PCAPdroid Logo

PCAPdroid

0
Free
Visit Website

PCAPdroid is a privacy-friendly open source app that allows you to track, analyze, and block connections made by other apps on your device. It enables you to export a PCAP dump of the traffic, inspect HTTP, decrypt TLS traffic, and more. Features include logging and examining connections made by user and system apps, extracting SNI, DNS query, HTTP URL, and remote IP address, inspecting HTTP requests and replies, decrypting HTTPS/TLS traffic, exporting SSLKEYLOGFILE, dumping traffic to a PCAP file, creating rules to filter traffic, identifying country and ASN of remote servers, and on rooted devices, capturing traffic while other VPN apps are running. Paid features include firewall creation and malware detection.

FEATURES

ALTERNATIVES

A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices

An IP address intelligence API that provides geolocation data and threat detection capabilities for IPv4 and IPv6 addresses.

A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.

A simple text viewer for Prompt(1) sessions

Detects Kippo SSH honeypot instances externally

An extended traceroute tool for CSIRT operators with advanced features.

SSHGuard protects hosts from brute-force attacks by monitoring system logs, detecting attacks, and blocking attackers using a firewall.

A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.

PINNED