PCAPdroid is an open source network monitoring and capture tool. It can capture an Android device traffic without rooting the device. The traffic can be sent to a remote receiver.

Features:

• Log and examine the connections made by the user and system apps
• Extract SNI, DNS query, HTTP request, HTTP URL and remote IP address
• Apply a filter to only capture the traffic of the selected app
• Easily download a PCAP file of the traffic thanks to the integrated HTTP server
• Stream the PCAP to a remote receiver for further analysis (e.g. wireshark)
• Decrypt HTTPS/TLS traffic via a remote mitmproxy
• On rooted devices, it can capture the packets while other VPN apps are running

Important: the PCAP generated by PCAPdroid is not 100% accurate. Check out PCAP Reliability for more details.

PCAPdroid leverages the Android VpnService to receive all the traffic generated by the Android apps. No external VPN is actually created, the traffic is locally processed by the app.

_{Google Play and the Google Play logo are trademarks of Google LLC.}

Check out the quick start instructions or the full User Guide.

The PCAPdroid project is sponsored by AVEQ GmbH.

If you are a business and want to sponsor this project, you can reach me via email.

You can help the PCAPdroid project in many ways:

• Translate the app in your language
• Improve the app theme and layout
• Propose and discuss new features
• Open bug reports with detailed information
• Make a donation
• Star the project on github and on the Play Store
• Of course provide code pull requests!

You can reach the PCAPdroid community on the telegram group.

Some features of PCAPdroid can be integrated into a third-party app to provide packet capture capabilities.

• For rooted devices, the pcapd daemon can be directly integrated into your APK to capture network packets.
• For all the devices, PCAPdroid exposes an API to control the packet capture and send the captured packets via UDP to your app. This requires to install PCAPdroid along with your app.

• zdtun: TCP/UDP/ICMP connections proxy
• nDPI: deep packet inspection library, used to extract the connections metadata
• nanohttpd: tiny HTTP server
• CustomActivityOnCrash: handles app crashes gracefully and allows to copy the crash log

1. On Windows, install gitforwindows
2. Clone this repo
3. Inside the repo dir, run git submodule update --init. The submodules directory should get populated.
4. Open the project in Android Studio, install the appropriate SDK and the NDK
5. Build the app

Note: If you get "No valid CMake executable was found", be sure to install the CMake version used by PCAPdroid (currently 3.18.1) from the SDK manager