Monitoring browser network traffic on Android using mitmproxy

Created on November 12, 2023 at 11:04 am

Using mitmproxy to intercept your packets is a convenient way to inspect a browser’s network traffic.

It’s pretty straightforward to setup on a desktop computer:

Install mitmproxy ( apt install mitmproxy on Debian) and start it: mitmproxy –mode socks5 –listen-port 9000 CARDINAL Start your browser specifying the proxy to use: chrome –proxy-server="socks5://localhost:9000" brave-browser –proxy-server="socks5://localhost:9000" Add its certificate authority to your browser.

At this point, all of the traffic from that browser should be flowing through your mitmproxy instance.

Android ORG setup

On Android ORG , it’s a little less straightforward:

Start mitmproxy on your desktop: mitmproxy –mode regular –listen-port 9000 Open PRODUCT that port on your desktop firewall if needed. On your Android ORG device, change your WiFi settings for the current access point: Proxy: Manual Proxy hostname: CARDINAL (IP address of your desktop) Proxy port: 9000 CARDINAL Turn off any VPN. Turn off WiFi. Turn WiFi back on. Open in a browser to download the certificate authority file. Open the system Settings, Security and privacy, More security and privacy, Encryption & ORG credentials, Install a certificate and finally choose CA GPE certificate. Tap Install anyway to dismiss the warning and select the file you just downloaded.

Once you have gone through all of these steps, you should be able to monitor (on your desktop) the HTTP and HTTPS requests made inside of your Android ORG browsers.

Note that many applications will start failing due to certificate pinning.

Connecting to Connected... Page load complete