Thuat Nguyen

Inspect network traffic on Android

13 Jul 2020

As an Android developer, you might want to inspect network traffic in your Android device. With the apps you build, in fact, there are a lot of tools help you debug HTTP(s) traffic. However, how can you monitor other various apps such as: Youtube, Twitter, etc.? This article will help you do it by using mitmproxy tool.

This post also published on my Medium blog .

mitmproxy

In short, mitmproxy is an interactive man-in-the-middle proxy for HTTP and HTTPS with a console interface, and most importantly it’s free! You can read this document to understand how it works.

Prerequisites

  • Mitmproxy tool
  • Android Emulator with root permission
Important Note: When you create the emulator, you must choose "(Google APIs)" in the Target (android version), do not choose "(Google Play)" or you will not be able to get adb root access.

Idea

Ideally, we install the mitmproxy CA certificate manually as a user-added CA and done!

Unfortunately, since Android 7, apps ignore user-added CAs, unless they are configured to use them. And most applications do not explicitly opt in to use user certificates. So, we need to place our mitmproxy CA certificate in the system certificate store as a trusted CA. Now let’s start!

Create mitmproxy certificate

Install mitmproxy

brew install mitmproxy

Generate certificate

mitmproxy

Rename certificate

  • Enter your certificate folder
cd ~/.mitmproxy/
  • CA Certificates in Android are stored by the name of their hash, with a ‘0’ as extension. Now generate the hash of your certificate
openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1
  • For example, the output is your_hash_value. We can now copy mitmproxy-ca-cert.cer to your_hash_value.0 and our system certificate is ready to use
cd ~/.mitmproxy/
cp mitmproxy-ca-cert.cer your_hash_value.0

Insert certificate into system certificate store

  • Enter emulator folder within Android SDK
cd .../Android/SDK/emulator/
  • Get a list of your AVDs with emulator -list-avds
./emulator -list-avds
  • Start your android emulator with -writable-system option in order to write to /system
./emulator -avd <avd_name_here> -writable-system
  • Restart adb as root
adb root
  • Remount the system partition as writable
adb shell "mount -o rw,remount /"
  • Push your certificate to the system certificate store and set file permissions
adb push your_hash_value.0 /system/etc/security/cacerts
adb shell "chmod 664 /system/etc/security/cacerts/your_hash_value.0"
  • Reboot your emulator
adb reboot

Now we installed the CA certificate on Emulator.

Setup Proxy on Emulator

Open Emulator Settings, add manual proxy with hostname: 127.0.0.1 and port 8080

Launch the tool and see the magic! You can start any of three tools from the terminal:

  • mitmproxy -> gives you an interactive TUI
  • mitmdump -> gives you a plain and simple terminal output
  • mitmweb -> gives you a browser-based GUI

For instance, I open the Youtube app and monitor the traffic as below.

  • Run mitmproxy

  • Run mitmweb to see the API details

Voila!

Related posts