Use Proxyman to capture Android https requests
Occasionally, you may need to test your mobile application and examine all network requests associated with it. On the web, this task is as simple as opening the developer tools by pressing Ctrl + Shift + I. From there, you can navigate to the Network tab and inspect all HTTP requests related to the web page, as shown below:
However, when it comes to mobile development, the process is not that simple. Unlike networking, there is no built-in mechanism to easily inspect HTTP requests by opening the developer tools.
In this blog post, we’ll explore the fascinating world of intercepting network requests through the use of proxies. We'll guide you step-by-step through setting up and configuring a proxy server that will act as an intermediary between your device and the network.
By leveraging the capabilities of a proxy server, we are able to intercept, inspect and analyze all incoming network requests. This opens up endless possibilities for application debugging, performance optimization, and security analysis.
To make it easier to understand, I've broken down the process into five steps. all these are:
- Set up the Android emulator
- proxy settings
- Prepare certificate
- Deploy certificate
- Setting up a proxy on the Android emulator
Let's explore each step in detail.
1. Set up the Android emulator
To start this process, you need to install Android Studio.
After successful installation, launch Android studio. On the toolbar at the top of the window, find and click the Tools menu. Device Manager then creates the required device from the drop-down menu and runs the device.
First, use this command emulator -list-avds to display a list of all installed emulators on the system. This command will give you the names of available devices. Determine the name of the device you want to run from the list.
Once you have identified the device you want to start, you can use thisemulator -avd deviceName command. deviceNameReplace the name in the command with the actual name of the desired device. This command will launch the emulator using the specified device.
It is important to ensure that you have set all the environment variables required for the emulator commands to work properly. This will ensure that the command is recognized and executed successfully.
List devices
After setting up the Android emulator, you can choose to download and install the APK file of the desired application from APKMirror. APKMirror is a reputable website where you can find various APK files for various Android applications. After downloading the APK file, you can proceed to install it on your Android emulator. You can drag and drop the downloaded APK file into the emulator window, or you can import the APK file using the emulator's file transfer mechanism.
2. Proxy settings
Before proceeding with agent installation, you must ensure that OpenSSL and Android Debug Bridge (ADB) are set up correctly. Here are the steps you should follow:
If you don't have OpenSSL installed yet, please install OpenSSL on your system first. For installation procedures, see the documentation specific to your operating system. After openssl version is installed, you can verify the installation by running the command in a terminal or command prompt. If installed correctly, this will display the OpenSSL version.
Check the OpenSSL version
Next, it is important to confirm that you can access the Android Debug Bridge (ADB) from a terminal or command prompt. Use this commandadb version to check whether ADB is accessible and configured correctly. If the command returns the ADB version, it means the settings are correct.
After successfully setting up OpenSSL and confirming access to ADB, you can proceed with installing the agent. In this tutorial, we will download and useProxyman as an example tool. However, you can apply the same principles to other similar tools, such as Charles Proxy or mitmProxy.
https://proxyman.io/
https://www.charlesproxy.com/
3. Prepare certificate
To decrypt application requests, Proxyman generates a custom SSL certificate. To obtain this certificate and configure it for use with the Android operating system, follow these steps:
Open your web browser and visit the link below. You can download the Proxyman SSL certificate via this link. After downloading the certificate, find the folder where the certificate is saved:
http://proxy.man/ssl
- To ensure that the certificate file has the correct format required by the Android operating system, you need to rename it. Open a command prompt and navigate to the folder where the certificate is located. Afterwards run this command:
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in proxyman-ca.pem | head -1` && cp proxyman-ca.pem $hashed_name.0This command uses OpenSSL to generate a hashed name for the certificate and then renames the file accordingly. By following these steps, you obtain the custom SSL certificate from Proxyman and rename it to the format expected by Android OS. This certificate is essential for decrypting app requests and enabling Proxyman to intercept and analyze the network traffic.
This command uses OpenSSL to generate a hashed name for the certificate and then renames the file accordingly. By following the steps below, you can obtain a custom SSL certificate from Proxyman and rename it to the format required by the Android operating system. This certificate is essential to decrypt application requests and enable Proxyman to intercept and analyze network traffic.
This command did not work on Windows Power shell, so I ran this command on Git Bash Terminal:
The command executed successfully and .0 in the same A file with the extension: is generated in the folder.
4. Deploy certificate
The file .0 we generated in the previous step is the certificate that will be added to the Android emulator. To do this, we first open a terminal and list the available AVDs:
emulator -list-avds
From the available AVDs, we will run the required AVD using the following command:
emulator -avd <avd_name_here> -writable-system
Note that we use the-writable-system flag to launch the AVD with writable system permissions, allowing modification. After that we need to open another terminal and run the following command:
adb root
This command restarts the ADB daemon with root privileges. After that, we run this command to disable Secure Boot verification on the device:
adb shell avbctl disable-verification
Next we restart the device using the following command:
adb reboot
After the device restarts, run the following command to restart ADB as root:
adb root
Remount the partition as read-write by executing the following command:
adb remount
If ADB prompts you to restart the device, run adb reboot again, then adb root and adb remount. Now we are ready.0to push the renamed SSL certificate file (the one we generated earlier) to the device using the following command, replacing<path_to_certificate> with the actual path to the certificate file :
adb push <path_to_certificate> /system/etc/security/cacerts
This command copies the certificate file to the appropriate directory on the device. Now we will set the correct permissions for the certificate file by running the following command:
adb shell chmod 664 /system/etc/security/cacerts/<name_of_pushed_certificate>
Now we need to reboot the device one last time using the following command:
adb reboot
The device will restart and the SSL certificate will be deployed. We have successfully deployed the SSL certificate to your Android emulator. This will allow the emulator to recognize and trust the certificate, allowing Proxyman to intercept and analyze network traffic from the device.
Now to verify the certificate on your Android device you can navigate to the section of the Android device settingsTrusted Credentials where you can find the tab listed under certificate. This confirms that the certificate was successfully installed and recognized by your Android device:SystemEncryption & CredentialsProxyman LLCSystem
5. Set up proxy on Android emulator
The final step involves us configuring the Android emulator to use the Proxyman proxy we set up. To do this, start Proxyman on your computer. In Proxyman, navigate to the Certificate menu. Select Install Certificate on Android from the drop-down list. Physical Devices is selected from the submenu. Note that you don't need to worry about the term Physical Devices as we won't be following that specific guideline. We just need some basic details from this menu:
InAndroid setup guide, make sure to copy the IP address and port number. Subsequent steps in the process will require these details:
Next is to go to the Android emulator and click on the menu icon as shown in the screenshot:
Click the Settings option in the sidebar. After clicking Settings, you can continue to navigate to the Proxy tab:
On the Agents tab, check theManual proxy configuration option. Then paste the IP address and port we copied from the Proxyman Android setup guide step and click the apply button:
We have successfully completed all the necessary setup steps to intercept HTTP requests from Android devices. Now we can launch Proxyman and run the application on the Android emulator. When we use the application, Proxyman will capture and display all relevant details and data related to the network request, providing us with valuable insights and visibility into the application communication.
