Intercept https communication from an Android application

Many Android applications communicate with severs using some form of REST API secured with TLS/SSL (so it’s  “https” protocol).  If it is your application or an open source application you know what’s going on from the source, but for third party application you still may be wondering (hopefully for legit reasons:-), what is this application sending to the server and what it gets back.  With help of few free tools it’s fairly easy to monitor encrypted traffic on your local computer (linux, but it will work on other systems too).

What is needed

Android SDK ( I downloaded it as part of Android Studio, but you can download only command line tools)
mitmproxy (special proxy that can help to decrypt https using “Man in the Middle” approach)
openssl tool (normally available in your linux distro, in Ubuntu install with sudo apt install openssl)

Setup

  • Install mitmproxy
  • Run it
  • Test it in local browser on an unencryped site to see how it works (set proxy in the browser to localhost:8080)
  • Get Android application .apk file
    There are many approaches, you can use some internet service, or use adb to extract from your phone via USB cable, or create an android emulator with Google Play, install application there and use adb to extract (same approach as in previous case).
  • Create emulator from bare android image (no Google Play and APIs), thus you will be able to get root access easily.
  • Now you need to install root certificate of mitmproxy dummy CA to the android image in the emulator into system wide certificates :

     
  •  Check on Android Settings/Security/Trusted credentials – there should be CA certificate with name mitmproxy
  • Now you restart emulator with proxy settings:
  • See traffic from the Android application in the mitmproxy

Alternative setups

I’ve found above described setup easiest, but you might need different setup for various reasons:

  • The application might ignore http_proxy settings intentionally – then you’ll need to set mitmproxy into transparent proxy mode
  • You can intercept traffic from physical phone, if you set your computer as wifi AP – setup is described here. You’ll need rooted device to install there system wide root certificate.

Results

If everything went OK you’ll be able to learn a bit more about application of your choice. For instance I learned that application was sending some information to facebook although it was not advertised anywhere and I do not have facebook account:

mitm

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">