How to debug HTTP (S) traffic on Android

Transferred from: Http://greenrobot.me/devpost/how-to-debug-http-and-https-traffic-on-android/

How to debug HTTP (S) traffic on Android front words

In Android development we often deal with the API, you may not want to, but this is not open. In most cases, it is painful to debug the process of sending network requests and receiving responses.

How many times did we debug the Discovery API's call failed simply because our code was wrong or missing an HTTP header parameter? In the course of debugging, we find that the cause of the error is strange. In short, it is not an easy thing to see what the final request looks like, and so is the response.

If you encounter difficulties, please use the agent

There are a variety of ways and means to solve such problems, but what I would like to share today is the quickest, easiest and most feasible way I see it.

Because debugging HTTP requests and responses is tedious (debugging HTTPS is more cumbersome), the best tool you can use on this premise is the proxy. Of course, you certainly know what an agent is, so I'm not going to go over its definition.

In the existing proxy tools, their usage, features and operating system compatibility are different, how to choose a suitable agent? If you want me to say, simply, use mitmproxy.

Mitmproxy

I have no words to describe Mitmproxy's convenience and strength. With the Mitmproxy official online introduction in a word, is "aninteractive, ssl-capable Man-in-the-middle proxy for HTTP with a console interface". Yes, you can manipulate it through the console; Yes, it also supports HTTPS; Yes, it allows "interception, detection, modification, and playback of traffic"; Yes, it's cross-platform, because it's written in Python. By the right, I said it was completely free of this thing?

It is also fairly easy to use. Once you have installed it, you can start it by entering the following command in the console:

1	$ mitmproxy [-b ip_addr] [-p PORT]

The agent is already running and you can start intercepting network traffic. Next you need to configure your Android phone to redirect all traffic to the proxy server address set in the previous command (IP_ADDR + PORT).

Proxy settings app: "Proxy Settings"

Now we need to configure the proxy on the Android phone. The steps are as follows:

1. Enter Android Wi-Fi settings
2. Long press the current connected network
3. Select the "Modify Network" option
4. Tick "Show advanced Options"
5. Enable the proxy server and set the proxy to "manual"
6. Enter the IP address and port that you previously set.

If you want to disable the proxy similarly. Now the Android side of the setup is done.

Do you feel a little headache on the steps above? No hurry! Fortunately there is a proxy Settings this app. With the proxy Settings, the above tedious steps become unusually simple. With this lightweight app, you can easily turn on or off proxy settings in your network connection with just a few clicks.

Use of Proxy Settings

With proxy Settings, you can create multiple proxy configurations. When you want to enable one, just click on the currently connected network, enable the agent, and select the configuration you need. If you want to disable the agent, click Connect and disable it.

It's so simple, right, it doesn't need root permission?

So how do I debug HTTPS?

As mentioned earlier, Mitmproxy also supports HTTPS interception. This feature allows you to debug the API in your production environment with the exception of keeping the API endpoint unchanged. However, due to the way HTTPS works, we need to install a custom SSL certificate that allows Mitmproxy to decrypt the intercepted traffic.

The steps that sound like HTTPS interception seem a bit cumbersome, in fact it's very simple. You can simply follow the Setup Guide on the Mitmproxy website to easily complete the setup. Remember to add an additional parameter when starting Mitmproxy, as shown in the following command:

1	$ mitmproxy -a ip_addr -p PORT --no- Upstream-cert

But here's a little problem. Android saves the SSL certificate in an encrypted form, which is the user-set phone unlock information. That is, before you install any SSL certificate on Android, you will be prompted to set the way to unlock your phone, such as entering a pin, password, or a pattern.

Debug 3g/4g

3G/4G It is more difficult to set up an agent in this case. There are no proxy settings interfaces for 3G/4G connections in system settings. But! You can use the "Move Hotspot" feature on your phone to set up the agent in the case of 3g/4g. What you have to prepare is:

1. An Android phone that can connect to the 3G/4G network
2. One phone with "developer mode" turned on (another one)
3. your laptop computer.

The next steps are simple:

1. Activate the mobile Hotspot feature on the first phone
2. Connect your laptop to a mobile hotspot with a second phone ("Open developer Mode")
3. Start Mitmproxy on the laptop and set the IP address to the corresponding hotspot (usually 192.168.43.xxx, etc.)
4. Use proxy settings on the second phone to set up the agent

OK, in the case of 3g/4g, this is how the proxy is set.

Summarize

So far, I've tried two other proxy tools, Charles and fiddler. But Mitmproxy the two of them. Charles may be the closest in terms of functionality, flexibility and operating system support in these areas and mitmproxy, but it's not free and two not open source. For Fiddler, it can only be used on Windows platforms.

The combination of Mitmproxy + Proxy Settings saves me a lot of heart, I hope they can also be used for you.

If you have a better solution, remember to tell me.

This article is translated from the Music app Musixmatch company advanced Android Engineering Sebastiano Gottardo. Original address: https://medium.com/@rotxed/how-to-debug-http-s-traffic-on-android-7fbe5d2a34

UPDATE: There is a classmate reaction to this tool in the end how to use is not very clear, so I intend to add some practical text on the basis of this article, and later found that the space is too bloated, simply a new article about Mitmproxy practice, I hope to give you some inspiration.

How to debug HTTP (S) traffic on Android