How Capture/Log API Calls (Function Calls) Made by Android App

Sniffing an Android app to find API URL

you can do this with help of WireShark. I am listing steps here

1. Install WireShark on your computer
2. now we have to create Android virtual device(AVD) so we will download Android SDK from official site. Android SDK come with emulator for testing
3. after setting up Android SDK, create a Android virtual Device(AVD) on which we will install app
4. start that virtual device. you can use command line to start (emulator @<AVD name>)
5. after creating virtual device install app using adb command adb install app_file_name.apk
6. now we can start capturing the packets so I will suggest to close other application on your computer which are using network so our captured packets would be more relevant.
7. now start wireshark with root access

8. select interface which you want to capture and click start to start capturing.

   

9. now start using that app so packets will transfer to and fro and wireshark will capture it.

   

10. if you have used app covering all sort of activity then you can stop wireshark to capture packets.

11. now start main business to analyse packets carefully but not all packets are usefull for our job. so lets filter packets which are relevant for you. lets your IP address is 192.168.0.32 then filter all the packets whose IP is this. so filter expression will be ip.addr==192.168.0.32 apply this filter. still we an apply another filter to list up only relevant packets only so possibly that app is accessing API with HTTP protocol so apply HTTP filter. expression would be http. you can apply both are filter at once ip.addr==192.168.0.32 and http press enter to apply.

    

12. see the info carefully for listed packets you will see lot of important details, API keys, cookies etc

How to monitor HTTP (get, post etc) requests that my app is making in android

On non rooted phone you can use android OS proxy and redirect traffic. But some apps doesn't respect it. Makes direct connections. Some tweaking could be done. Use Drony with VPN mode to redirect all traffic to SandroProxy. Here is video how capture then traffic with SandroProxy SandroProxy with Chrome devtools SandroProxy can also capture pcapfiles. Can also make ssl mitm on pcap flow. from SandroProxy support

How to log request and response body with Retrofit-Android?

I used setLogLevel(LogLevel.FULL).setLog(new AndroidLog("YOUR_LOG_TAG")), it helped me.

UPDATE.
You can also try for debug purpose use retrofit.client.Response as response model

how to log the function calls without calling logger functions inside every function

Postsharp would be able to help with this.

http://www.postsharp.net/

Look at injecting behaviour before and after method invocation on http://doc.postsharp.net/method-decorator

As an example, this was taken from their site

[Serializable]
public sealed class TraceAttribute : OnMethodBoundaryAspect
{
    // This field is initialized and serialized at build time, then deserialized at runtime.
    private readonly string category;

    // These fields are initialized at runtime. They do not need to be serialized.
    [NonSerialized] private string enteringMessage;
    [NonSerialized] private string exitingMessage;

    // Default constructor, invoked at build time.
    public TraceAttribute()
    {
    }

    // Constructor specifying the tracing category, invoked at build time.
    public TraceAttribute(string category)
    {
        this.category = category;
    }


    // Invoked only once at runtime from the static constructor of type declaring the target method.
    public override void RuntimeInitialize(MethodBase method)
    {
        string methodName = method.DeclaringType.FullName + method.Name;
        this.enteringMessage = "Entering " + methodName;
        this.exitingMessage = "Exiting " + methodName;
    }

    // Invoked at runtime before that target method is invoked.
    public override void OnEntry(MethodExecutionArgs args)
    {
        Trace.WriteLine(this.enteringMessage, this.category);
    }

    // Invoked at runtime after the target method is invoked (in a finally block).
    public override void OnExit(MethodExecutionArgs args)
    {
        Trace.WriteLine(this.exitingMessage, this.category);
    }
}

Methods that need to be traced(logged in your case) can be decorated by using [Trace], it should also be possible to create a class level aspect, where you can decorate the class that should have the logging associated, although I haven't done that myself.

Filter LogCat to get only the messages from My Application in Android?

Package names are guaranteed to be unique so you can use the Log function with the tag as your package name and then filter by package name:

NOTE: As of Build Tools 21.0.3 this will no longer work as TAGS are restricted to 23 characters or less.

Log.<log level>("<your package name>", "message");

adb -d logcat <your package name>:<log level> *:S

-d denotes an actual device and -e denotes an emulator. If there's more than 1 emulator running you can use -s emulator-<emulator number> (eg, -s emulator-5558)

Example: adb -d logcat com.example.example:I *:S

Or if you are using System.out.print to send messages to the log you can use adb -d logcat System.out:I *:S to show only calls to System.out.

You can find all the log levels and more info here: https://developer.android.com/studio/command-line/logcat.html

http://developer.android.com/reference/android/util/Log.html

EDIT: Looks like I jumped the gun a little and just realized you were asking about logcat in Eclipse. What I posted above is for using logcat through adb from the command line. I'm not sure if the same filters transfer over into Eclipse.

---

Related Topics