Android : Capturing HTTP Requests with non-rooted android device
AndroidHttpHttp HeadersAndroid Problem Overview
I have an android application which uses a third party jar in it. Http request is sent from third party jar to server when application is running. I need to capture HTTP Request that is sent from third party jar. I am wondering if there is an easy way to implement with non-rooted device
To start up : I tried downloading "proxyDroid" but it need rooted phone I have also tried downloading "shark for root" with "shark reader" which also need rooted device I tried many other applications which could capture the complete request but all it need is rooted device
I need something what fiddler/wireshark can do for windows. A network packet analyzer which could be easily integrated with android application that could give request object with all header fields in it.
Android Solutions
Solution 1 - Android
You could install Charles - an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet - on your PC or MAC.
Config steps:
- Let your phone and PC or MAC in a same LAN
- Launch Charles which you installed (default proxy port is 8888)
- Setup your phone's wifi configuration: set the ip of delegate to your PC or MAC's ip, port of delegate to 8888
- Lauch your app in your phone. And monitor http requests on Charles.
Solution 2 - Android
There are many ways to do that but one of them is fiddler
Fiddler Configuration
- Go to options
- In HTTPS tab, enable Capture HTTPS Connects and Decrypt HTTPS traffic
- In Connections tab, enable Allow remote computers to connect
- Restart fiddler
Android Configuration
- Connect to same network
- Modify network settings
- Add proxy for connection with your PC's IP address ( or hostname ) and default fiddler's port ( 8888 / you can change that in settings )
Now you can see the full log from your device in fiddler
Also, you can find a full instructions here
Solution 3 - Android
I just installed Drony. It's not shareware and does not require root on a phone with Android 3.x or above.
https://play.google.com/store/apps/details?id=org.sandrob.drony
It can intercept and log requests.
Solution 4 - Android
It's 2020 now, for the latest solution, you can use Burp Suite to sniffing https traffic without rooting your Android device.
Steps:
-
Install Burp Suite
-
Enable Proxy
-
Import the certification in your Android phone
-
Change you Wifi configuration to listening to proxy
-
Profit!
I wrote the full tutorial and screenshot on how to do it at here: https://www.yodiw.com/monitor-android-network-traffic-with-burp/
Solution 5 - Android
You can use fiddler as webdebugger http://www.telerik.com/fiddler/web-debugging
Fiddler is a debugging tool from telerik software, which helps you to intercept every request that is initiated from your machine.
Solution 6 - Android
you can use burp-suite. do follow below procedure.
Configure the Burp Proxy listener
In Burp, go to the “Proxy” tab and then the “Options” tab.In the “Proxy Listeners" section, click the “Add” button.
In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.Then select the “All interfaces” option, and click "OK".
Configure your device to use the proxy
In your Android device, go to the“Settings” menu.
If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, and tap the “Wi-Fi” button to access the "Wi-Fi" menu.
In the "Wi-Fi networks" table, find your network and tap it to bring up the connection menu.
Tap "Connect".If you have configured a password, enter it and continue.
Once you are connected hold down on the network button to bring up the context menu.Tap “Modify network config”.
Ensure that the “Show advanced options” box is ticked.
Change the “Proxy settings” to “Manual” by tapping the button.
Then enter the IP of the computer running Burp into the “Proxy hostname”.Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.Tap "Save".
Test the configuration
In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).
Open the browser on your Android device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA Certificate in your Android device.)
The request should be intercepted in Burp.
Solution 7 - Android
Set a https://mitmproxy.org/ as proxy on a same LAN
- Open Source
- Built in python 3
- Installable via pip
- Have a Docker image
Solution 8 - Android
SandroProxy seems to be better than Drony (by the same developer): You can (but do not have to) conveniently view and analyze the traffic in your PC's browser.
Should work in emulators as well.
Solution 9 - Android
If you're willing to use Genymotion (or another supported emulated device) you can use HTTP Toolkit, which can analyze and intercept/rewrite HTTP calls.
To install the app you want to investigate, Genymotion supports Open GApps (for Google Play support) and drag-and-drop for APK files.
HTTP Toolkit also works on real devices, but then it requires root priviledges to do it's job properly.