/assets/img/2022-01-04_android_traffic_02-640.png

Debug Android (Application) Traffic

Contents

Date
04.01.2022
Reading time
2 Minutes
Comments
0 comments
Tags
Contents

Ever wondered what your Android device is doing or what data an application sends home?

This post will help you set up a local proxy and intercept the http(s) traffic from an Android Virtual Device (AVD).

Note: If the application you target does not use the system certificate store but brings its own (or uses certificate pinning), you’ll need to find another way.

Requirements

You’ll need to have some software installed first (current versions preferred):

Mitmproxy is a nice, useful tool that provides a local proxy including a self-signed CA certificate and either a CLI or web-ui. It provides way more functionality than we’ll need here, so you’ll probably find it useful for other projects too.

Setup

What we’ll do is inject the CA certificate created by mitmproxy into an AVD, configure it to use our local proxy and then run our application on the Emulator.

Google does not allow root access to any Emulator that has the Play Store installed. There was also a change in API Level > 28 making it nasty to inject a custom certificate. Therefor I recommend using an Android 9 image if possible.

The mitmproxy docs1 provide way more detail on the installation process, but I’ll provide a summary here.

# Run mitmproxy once to ensure the certificate was generated
mitmproxy

# Generate certificate hash and copy certificate to a valid filename
cd ~/.mitmproxy/
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1` && cp mitmproxy-ca-cert.cer $hashed_name.0

# Fireup your AVD and install certificate to system
emulator -avd <avd_name_here> -writable-system
adb root
adb remount
adb push ~/.mitmproxy/${hashed_name}.0 /system/etc/security/cacerts
adb shell chmod 664 /system/etc/security/cacerts/${hashed_name}.0
adb reboot

Congratulations, your AVD will now accept the mitmproxy certificate as valid certificate and won’t complain about unsecure traffic anymore.

Usage

When you now start your AVD with the http-proxy parameter set, all traffic is routed through your mitmproxy (don’t use localhost as ip, that won’t work):

emulator -avd <avd_name_here> -http-proxy http://<your_ip>:8080

You can easily test the proxy by opening Chrome and some website.

Next step is to install your Android Application onto your AVD. I assume, that you already have the .apk file ready:

adb install <apk_file>

Footnotes

  1. mitmproxy - Install System CA Certificate on Android Emulator ↩︎

Gallery

/assets/img/2022-01-04_android_traffic_02-640.png
mitmproxy in Action
/assets/img/2022-01-04_android_traffic_03-640.png
AVD Hardware Selection
/assets/img/2022-01-04_android_traffic_04-640.png
AVD System Image Selection

Tags

Comments