Debug Android (Application) Traffic
Contents
Ever wondered what your Android device is doing or what data an application sends home?
This post will help you set up a local proxy and intercept the http(s) traffic from an Android Virtual Device (AVD).
Note: If the application you target does not use the system certificate store but brings its own (or uses certificate pinning), you’ll need to find another way.
Requirements
You’ll need to have some software installed first (current versions preferred):
Mitmproxy is a nice, useful tool that provides a local proxy including a self-signed CA certificate and either a CLI or web-ui. It provides way more functionality than we’ll need here, so you’ll probably find it useful for other projects too.
Setup
What we’ll do is inject the CA certificate created by mitmproxy into an AVD, configure it to use our local proxy and then run our application on the Emulator.
Google does not allow root access to any Emulator that has the Play Store installed. There was also a change in API Level > 28 making it nasty to inject a custom certificate. Therefor I recommend using an Android 9 image if possible.
The mitmproxy docs1 provide way more detail on the installation process, but I’ll provide a summary here.
# Run mitmproxy once to ensure the certificate was generated
mitmproxy
# Generate certificate hash and copy certificate to a valid filename
cd ~/.mitmproxy/
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1` && cp mitmproxy-ca-cert.cer $hashed_name.0
# Fireup your AVD and install certificate to system
emulator -avd <avd_name_here> -writable-system
adb root
adb remount
adb push ~/.mitmproxy/${hashed_name}.0 /system/etc/security/cacerts
adb shell chmod 664 /system/etc/security/cacerts/${hashed_name}.0
adb reboot
Congratulations, your AVD will now accept the mitmproxy certificate as valid certificate and won’t complain about unsecure traffic anymore.
Usage
When you now start your AVD with the http-proxy
parameter set, all traffic is routed through your mitmproxy (don’t use localhost as ip, that won’t work):
emulator -avd <avd_name_here> -http-proxy http://<your_ip>:8080
You can easily test the proxy by opening Chrome and some website.
Next step is to install your Android Application onto your AVD. I assume, that you already have the .apk
file ready:
adb install <apk_file>
Comments