PCAPdroid is an open source app which lets you monitor and export the network traffic of your device.
The app simulates a VPN to achieve non-root capture but, contrary to a VPN, the traffic is processed locally into the device.

Features:

• Log and examine the connections made by user and system apps
• Extract the SNI, DNS query, HTTP request, HTTP URL and the remote IP address
• Create rules to filter out the good traffic and easily spot anomalies
• Dump the traffic into a PCAP file, download it from a browser, or stream it to a remote receiver for real time analysis (e.g. wireshark)
• Use the app in combination with mitmproxy to decrypt HTTPS/TLS traffic (technical knowledge required)
• On rooted devices, capture the traffic while other VPN apps are running

Paid Features:

• Detect malicious connections by using third-party blacklists

If you plan to use PCAPdroid to perform packet analysis, please check out the specific section of the manual.

_{Google Play and the Google Play logo are trademarks of Google LLC.}

Check out the quick start instructions or the full User Guide.

The PCAPdroid project is sponsored by AVEQ GmbH.

If you are a business and want to sponsor this project, you can reach me via email.

You can help the PCAPdroid project in many ways:

• Make a donation
• Translate the app on Weblate or provide translation pull requests

• Improve the app theme and layout
• Star the project on github and on the Play Store
• Of course provide code pull requests!

You can join the PCAPdroid community on telegram. The development of new features happens in the dev branch. Ensure to target this branch when making pull requests for new features. Here is the normal release cycle:

1. Changes are developed and pushed to the dev branch.
2. Once changes are stable enough, they are merged to the master branch. This is a good time to update translations.
3. After about 2 days (or more in case of a major update), the new version is released.

Some features of PCAPdroid can be integrated into a third-party app to provide packet capture capabilities.

• For rooted devices, the pcapd daemon can be directly integrated into your APK to capture network packets.
• For all the devices, PCAPdroid exposes an API to control the packet capture and send the captured packets via UDP to your app. This requires to install PCAPdroid along with your app.

• zdtun: TCP/UDP/ICMP connections proxy
• nDPI: deep packet inspection library, used to extract the connections metadata
• nanohttpd: tiny HTTP server

For the complete list of third party libraries and the corresponding licenses check out the "About" page in the app.

1. On Windows, install gitforwindows
2. Clone this repo
3. Inside the repo dir, run git submodule update --init. The submodules directory should get populated.
4. Open the project in Android Studio, install the appropriate SDK and the NDK
5. Build the app

Note: If you get "No valid CMake executable was found", be sure to install the CMake version used by PCAPdroid (currently 3.18.1) from the SDK manager