Reputation: 31
Sniffing Android Application HTTPS Traffic
I have an application on an Android phone (emulator) which sends a https request. How I can see that request?
Upvotes: 2
Views: 6116
Answers (2)
Reputation: 81
That is easily possible with a software such as Fiddler or Charles. They have an inbuild SSL server that will position itself in between the app and the server. It is kind of a "Man-in-the-Middle" attack, just that you are only attacking yourself.
After installing the software on your PC you will have to set the IP address of this PC as proxy server in Android. And secondly you will have to install the Root Certificate that the software is using on your Android device.
As you are not breaking any encryption and not reverse engineering any application here, I don't think this will classify as illegal. And as you need to have physical access to the device, you also cannot spy on anyone else than yourself.
Upvotes: 6
Reputation: 52966
If you are communicating with your own server, and you have access to its private key, you can use Wireshark to capture packets and have it decrypt the HTTPS traffic. If you are trying to reverse engineer someone else's app, this may or may not be legal and generally cannot be done.
Upvotes: 0
Related Questions
- How to read all SSL traffic from Android phone?
- Sniffing SSL packets using Wireshark
- How to prevent my android app from sniffing?
- How to sniff HTTPS traffic from Android emulator to remote server ?
- SSL request from Android app
- TCPDUMP - Capturing Android HTTPS Data
- How to capture HTTPS(TLS 1.0) communications from Android App with Fiddler4?
- debugging https from android emulator
- Fiddler - Decrypt Android HttpsUrlConnection SSL traffic
- Log API calls on Android to sniff on SSL connection