Inspecting (HTTPS) Network Traffic of any Android App

Android Studio provides you the option to inspect the network traffic of your own app in the Profile tab. There might be situations where you would like to see what API calls are being made from a production app. For example, when reviewing/testing current and old production builds of an app or doing a security review of an app (e.g. sideloading APKs).

In those cases it can be handy to have a specially prepared Android Virtual Device (AVD) ready to see what an app might be doing. 

This guide will explain how to setup a specially prepared AVD that you can use to monitor any network traffic of any app installed in the emulator even when it’s communicating over a secure connection (HTTPS). Since this method does not work with the “Google Play Enabled” AVDs provided in Android Studio, I’ll show you a workaround for this as well since many apps do rely on functionality from the Google Play Services framework.

(Published May 7, 2021)

Installing mitmproxy

To inspect the network traffic, we will be using mitmproxy (this guide will use mitmweb a web interface so that you can use your browser to inspect the traffic). As the name indicates, it is able to view the network traffic by adding itself as a proxy between the app and the (api) server.

Depending on your OS, you should follow this install guide: https://docs.mitmproxy.org/stable/overview-installation/

Since I’m on a Mac, I used brew to install it. The rest of the guide will assume you’re on a Mac but you should be able to adapt to any changes required for your platform.

Creating the AVD

  1. Click “Create Virtual Device”
  2. Select a non play store device. I will use a Pixel 3 XL for this example
  3. Select a system image. From my experience API level 28 and ABI x86 (Android 9.0) works best. Newer API levels might prevent you from uploading your custom (CA) certificates.
  4. Don’t launch the AVD from the AVD Manager yet.

Downloading the Google Play Services framework to side load

  1. Go to https://opengapps.org/
  2. Select x86 as platform, 7.0 for Android version and pico for the variant
  3. Download and extract the zip file.
  4. There will be a bunch of zip files, you’re looking for the Phonesky.apk and GoogleLoginService.apk files

Preparing the AVD

  1. Open up your terminal
  2. Assuming you have your platform tools exposed in your $PATH you can type this to see what emulators are available on your system (including the one you just created):
    $ emulator -list-avds
  3. By default (when launched from the AVD Manager) we won’t be able to write any files to the system folders. To launch the emulator with writable system folders use this command:
    $ emulator -avd Pixel_3_XL_API_28 -writable-system

Adding in the modifications for Google Play services

  1. Open up a new tab in your terminal
  2. $ adb root
  3. $ adb remount
  4. $ adb push Phonesky.apk /system/priv-app/
  5. $ adb push GoogleLoginService.apk /system/priv-app/

Adding in the modifications for MITMproxy

  1. $ cd ~/.mitmproxy/
  2. $ adb shell "mount -o rw,remount /"
  3. replace c8750f0d.0 in the following commands with what’s available in your folder. Additional details can be found here: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
    $ adb push c8750f0d.0 /system/etc/security/cacerts
  4. $ adb shell "chmod 664 /system/etc/security/cacerts/c8750f0d.0"

Reboot the emulator

  1. $ adb reboot

Launching MITMproxy

  1. In your terminal run:
    $ mitmweb
  2. It should open your default browser and will be listening on port 8080

Setup the Proxy on the emulator

  1. Go to your network settings on the emulator
  2. Add in your local IP (use ifconfig to find it) and port 8080
  3. Open up the browser on the emulator and check the result of the page mitm.it
  4. You should start seeing messages in your MITMweb tab.

Now you should be ready to inspect some network traffic 🔍.

Leave a reply