network traffic first to decide what to do next. When trying to intercept network traffic from a mobile app you sometimes might not be able to see the requests in Burp Suite, even though you configured everything correctly and you can see HTTP requests from the mobile browser.
0 kommentar(er)
