play.google.com/store/apps/details?id=app.greyshi…
Something like that should ship all traffic through a local VPN adapter and output a standard pcap file.
Another option if you have a bit more fancy networking available is to set up a security onion instance, then mirror a port on the network and just capture everything at an on-wire level. That would also cover things beyond just web traffic to catch other things like ssh or whatever other remote connectivity could be in play. Seeing the content of the connection is different than just seeing the connections existence though. The endpoint generally has the best visibility before data gets pushed into a a connection but unless you start getting into kernel level debugging it can still be hard to see into the behavior of internal applications.
MigratingtoLemmy@lemmy.world 11 months ago
Hi, thanks for the resources. However, I don’t think I’ll be able to decrypt the traffic from my mobile using this, yes? Using a VPN for this is a great idea though, this also happens to be how NoRoot firewalls work on Android