Android : Capturing HTTP Requests with non-rooted android device

I have an android application which uses a third party jar in it. Http request is sent from third party jar to server when application is running. I need to capture HTTP Request that is sent from third party jar. I am wondering if there is an easy way to implement with non-rooted device

To start up : I tried downloading "proxyDroid" but it need rooted phone I have also tried downloading "shark for root" with "shark reader" which also need rooted device I tried many other applications which could capture the complete request but all it need is rooted device

I need something what fiddler/wireshark can do for windows. A network packet analyzer which could be easily integrated with android application that could give request object with all header fields in it.

You could install Charles - an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet - on your PC or MAC.

Config steps:

• Let your phone and PC or MAC in a same LAN
• Launch Charles which you installed (default proxy port is 8888)
• Setup your phone's wifi configuration: set the ip of delegate to your PC or MAC's ip, port of delegate to 8888
• Lauch your app in your phone. And monitor http requests on Charles.

There are many ways to do that but one of them is fiddler

Fiddler Configuration

1. Go to options
2. In HTTPS tab, enable Capture HTTPS Connects and Decrypt HTTPS traffic
3. In Connections tab, enable Allow remote computers to connect
4. Restart fiddler

Android Configuration

1. Connect to same network
2. Modify network settings
3. Add proxy for connection with your PC's IP address ( or hostname ) and default fiddler's port ( 8888 / you can change that in settings )

Now you can see the full log from your device in fiddler

Also, you can find a full instructions here

I just installed Drony. It's not shareware and does not require root on a phone with Android 3.x or above.

https://play.google.com/store/apps/details?id=org.sandrob.drony

It can intercept and log requests.

It's 2020 now, for the latest solution, you can use Burp Suite to sniffing https traffic without rooting your Android device.

Steps:

1. Install Burp Suite

2. Enable Proxy

3. Import the certification in your Android phone

4. Change you Wifi configuration to listening to proxy

5. Profit!

I wrote the full tutorial and screenshot on how to do it at here: https://www.yodiw.com/monitor-android-network-traffic-with-burp/

You can use fiddler as webdebugger http://www.telerik.com/fiddler/web-debugging

Fiddler is a debugging tool from telerik software, which helps you to intercept every request that is initiated from your machine.

you can use burp-suite. do follow below procedure.

Configure the Burp Proxy listener

In Burp, go to the “Proxy” tab and then the “Options” tab.In the “Proxy Listeners" section, click the “Add” button.

In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.Then select the “All interfaces” option, and click "OK".

Configure your device to use the proxy

In your Android device, go to the“Settings” menu.

If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, and tap the “Wi-Fi” button to access the "Wi-Fi" menu.

In the "Wi-Fi networks" table, find your network and tap it to bring up the connection menu.

Tap "Connect".If you have configured a password, enter it and continue.

Once you are connected hold down on the network button to bring up the context menu.Tap “Modify network config”.

Ensure that the “Show advanced options” box is ticked.

Change the “Proxy settings” to “Manual” by tapping the button.

Then enter the IP of the computer running Burp into the “Proxy hostname”.Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.Tap "Save".

Test the configuration

In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).

Open the browser on your Android device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA Certificate in your Android device.)

The request should be intercepted in Burp.

Set a https://mitmproxy.org/ as proxy on a same LAN

• Open Source
• Built in python 3
• Installable via pip
• Have a Docker image

SandroProxy seems to be better than Drony (by the same developer): You can (but do not have to) conveniently view and analyze the traffic in your PC's browser.

Should work in emulators as well.

If you're willing to use Genymotion (or another supported emulated device) you can use HTTP Toolkit, which can analyze and intercept/rewrite HTTP calls.

To install the app you want to investigate, Genymotion supports Open GApps (for Google Play support) and drag-and-drop for APK files.

HTTP Toolkit also works on real devices, but then it requires root priviledges to do it's job properly.