Today, i want to introduce SquidMan (more info here), a simple Mac OSx sniffer.
SquidMan is a network proxy, that redirect traffic from your mobile device to your pc. In this way you can log all the network calls (GET/POST/PUT/DELETE/etc…).
You can easily open your terminal, and read network logs.
Download SquidMan from here, it’s free: download.
Configure SquidMan
Open “Preferences…” from menu.
- GENERAL tab, contains informations about the PORT (default 8080), hostname, cache and system informations.
- PARENT tab, permit you to add a proxy (if you are behind a lan proxy)
- CLIENT tab, this is important, is the place where you can configure your device ip address.
You can add a single ip address or a subnet. In my case, i’ve added for simplicity different subnets.
You can find the ip address (or subnet) to put in the list, from your Network Preference, or from Terminal:
$ ifconfig
My ip was: 192.168.1.170 and subnet is 192.168.1.0/24.
- DIRECT tab, is an exclusion list
- TEMPLATE is the configuration file, as explained in the Squid faq. The only line that i’ve added was:
[code autolinks=”false” collapse=”false” firstline=”1″ gutter=”true” htmlscript=”false” light=”false” padlinenumbers=”false” smarttabs=”true” tabsize=”4″ toolbar=”false”]strip_query_terms off[/code]
To grab all the GET parameters of the query. If you want grab something different, please read the Squid Faq to know how do it.
Configure Device – ipad example
Go to Networks, select a network, connect and open settings to configure a proxy.
Set as proxy address, your pc (running Squibd, of course) ip address, and as portyour SquidMan port, as explained before.
Sniff network
- Run SquidMan
- Open yuour Terminal, and type:
[code autolinks=”false” collapse=”false” firstline=”1″ gutter=”true” htmlscript=”false” light=”false” padlinenumbers=”false” smarttabs=”true” tabsize=”4″ toolbar=”false”]$ tail -f ~/Library/Logs/squid/squid-access.log[/code]
Good, you are logging something.
Test network sniffer
Go to your device, open any app that use network and watch the console’s output. What you see?
I’ve opened eBay app and this is a piece of log:
[code autolinks=”false” collapse=”false” firstline=”1″ gutter=”true” htmlscript=”false” light=”false” padlinenumbers=”false” smarttabs=”true” tabsize=”4″ toolbar=”false”][…]
1397810060.184 877 192.168.1.142 TCP_MISS/200 12454 GET http://mthumbs.ebaystatic.com/d/l400/pict/221334746375_1.jpg – HIER_DIRECT/2.228.46.112 image/jpeg
1397810060.240 905 192.168.1.142 TCP_MISS/200 28531 GET http://mthumbs.ebaystatic.com/d/l400/pict/310822968469_1.jpg – HIER_DIRECT/2.228.46.112 image/jpeg
1397810060.470 1003 192.168.1.142 TCP_MISS/200 19894 GET http://mthumbs.ebaystatic.com/d/l400/pict/190996423023_1.jpg – HIER_DIRECT/2.228.46.112 image/jpeg
1397810060.629 7757 192.168.1.142 TCP_MISS/200 1065 POST http://open.api.ebay.com/shopping – HIER_DIRECT/66.211.179.149 text/xml
1397810060.647 2426 192.168.1.142 TCP_MISS/200 861 CONNECT svcs.ebay.com:443 – HIER_DIRECT/66.135.211.97 –
1397810060.735 7892 192.168.1.142 TCP_MISS/200 1101 POST http://open.api.ebay.com/shopping – HIER_DIRECT/66.211.179.149 text/xml
1397810061.307 1032 192.168.1.142 TCP_MISS/200 21100 GET http://mthumbs.ebaystatic.com/d/l400/pict/321276401189_1.jpg – HIER_DIRECT/2.228.46.112 image/jpeg
1397810061.823 1669 192.168.1.142 TCP_MISS/200 37541 GET http://mthumbs.ebaystatic.com/d/l400/pict/111237325698_1.jpg – HIER_DIRECT/2.228.46.112 image/jpeg
1397810061.870 1528 192.168.1.142 TCP_MISS/200 52338 GET http://mthumbs.ebaystatic.com/d/l400/pict/280680372754_2.jpg – HIER_DIRECT/2.228.46.112 image/jpeg
[…][/code]
happy sniff.
Ref:
albertopasca.it
squidman
wikipedia
eBay app