Skip to content

6. Usage Guide: AppMon Sniffer

Jump to bottom
Nishant Das Patnaik edited this page Apr 10, 2017 · 21 revisions 

     ___      .______   .______   .___  ___.   ______   .__   __. 
    /   \     |   _  \  |   _  \  |   \/   |  /  __  \  |  \ |  | 
   /  ^  \    |  |_)  | |  |_)  | |  \  /  | |  |  |  | |   \|  | 
  /  /_\  \   |   ___/  |   ___/  |  |\/|  | |  |  |  | |  . `  | 
 /  _____  \  |  |      |  |      |  |  |  | |  `--'  | |  |\   | 
/__/     \__\ | _|      | _|      |__|  |__|  \______/  |__| \__| 
                        github.com/dpnishant
                                                                  

usage: appmon.py [-h] [-a APP_NAME] [--spawn SPAWN] [-p PLATFORM]
                 [-s SCRIPT_PATH] [-o OUTPUT_DIR] [-ls LIST_APPS] [-v]

optional arguments:
  -h, --help      show this help message and exit
  -a APP_NAME     Process Name; Accepts "Twitter" for iOS;
                  "com.twitter.android" for Android; "Twitter" for macOS
  --spawn SPAWN   Optional; Accepts 1=Spawn, 0=Attach; Needs "-p PLATFORM"
  -p PLATFORM     Platform Type; Accepts "ios", "android" or "macos"
  -s SCRIPT_PATH  Path to agent script file; Can be relative/absolute path for
                  a file or directory; Multiple scripts in a directory shall
                  be merged; Needs "-a APP_NAME"
  -o OUTPUT_DIR   (Optional) Path to store any dumps/logs; Accepts
                  relative/absolute paths
  -ls LIST_APPS   Optional; Accepts 1 or 0; Lists running Apps on target
                  device; Needs "-p PLATFORM"
  -v              show program's version number and exit

###Sample Usage

  • Monitoring the Twitter app on a jailbroken iOS device via attach to app:, python appmon.py -a Twitter -p ios -s scripts/iOS

  • Monitoring the Twitter app on a jailbroken iOS device via attach & respawn app: python appmon.py -a Twitter -p ios -s scripts/iOS

  • Monitoring the Twitter app on a non-jailbroken iOS device: python appmon.py -a Gadget -p ios -s scripts/iOS/JSON/NSJSONSerialization_JSONObjectWithData.js NOTE: The process name is always Gadget.

  • Monitoring the Twitter app on a rooted Android device via attach to app: python appmon.py -a "com.twitter.android" -p android -s scripts/Android

  • List all running apps on a device (-p ios or -p android), python appmon.py -p ios -ls 1

###Points to Remember

  • After starting appmon, you may need to interact/use the app on the device till you see messages on console similar to Dumping to foobar.db and until then you not may not find your app on the WebUI's app list.
  • For every unique app, appmon saves all data into a SQLite database with the same name as that of the app's name under the appmon/app_dumps directory.
  • If you want to start a fresh session, you may need delete the old db for that app, under the appmon/app_dumps directory (do not forget to backup it up shall you need it later)

###Tutorial Video

###Screenshots

  • Screenshot#1

  • Screenshot#2

  • Screenshot#3

  • Screenshot#4

Clone this wiki locally