tcpdump 来源
https://www.androidtcpdump.com/android-tcpdump/downloads
但是注意较新的版本和某些分析工具不兼容, 比如《科来网络分析系统》就只能使用 4.9.3 / 1.9.1 及以下的版本, 否则信息分析不出来.
Version: 4.9.3 / 1.9.1
Release Date: September 30, 2019 (for tcpdump) and September 30, 2019 (for Libpcap)
File Size: 2025444
Download Link: tcpdump 4.9.3 / 1.9.1
下载链接: https://www.androidtcpdump.com/download/4.9.3.1.9.1/tcpdump
备用链接: https://6xyun.cn/files/2023/08/cmEpnvvZ/android_4.9.3_1.9.1.tcpdump
快捷脚本
- 前台抓包
@echo off
adb wait-for-device push tcpdump /data/local/tmp/tcpdump
adb shell chmod 777 /data/local/tmp/tcpdump
adb shell /data/local/tmp/tcpdump -i any -s 0 -w /data/local/tmp/tcp.pcap
if %errorlevel% NEQ 0 (
adb shell su -c /data/local/tmp/tcpdump -i any -s 0 -w /data/local/tmp/tcp.pcap
)
pause
- 后台抓包
@echo off
adb wait-for-device push tcpdump /data/local/tmp/tcpdump
adb shell chmod 777 /data/local/tmp/tcpdump
adb shell "nohup /data/local/tmp/tcpdump -i any -s 0 -w /data/local/tmp/tcp.pcap &"
if %errorlevel% NEQ 0 (
adb shell "nohup su -c /data/local/tmp/tcpdump -i any -s 0 -w /data/local/tmp/tcp.pcap &"
)
pause
- 清理进程
@echo off
adb shell "kill -9 `ps -ef | grep tcpdump | awk '{print $2}'`"
pause
- 获取抓包结果
@echo off
adb wait-for-device pull /data/local/tmp/tcp.pcap .
adb shell ls /data/local/tmp/PreMasterSecret.log 1>nul 2>nul
if %errorlevel% EQU 0 (
adb pull /data/local/tmp/PreMasterSecret.log .
)
pause