Client (Mobile) how to intercept and modify http response

Question

I am Android developer, my application uses a bunch of http REST calls and it gets responses from servers. I use Charles to inspect the data (so I have to install Charles certificate onto my device so that https traffic can be read by myself).

Are there any tools out there like Charles that will allow me to modfiy that response packet before sending to the client ??

Answer 1

Charles itself has the functionality. Follow the steps:

1. enable break points by right click on individual request or a path

2. Before sending the request, Charles will give you a change to edit it. See below. Click "edit request" to fill in whatever you want and click "execute" to send the request.

3. Before posting the result back to your mobile phone, you have a change to edit the content. See below.

Answer 2

Depending on what exactly you want to modify, Charles' inbuilt Rewrite Tool might be what you are looking for. You find it in the Tools menu. You can specify which requests shall be modified by protocol, host, port, path and query, and you have the following modification options:

• Add, modify, remove headers (request and response)
• Modify Host, Path, URL, Response Status
• Add, modify, remove Query Parameters
• Modify body (request and response)

Another option is Fiddler. Like Charles it can be configured as a proxy for android, decrypt HTTPS traffic and modify request and response.

Answer 3

You may try OWASP ZAP or Burp Suite. OWASP ZAP is completely free and provides a number of features.

Answer 4

See also Android : Capturing HTTP Requests with non-rooted android device.

I've recently tested HTTP Toolkit on Android emulator. It works and allows to capture and edit response from a server. Some functions are paid (in Pro version). Requires root priviledges on real devices.

You can also use Burp Suite or Fiddler.