Your network is undoubtedly also linked to a series of devices that communicate with the internet. These are mainly computers and mobile devices, but perhaps also all kinds of 'smart devices', such as a thermostat, TV, IP camera, perhaps even a refrigerator or oven. All those devices exchange data with the internet via your network. Cunning analytics tools like Burp and Wireshark (and some effort) let you see that network traffic.
In this article we describe a number of techniques that allow you to query and analyze the traffic passing through your network. Perhaps you are particularly interested in data that is – secretly? – leave your network towards the internet, and vice versa. Also read: 20 super tips for the best home network.
We'll start with devices that are wirelessly connected to your network. In the first instance, we will examine how you can capture all http traffic and even encrypted https traffic from wireless devices. After that, we will also look at other data protocols of wireless devices, so that we can unravel almost the entire wireless traffic. Finally, we will examine how you can also get the wired network traffic from your own computer or from other computers and devices within your network on your screen. You will notice that packet sniffer and protocol analyzer Wireshark play a prominent role in this.
(Wireless) http traffic
To find out what data a mobile app (such as a browser) is actually sending to the servers, it's best to set up a proxy server. This is perfectly possible on your Windows laptop, making sure that it is on the same wireless network as the mobile device you want to monitor. First of all, install the free version of Burp on your computer. Install the program and launch it. Accept the default settings and confirm with Start Burp. Open the tab proxy and click Options. Select the (only) interface and press the button edit. Select the option here All interfaces. Confirm with OK and with yes. Then open the tab Intercept and click Intercept ison (so you now Intercept is off is reading). Finally, open the tab HTTP history.
Now let's go to your mobile device. Let's take an Android smartphone as an example. Go to here Institutions and choose Wi-Fi. Press the name of the connected network for a few seconds and select Customize network. Tap Advanced options on and select proxy / Manually. Bee Hostname of proxy enter the IP address of your Burp machine (Windows tells you that address when you type ipconfig on the command line) and at proxy-gate imagine 8080 in. Save these settings (temporarily). Then surf to some websites and keep the tab on your laptop HTTPproxy closely monitor. If it doesn't work, temporarily disable the firewall on your laptop.
(Wireless) https traffic
However, more and more web traffic is encrypted by default using https, where an SSL certificate must guarantee that the connection to the web server in question has actually been established. Unfortunately, many apps don't check that thoroughly and in those cases you can make your Burp machine act as a MITM (man-in-the-middle). To do this, you must first accept the CA certificate (certificate authority) from Burp on your mobile device. On our Android device we do this by surfing to //burp.cert while the Burp proxy is active. This will download the cacert.der file. Change the filename with an explorer app (such as ES File Explorer) to cacert.cer. Import this certificate via Settings / Security / Installfrom storage (Bee Storage certificate data). Then when you surf to an https site, Burp will also reveal the content of the encrypted traffic.
android
In the article we described how you can request Burp traffic from wireless devices on your PC using proxy server. On an Android device (version 4.0 or higher), it's even easier, thanks to the free Packet Capture app from Gray Shirts, available from the Play Store. The app cunningly uses a VPN service through which all data traffic is routed. If you also want to analyze https traffic, choose Install certificate and confirm with OK. The app shows the collected data including protocol, target address and time and you only have to tap a packet for more details. Through the magnifying glass icon, Packet Capture will try to recognize the content and present it more recognizable.
