Analyzing network requests on Android

You may have needed to see all commmunication for your app to the server. Perhaps you’ve inherited the codebase from someone else, or it relies on a library and you want to see how the server requests look. Or you’re just curious to see why your device is accessing the network, and if a questionable app is sending some private information without your consent. The easiest way I found is to use mitmproxy, a python man-in-the-middle proxy, which logs all requests. Here is a step by step guide to get it working in Android.

1. Make sure you have your Python environment setup. The exact details differ depending on what OS you’re using. Make sure to install pip as well.

2. Install mitmproxy. If you have installed pip in the previous step, this should be as simple as running:

pip install mitmproxy

3. Run mitmproxy. I had to provide a different port number than the default, because that one was used by apache I have running locally.

mitmproxy -p 9500

4. Take a note of your computer’s local IP

ifconfig

5. Make sure your Android device is connected to the same network as your computer running mitmproxy. Go into Settings -> Wi-Fi and long press the currently selected network.

6. Select “Modify Network config” in the dialog that pops up. Check “Show advanced options” checkbox.

7. Under “Proxy Settings” select “Manual”. Under “Proxy host” enter your computer IP address. Under “Proxy port” enter the port that mitmproxy runs on – in my case 9500.

8. You will now see requests listed in the mitmproxy window as they are generated by the device. You can navigate to the request you want to examine using arrow keys, and view more details, such as full request headers and response from the server.

The mitmproxy script has a lot more options that you can explore as you need them – for example, you can inject an SSL certificate into the device to capture SSL requests. Check out the mitmproxy documentation for more information.