Introduction to Thor
Take absolute control over your device's network communications. Thor by trinadhthatakula is a formidable, open-source root utility built for developers, security researchers, and privacy advocates. By hooking directly into the Android core, Thor provides unparalleled visibility into exactly what your installed applications are transmitting over the internet. Monitor background telemetry, intercept unencrypted packets, and analyze DNS queries in real-time right from your smartphone.
Unrestricted Network Analysis
Shatter the black box of Android app networking. Use root access to monitor, capture, and inspect network traffic natively without relying on external proxy servers.
Root-Level Interception
Utilizes Magisk or KernelSU to hook into the network stack natively. It bypasses VPN-slot limitations, allowing you to use a real VPN while monitoring traffic simultaneously.
Live DNS Logging
See exactly which domains your apps are pinging in the background. Identify tracking servers, analytics endpoints, and malicious outbound requests instantly.
Native PCAP Export
Capture raw network packets directly on your mobile device. Export logs in standard .pcap format for deep inspection later in desktop software like Wireshark.
100% Open Source
Choose the foss-release for a completely tracker-free experience, built from transparent, community-audited code hosted on GitHub.
Granular Filtering
Don't get overwhelmed by system noise. Filter your capture session by specific application package names (UIDs), IP addresses, or network protocols.
Micro Footprint
At roughly 4 MB, Thor is incredibly lightweight. The background interception daemon is optimized in C/C++ to ensure zero CPU throttling or battery drain during capture.
How Thor Captures Network Traffic
Non-root network monitoring applications on Android are forced to use the VpnService API. They create a local mock VPN to route traffic through themselves. This method is restrictive because you cannot use a real VPN simultaneously, and some apps detect and block VPN interfaces.
Thor bypasses this completely by leveraging root access. It utilizes iptables routing rules and native Linux packet sniffing (via AF_PACKET sockets or eBPF hooks depending on the kernel). It sits directly above the network interface card (NIC), catching raw ingress and egress packets silently before they are encrypted or routed by the Android OS.
Frequently Asked Questions
foss-release is completely free of proprietary binaries and trackers, built entirely from open-source code (ideal for F-Droid users). The store-release is optimized for Google Play Store compliance and may include standard analytics or billing libraries.