Reputation: 619
How to sniff HTTPS traffic from Android emulator to remote server ?
I want to monitor HTTPS traffic from my application to remote server. I am trying to follow this instruction and it works for HTTP (without s), but not for HTTPS.
What is wrong? Should I write some custom code in my application to use https-proxy ?
Upvotes: 14
Views: 24307
Answers (4)
Reputation: 3080
The easiest way to do this is to use CharlesProxy to proxy your device or emulator traffic for you. The only extra step you need to do is to install the CharlesProxy SSL certificate on your device/emulator which is very straight forward:
Download the certificate from Charles Proxy (it's in their help menu) and place it on your device, then install via security settings on your device.
You then configure your device or emulators network connection to use a manual proxy and set it to the Charles Proxy address and port. Enable SSL proxying and your SSL connections will be securely routed end-to-end via Charles and Charles will be able to show you the content of requests and responses in the clear.
Upvotes: 6
Reputation: 1
https means http secure, so it obviously can't be sniffed so easily. what would be the point if it would be the same unsecure thing as normal http?
you have to learn a bit more about secure network comunications. or, long story short, at least you will have to learn how to use a specilly devised http proxy like charles http://www.charlesproxy.com/documentation/welcome/ so you will be able to monitor you own https traffic in a clear form.
Upvotes: -4
Reputation: 1574
Do you mean you can't see the traffic at all or do you get it encrypted? Is this a web application or native application? which Android version are you using? phone or emulator?
Normally, if you set up the proxy properly, you will get the traffic, but encrypted so you can't read it. In order to see the actual content in Fiddler you would need your device to trust Fiddler's root certificate (used to create fake certificates on the fly). See this:
http://www.fiddler2.com/fiddler/help/httpsdecryption.asp
Unfortunately, I have not found a way to add root certificates to an android device other than rooting it and replacing the certificate store (like this)
Upvotes: 0
Reputation: 1969
I'm using WireShark for sniffing, it allow you to monitor and filter raw data. But because you using https and all transactions encrypted i suppose it can't help you. May be you can switch from https to http for debug, and later when all will be works fine change protocol back to https
Upvotes: 0
Related Questions
- Sniffing Android app's HTTPS traffic from Fiddler fails with only 'Tunnel To' entries in Fiddler
- Sniffing Android Application HTTPS Traffic
- Capture Android Emulator traffic using Fiddler
- Capturing Android applicataion traffic using FIddler
- How to capture HTTPS(TLS 1.0) communications from Android App with Fiddler4?
- Debugging HTTPS requests/responses with Fiddler on Android Phone don`t work
- debugging https from android emulator
- Capture traffic from Android emulator to localhost?
- Fiddler - Decrypt Android HttpsUrlConnection SSL traffic
- Debugging HTTPS traffic with Fiddler on Windows Phone Emulator