Inspecting Android Traffic using Proxyman + apk-mitm

Photo by pixabay.com

Introduction

Hi everyone! Still with me to share some experience, thought, or opinion about technology-related with the software engineering field. In this article, I want to share about my experience inspecting network request from mobile application, especially for Android platform!

If we are talking on web app, inspecting the network request to the server is quite easy. For Chrome or Firefox, just go to developer tools and see the network tab. We can monitor the request type like Method, URL, Headers, Body and the response as well.

Source by gohighbrow

But, how if we want to do the same on mobile device? Because for mobile browser, we don’t have any options similar with developer tools. Also, it’s impossible when we want to see the network for mobile application.

Proxy

The answer is we can use tool such as Proxy to help us capturing the network between device and server. This method called Man-In-The-Middle, because we put proxy in the middle connection. For more pictures, see the diagram below.

Source by researchgate

There are bunch of Proxy services for the example:

I personally will go with Proxyman, because I am Mac users and it’s GUI based. If you more into CLI based, you can try with mitmproxy. Both of them isn’t your favourite? Maybe you can use another proxy that suitable for you. Just google about it. Here is some look of the proxy that I mentioned.

Source by proxyman
Source by mitmproxy
Source by charles

After finished the installation and running the Proxyman, we will getting listening port. Don’t worry if the default port is conflicted with the existing port on your system. We can easily change to another one. Here is the picture how’s Proxyman running and getting a listening port.

Picture 1 Proxyman Running Status

Android Configuration

Afterward, the next step is configuration on Android phone. If we don’t have any Android phone, we can use Emulator like Genymotion (https://www.genymotion.com).

Make sure the network between phone and proxy server is on same network. Go to SSID config, choose manual proxy and add proxy hostname + port as proxy information.

Picture 2 Android Proxy Configuration

Done with proxy config, we need to setup SSL for the Android phone. Because I am using Proxyman, we need to open http://proxy.man/ssl URL and download the certificate. In real Android phone, just opened the certificate and follow the installation. But for emulator case, the step is a little bit different. We need to install from Settings -> Security -> Install from SD card.

Picture 3 Android Certificate Installation

Testing

Try to capture the network by opening a website using mobile browser. In this case, I am trying to capture network request for yahoo website. As we can see the picture below, the network will be captured and if we need to see the response, we need to click “Enable only this domain” and try to apply the same request. See the Picture 4 & 5 for the detail.

Picture 4 Mobile Browser Network Captured
Picture 5 HTTPS Response

If capturing the network in browser seems doesn’t have any problems, how about mobile application? Well, I am trying with simple app for Currency information. And like “Picture 6”, it is still working!

Picture 6 Mobile Application Network Captured

Real Device Issue

The previous step conducted on Genymotion. How if using real device? Because it’s more comfortable to do in real device compared with emulator. But, seems the real device have an issue about SSL Handshake Failed. Picture 7 show how the network become red due to some error.

Picture 7 Real Device Issue on Network Captured

apk-mitm

What we can do to solve the problem about SSL Handshake Failed on real device? One of the solution maybe using this tool called apk-mitm (https://github.com/shroudedcode/apk-mitm)

What is apk-mitm? From their official github site:

A CLI application that automatically prepares Android APK files for HTTPS inspection

apk-mitm automates the entire process. All you have to do is give it an APK file and apk-mitm will:

As we can see the description above, we need raw APK. We can get it from APKPure or similar site or export using SAI. Then we just need run this installation + executing command and the entire process will be like on Picture 8.

$ npm install -g apk-mitm
$ npx apk-mitm <path-to-apk>
Picture 8 Patching APK

After installation the patched APK has been finished, try to open the application and see the captured request. Voila! The request from patched APK has no issue about SSL Handshake Failed!

Picture 9 Real Device Issue Solved

Certificate Pinning Issue

Unfortunately, in my case I have an issue regarding application that implemented Certificate Pinning. If it’s your first time heard about it, you can refer the detail here. Although apk-mitm said they have logic to disable Certificate Pinning, it doesn’t works for me. The error about “SSL Handshake Failed” still occur on Proxyman console.

Conclusion

Summary for this experiment can be listed on the points below:

  • Proxyman works well for capturing both browser and application network request for Android (Genymotion).
  • Capturing network application on real Android device need extra treatment using apk-mitm .
  • Proxyman works well for capturing both browser and application network request for iOS (Real Device). I am not shared the detail for iOS due to the topic area, but I’ve been try it.
  • Android application which implemented Certificate Pinning may fail due to SSL Handshake Fail although we are using the patched APK.

I hope this article useful and see you on another topic! Thank you!

--

--

--

Software Engineer | Traveler | Guitarist | J-Lovers

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Setting up a Proxy Server for traffic monitoring with Tshark

Cartesi Partners with Elrond to bring the World’s Prevailing OS to the Internet Scale Blockchain

Week 13 Retrospective

Flatiron CLI Project One

Clean data driven systems and content in video games

Mutable, Immutable… everything is an object!! Python

The Angry Programmer

Create your Own Digital Picture Frame

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bismo Baruno

Bismo Baruno

Software Engineer | Traveler | Guitarist | J-Lovers

More from Medium

Taming the Out of Memory issues for Flutter Web as Android Progressive Web SDK ⚙️🔥

How to Mute Audio and Adjust Volume During a Video Call in Android Using the Agora SDK

Common errors found when generating Android certificates (and how to fix them!)

How to create a Kotlin back-end server (ktor + exposed + flyway + jwt)