Monitoring browser network traffic on Android using mitmproxy

By admin
Using mitmproxy to intercept your packets is a convenient way to inspect a browser’s network traffic.

It’s pretty straightforward to setup on a desktop computer:

Install mitmproxy ( apt install mitmproxy on Debian) and start it: mitmproxy –mode socks5 –listen-port

9000
CARDINAL

Start your browser specifying the proxy to use: chrome –proxy-server="socks5://localhost:9000" brave-browser –proxy-server="socks5://localhost:9000" Add its certificate authority to your browser.

At this point, all of the traffic from that browser should be flowing through your mitmproxy instance.


Android
ORG

setup

On

Android
ORG

, it’s a little less straightforward:

Start mitmproxy on your desktop: mitmproxy –mode regular –listen-port

9000 Open
PRODUCT

that port on your desktop firewall if needed. On your

Android
ORG

device, change your WiFi settings for the current access point: Proxy: Manual Proxy hostname:

192.168.1.100
CARDINAL

(IP address of your desktop) Proxy port:

9000
CARDINAL

Turn off any VPN. Turn off WiFi. Turn WiFi back on. Open http://mitm.it in a browser to download the certificate authority file. Open the system Settings, Security and privacy, More security and privacy,

Encryption &
ORG

credentials, Install a certificate and finally choose

CA
GPE

certificate. Tap Install anyway to dismiss the warning and select the file you just downloaded.

Once you have gone through all of these steps, you should be able to monitor (on your desktop) the HTTP and HTTPS requests made inside of your

Android
ORG

browsers.

Note that many applications will start failing due to certificate pinning.