Monitoring & Modifying Android app network traffic via MITM proxy Part-1

What is Mitmproxy?

mitmproxy is a free and open-source interactive HTTPS proxy tool that helps to monitor the API request & Response which flows through an Android app.

Why use a proxy tool?

• View all API information(Headers, Request & Response parameters, Cookies, Status code) that your app is using in one place
• Validate the app’s behavior by altering some of the API response
• Delay API response to check the timeout behavior of the app
• Validate error handling by altering the API response
• and many more usage

Proxy tools help to realize all the above use cases.

mitmproxy Features

• Intercept HTTP & HTTPS requests and responses and modify them on the fly
• Save complete HTTP conversations for later replay and analysis
• Replay the client side of an HTTP conversation
• Replay HTTP responses of a previously recorded server
• Reverse proxy mode to forward traffic to a specified server
• Transparent proxy mode on OSX and Linux
• Make scripted changes to HTTP traffic using Python
• SSL/TLS certificates for interception are generated on the fly
• And much, much more…

The name MITM came from Man-in-the-middle attack

Why Mitmproxy over other tools?

There are lots of proxy tools out there, but I find it reliable to use a CLI tool over a GUI tool.

Mitmproxy is the fastest, most reliable, and one-point solution to check all your app’s API information.

MITM is tiny, handy, and robust.

Installation

I will be using a mac machine and an Android phone.

To install Mitmproxy, we will need Homebrew. If you don’t have homebrew installed, you can install it with the following

/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Mitmproxy can be easily installed via homebrew

brew install mitmproxy

Once the above step is completed run

mitmproxy -p PORT_NUMBER

Replace the PORT_NUMBER with a port of your choice eg. 6666,7777 etc.
It is a good idea to specify the port number otherwise, by default it will take 8080.

Note the PORT_NUMBER which you use here, this will be used in your android phone setup as well.

Now, Check the IP Address of your computer by holding option and clicking on the wifi icon

or You can also get the same value from network preference > advanced > TCP/IP

Or you can use the following command

ipconfig getifaddr en0

On your android phone

1. Goto → network settings → proxy → Manual
2. Enter the IP Address that you got from your Mac machine and the port number which you entered while starting the Mitmproxy
3. save

You should be able to see all the logs of your phone’s new network traffic

Mitmproxy traffic

But wait do you notice one thing in the logs?
Only the HTTP logs are displayed, HTTPS logs are not captured.

Can we capture HTTPS logs via Mitmproxy?
Yes, we can but we need to install a Mitmproxy certificate to capture the HTTPS traffic.
Here is how Mitmproxy works

Installing the certificate on the phone

1. Open Chrome
2. Goto mitm.it
3. Select Android from the following

4. Install and give a name to the certificate

5. The certificate will get installed under user certificates. You can validate from phone settings

6. Android (starting from Nougat) requires application manifests to explicitly state whether applications require access to user CA certificates. Create res/xml/network_security_config.xml and add the following lines

<network-security-config>
   <debug-overrides>
      <trust-anchors>
         <certificates src="system" />
         <certificates src="user" />
      </trust-anchors>
   </debug-overrides>
</network-security-config>

With this setting, you will be able to view network traffic but only in debug mode. This is safe since you don’t want to expose your production app traffic and debug app is limited to you.

7. In the Manifest, add the following
<application android:networkSecurityConfig=”@xml/network_security_config">

8. Now you should be able to see HTTPS traffic

HTTPS traffic

By installing the certificate Mitmproxy you can decrypt SSL-encrypted or HTTPS traffic.

In Part 2 of the blog, we will see how effectively we can use Mitmproxy by intercepting, following, and modifying the request and response and shortcuts.

Example of an android application that is configured to allow HTTPS network traffic is available at
https://github.com/gaikwadChetan93/MitmProxyDemo

Let’s get connected

For any query, suggestion, or improvement on my blog ping me

• My portfolio: https://droid-learn.com/
• Medium profile → https://medium.com/@gaikwadchetan93
• GitHub → https://github.com/gaikwadChetan93
• LinkedIn → https://www.linkedin.com/in/chetan-gaikwad-10426383/