Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

debugging https from android emulator

I have an android(4.2) app that uses the https to talk to the webservice. I want to debug/log every https that goes out. I have fiddler and wireshark to debug them, but everything looks encrypted. can a man-in-middle attack be setup with emulator and fiddler/wireshark to decode and display the http url and its params?

like image 465
Vijay Veeraraghavan Avatar asked Jan 28 '13 08:01

Vijay Veeraraghavan


People also ask

Do Android apps use https?

HTTPS will now be the default for all Android Apps.


1 Answers

You can use a MITM proxy, such as Burp. Once you install the CA certificate as trusted on the device/emulator, you will be able to decrypt SSL traffic.

Also, if you have the server private key (i.e., it is your own server), you can decrypt traffic intercepted with Wireshark if really need low-level info.

like image 105
Nikolay Elenkov Avatar answered Sep 27 '22 18:09

Nikolay Elenkov