Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to sniff HTTPS traffic from Android emulator to remote server ?

I want to monitor HTTPS traffic from my application to remote server. I am trying to follow this instruction and it works for HTTP (without s), but not for HTTPS.

What is wrong? Should I write some custom code in my application to use https-proxy ?

like image 678
Ezh Avatar asked Aug 01 '12 08:08

Ezh


People also ask

How do I connect my Android emulator to the Internet?

Go to your Android\Sdk\emulator folder and open command prompt. Type emulator -list-avds to see available emulator names. Type emulator -avd name-of-your-device -netdelay none -netspeed full -dns-server 8.8. 8.8 command and press enter.

How to intercept HTTPS traffic from Android emulator?

Intercepting HTTPS Traffic from Android Emulator. 1 1. Configure Fiddler. Install Fiddler and run it. Under Tools > Options > HTTPS, enable “Decrypt HTTPS traffic” and allow a root CA certificate to be ... 2 2. Configure your Android device. 3 3. Not working? (certificate pinning)

How do I Capture HTTPS traffic from another app?

If the app who's traffic you want to capture supports a proxy then you can redirect the traffic via a proxy on the host. E.g. With Fiddler: enable “Decrypt HTTPS traffic”, activate "Allow remote computers to connect", export the CA and import the CA in in the emulator.

How to capture SSL traffic in emulator?

That needs to be activated at the end-point of the communication, thus on the app inside the emulator or at the server side. Depending on your situation there are several possibilities. If you can set up the SSLKEYLOGFILE inside the emulator, then you can still use the host to capture the traffic.

How to capture web traffic from Android devices with fiddler?

Run about:config in Fiddler QuickExec. Download the Fiddler root certificate. Install the certificate on your device. Now you should be able to capture HTTPS traffic too. Once you’re done debugging, don’t forget to remove the WiFi proxy from your device. This is all you need to know about capturing web traffic from Android devices with Fiddler.


1 Answers

The easiest way to do this is to use CharlesProxy to proxy your device or emulator traffic for you. The only extra step you need to do is to install the CharlesProxy SSL certificate on your device/emulator which is very straight forward:

Download the certificate from Charles Proxy (it's in their help menu) and place it on your device, then install via security settings on your device.

You then configure your device or emulators network connection to use a manual proxy and set it to the Charles Proxy address and port. Enable SSL proxying and your SSL connections will be securely routed end-to-end via Charles and Charles will be able to show you the content of requests and responses in the clear.

like image 115
Jerry Brady Avatar answered Sep 21 '22 09:09

Jerry Brady