Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no network connection in specific app when using PCAPDroid #423

Open
techware01 opened this issue Mar 20, 2024 · 12 comments
Open

no network connection in specific app when using PCAPDroid #423

techware01 opened this issue Mar 20, 2024 · 12 comments
Labels
question User is asking a question

Comments

@techware01
Copy link

techware01 commented Mar 20, 2024
edited

Hi,
first of all thanks for this awesome app! It has been very useful for capturing specific app traffic and decrypting it using friTap.

I got the issue when testing the app notebooksbilliger, that it has no internet connection with PCAPDroid traffic recording activated (both with app filter and without). Other apps are working though.

PCAPDroid version: v1.7.0
Notebookbilliger version: 4.24.1

Device: Android Emulator - Android 9 - Samsung Galaxy S10

Any ideas what could be the issue here?
@emanuele-f
Copy link
Owner

What do you see in the PCAPdroid connections tab for the app? Any errors? Does that app use a vpn? Are you using the root or non-root capture? Please attach the pcapdroid App log from the left drawer

@techware01
Copy link
Author

techware01 commented Mar 20, 2024
edited

When I first started the app and went trough the welcome tutorial of the app I had connections displayed (firebase, usercentric, ...)
I now restarted the app going to it's main screen, where it shows "no internet connection" when connected to PCAPDroid VPN at the same time. Now the connections tab is empty and PCAPDroid shows that 0B got recorded.

Restarting the tested app I occasionally get some connections displayed in PCAPDroid.
PCAPdroid_20_Mar_13_58_04.csv

It's a non root capture with PCAPDroids VPN. As soon as this VPN is deactivated the app has access to the internet again.

PCAPDroid Log:

[I] 20/Mar/2024 13:31:13 - [PCAPdroid] Build type: GITHUB
[I] 20/Mar/2024 13:31:31 - [CaptureService] Private DNS: disabled
[I] 20/Mar/2024 13:31:32 - [CaptureService] Private DNS: disabled
[I] 20/Mar/2024 13:31:32 - [Geolocation] Geolocation is not available
[I] 20/Mar/2024 13:31:32 - [CaptureService] Using DNS server 10.0.2.3
[W] 20/Mar/2024 13:31:32 - [AppsResolver] Could not retrieve package com.sec.spp.push
[I] 20/Mar/2024 13:31:32 - Starting packet loop
[I] 20/Mar/2024 13:31:42 - stopPacketLoop called
[I] 20/Mar/2024 13:31:42 - Stopped packet loop
[I] 20/Mar/2024 13:31:42 - Host LRU cache size: 5
[I] 20/Mar/2024 13:31:42 - Discarded fragments: 0
[I] 20/Mar/2024 13:31:42 - [CaptureService] Connection update thread exit requested
[I] 20/Mar/2024 13:32:17 - [CaptureService] Private DNS: disabled
[I] 20/Mar/2024 13:32:17 - [Geolocation] Geolocation is not available
[I] 20/Mar/2024 13:32:17 - [CaptureService] Using DNS server 10.0.2.3
[I] 20/Mar/2024 13:32:17 - [CaptureService] Private DNS: disabled
[I] 20/Mar/2024 13:32:17 - Starting packet loop
[I] 20/Mar/2024 13:34:00 - stopPacketLoop called
[I] 20/Mar/2024 13:34:00 - Stopped packet loop
[I] 20/Mar/2024 13:34:00 - Host LRU cache size: 11
[I] 20/Mar/2024 13:34:00 - Discarded fragments: 0
[I] 20/Mar/2024 13:34:00 - [CaptureService] Connection update thread exit requested
[I] 20/Mar/2024 13:34:37 - [CaptureService] Private DNS: disabled
[I] 20/Mar/2024 13:34:37 - [Geolocation] Geolocation is not available
[I] 20/Mar/2024 13:34:37 - [CaptureService] Using DNS server 10.0.2.3
[I] 20/Mar/2024 13:34:37 - [CaptureService] Private DNS: disabled
[I] 20/Mar/2024 13:34:37 - Starting packet loop

@techware01
Copy link
Author

Installed netguard now to test another vpn and it works with netguard vpn activated. Switiching back to PCAPDroid it doesn't work anymore.

@emanuele-f
Copy link
Owner

That's weird, maybe a dns issue. Try to turn off Use system DNS under the the pcapdroid cog icon. If you still have the issue, please share the "Build info", which you can find in the pcapdroid About page, in the top bar

@emanuele-f
Copy link
Owner

@techware01 any news?

@techware01
Copy link
Author

Hey @emanuele-f,
sorry for ghosting you on that issue. I didn't receive any notification and focused on other things in the meantime.
Coming back to the issue I tested it again and deactivated "Use system DNS" in PCAPDroid's "DNS Servers" settings menu.
I also updated PCAPDroid to the latest release v1.7.2 and the issue still remains. As soon as I start the recording in PCAPDroid the app reports "No connection". When stopping the recording the app loads it's web content again.
Same time just today I saw this issue when recording via tweasel (cyanocrylate), which uses a wireguard + mitmproxy setup with the same tested app.
I was wondering if this could have something to do with flutter, which is apparently used to build the tested app.

Build info PCAPDroid:

Build type: github
Build version: 1.7.2
Build date: 2024-04-20 18:12:56
Current date: 2024-04-25 19:25:54
Device: unknown Android SDK built for x86_64 (rooted)
OS version: Android 9 (SDK 28)


DumpMode: NONE
FullPayload: false
TLSDecryption: false
TLSSetupOk: false
CAInstallSkipped: false
BlockQuic: NEVER
RootCapture: false
Socks5: false
BlockPrivateDns: true
CaptureInterface: @inet
MalwareDetection: false
Firewall: false
PCAPNG: false
BlockNewApps: false
TargetApps: []
IpMode: IPV4_ONLY  // (also tried BOTH)
Trailer: false
StartAtBoot: false
PrivateDnsMode: disabled
MitmBatteryOptimized: false

@emanuele-f emanuele-f added the question User is asking a question label May 3, 2024
@emanuele-f
Copy link
Owner

This could be related to caching happening on the flutter app. Please try the following:

  1. Close the app by swiping it from the recent apps
  2. Clear the app cache from the the Android settings
  3. Start the capture and then start the app again

Hope this helps

@techware01
Copy link
Author

Hey,
thanks for the suggestion. Tried these steps, but unfortunately it still shows no connection with activated VPN.
On the other hand PCAPDroid now tracks some connections to different domains including DNS requests, which is interesting.
They are marked as closed or active and have different payloads.

@emanuele-f
Copy link
Owner

Can you try with the root capture? The root capture will exclude any VPNService routing/limitation, so you will get exactly the packets as seen on the network interface. If you still don't see any packets, then it mean the app is not generating any traffic

@IlluminatiWave
Copy link

same error with root (specific application)

for some reason it seems to work if there is already a connection in between (e.g. a game)

In my case, when I try to open the game with pcap enabled and with tls decryption active, I get error, I have to disable pcap, start the game and already inside the game start the packet analysis (in my case without vpn).

@emanuele-f
Copy link
Owner

@IlluminatiWave tls decryption will break the app connections unless you use some tools to make it trust the mitm certificate (also certoficate pinning could be in place). Check out the pcapdroid manual for more details.

Are you the same person who created this task?

@IlluminatiWave
Copy link

No, I am not the author (but the problem seemed similar in principle and I didn't want to create a duplicate issue), but looking at the logs it says “sslv3 alert certificate unknown”, so this is a mitmproxy problem, not a Pcapdroid problem. Sorry for the confusion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question User is asking a question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@emanuele-f @techware01 @IlluminatiWave