# r0ysue/r0capture

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/r0ysue-r0capture).**

7,674 stars · 1,506 forks · Python · Apache-2.0

## Links

- GitHub: https://github.com/r0ysue/r0capture
- awesome-repositories: https://awesome-repositories.com/repository/r0ysue-r0capture.md

## Description

r0capture is a tool for intercepting network traffic from Android applications. It serves as a traffic interceptor, packet sniffer, and client certificate exporter used to analyze application-layer communication on Android devices.

The project provides mechanisms to bypass SSL pinning and certificate validation, allowing the decryption of encrypted traffic without modifying device trust stores. It also enables the extraction of client-side certificates from application memory for saving to local device storage.

Captured network data is serialized into PCAP files to support offline protocol analysis. The tool identifies specific functions responsible for sending and receiving packets to capture data across various application-layer frameworks and protocols.

## Tags

### Mobile Development

- [Android Traffic Analysis Tools](https://awesome-repositories.com/f/mobile-development/android-traffic-analysis-tools.md) — Intercepts and inspects network requests within Android applications to understand server communication.
- [Mobile Application Debugging](https://awesome-repositories.com/f/mobile-development/mobile-application-debugging.md) — Enables detailed offline analysis of Android app network traffic by exporting data to PCAP files.

### Networking & Communication

- [Application-Layer Interceptions](https://awesome-repositories.com/f/networking-communication/local-packet-captures/application-layer-interceptions.md) — Captures data across various application-layer frameworks and redirects it into a standard packet format.
- [Application-Layer Captures](https://awesome-repositories.com/f/networking-communication/packet-capture-engines/application-layer-captures.md) — Captures network data at the app level to analyze traffic across different protocols and encryption versions.
- [Packet Capture Utilities](https://awesome-repositories.com/f/networking-communication/packet-capture-utilities.md) — Records and saves network traffic from identified Android functions into PCAP files for offline analysis.
- [Traffic Interceptors](https://awesome-repositories.com/f/networking-communication/traffic-interceptors.md) — Serves as a tool for capturing and analyzing application-layer network traffic on Android devices.

### Operating Systems & Systems Programming

- [Dynamic Process Instrumentation](https://awesome-repositories.com/f/operating-systems-systems-programming/system-instrumentation-frameworks/android-instrumentation/dynamic-process-instrumentation.md) — Implements runtime code injection into Android processes to intercept network calls without modifying the app binary.

### Security & Cryptography

- [Certificate Pinning Bypasses](https://awesome-repositories.com/f/security-cryptography/certificate-pinning-bypasses.md) — Forcefully disables certificate validation logic during execution to allow decryption of HTTPS traffic.
- [Mobile App Security Auditing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/mobile-app-security-auditing.md) — Provides tools for analyzing network behavior and extracting credentials to identify mobile application security vulnerabilities.
- [Memory-Based Certificate Extractions](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management/certificate-authority-management/certificate-export/memory-based-certificate-extractions.md) — Extracts client-side certificates from application memory for storage and inspection. ([source](https://github.com/r0ysue/r0capture#readme))
- [Runtime Certificate Extractions](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management/certificate-authority-management/certificate-export/runtime-certificate-extractions.md) — Extracts client-side certificates from application memory and saves them to local device storage.
- [Memory-Based Extractions](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management/certificate-data-extraction/memory-based-extractions.md) — Extracts client certificates by reading the application's process memory space.

### Software Engineering & Architecture

- [Dynamic Function Interception](https://awesome-repositories.com/f/software-engineering-architecture/dynamic-function-interception.md) — Captures plaintext network data by intercepting specific sending and receiving functions at runtime.

### System Administration & Monitoring

- [Application Layer Protocol Dissectors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/application-layer-protocol-dissectors.md) — Hooks application-layer frameworks on mobile devices to intercept and decode network data across multiple protocols. ([source](https://github.com/r0ysue/r0capture/blob/main/README.md))
- [PCAP File Exports](https://awesome-repositories.com/f/system-administration-monitoring/observability-tracing/batch-export-utilities/trace-exporters/packet-capture-exporters/pcap-file-exports.md) — Serializes captured network buffers into standard PCAP files for offline analysis.

### Part of an Awesome List

- [Mobile App Analysis Tools](https://awesome-repositories.com/f/awesome-lists/devtools/mobile-app-analysis-tools.md) — Universal tool for capturing traffic from Android applications.
