Network anlysis is common need when analyzing Android Apps. In this article we will exmaine two tools to use as proxy in Android devices – MITM Proxy and Proxy Droid
What is MITM Proxy for Android
Mitmproxy is a powerful python tool that allows you to capture ingoing and outgoing HTTP or HTTPS data from a specific application or from all apps on the device. In this guide I will explain how to use Mitmproxy to capture data coming from an Android phone.
Installing MITM Proxy in Android
Mitmproxy is only available to Linux. Binaries found on https://mitmproxy.org or installation through the Python Package Index (PyPI) are the only officially supported methods. To install mitmproxy through PyPI, simply run the command pipx install mitmproxy (provided you have python 3.6 or higher installed).
Defining a Proxy on Your Wi-Fi:
If you wish to define a proxy for all of your W-iFi traffic, you must go to Wi-Fi Options, then long press on your network’s name and select ‘modify network’.
Then select manual proxy, and write in your localhost and the desired port (in the example below: 10.0.0.7 and 8080 respectively).
Installing the Certificate on Your Android Device
Now mitmproxy should run properly. Your browser will complain that the connection is unsafe and other apps won’t connect to the internet at all! To solve that, you must install the correct certifications on your device. Go to your browser, and type in the URL line: mitm.it. If you are running mitmproxy, it will lead you to a page where you can download the correct pre-made certificates.
Select the android certification and download it. Now look up ‘Trusted Credentials’ on your options.
Select install from storage, then name your certificate whatever you like.
Now move the CA certificate to the system partition and reboot. Congratulations, you can now capture all data coming or going from your device. Just remember to have mitmproxy running on your computer. If you wish to freely use the internet again, you can simply revert your Wi-Fi to use no proxy.
Running MITM proxy on Android
In order to send or receive data from your device, you must have mitmproxy listening on that port. This way it can pass the data along to the web. Simply shoot up your terminal, and if you are using the default port write mitmproxy, otherwise, write mitmproxy -p [port number]. If you wish to forgo the Textual User Interface (TUI), you can instead run mitmdump.
ProxyDroid – Defining a Proxy Over a Single Application
You might want to monitor the traffic of specific applications rather than all apps on the device. This is possible as well, and in this guide I will use the app ProxyDroid. You can download the app from Google Play Store. Open the tool, set up your localhost and port, and untick the ‘Global Proxy’ box. Then press ‘Individual Proxy’ to choose the app(s) you wish to monitor.