How to intercept network traffic of an app for inspection on mac?

Question

I'd like to analyze what raw requests (maybe HTTP requests) sent by an app, for example, the Grammarly app. Could anybody show me how to do it? Thanks.

Answer 1

So, there are a couple of ways you can intercept the network traffic. You can inspect network traffic using the terminal by following:

• Open Terminal: Go to Applications > Utilities > Terminal to open the Terminal application.
• Check available network interfaces: Before capturing network traffic, you need to identify the network interface you want to monitor. To see the list of available network interfaces, run the following command: ifconfigLook for the network interface you want to monitor (e.g., en0 for Wi-Fi, en1 for Ethernet).
• Capture network traffic: Once you know the network interface, use the tcpdump command with sudo (requires administrator privileges) to capture the network traffic. Replace "en0" with your desired network interface: sudo tcpdump -i en0. By default, tcpdump will capture and display all network traffic on the specified interface. To stop the capture, press "Ctrl + C." - - Filter network traffic (optional): If you want to capture specific types of traffic, you can apply filters to tcpdump. For example, to capture only HTTP traffic, you can use the following filter: sudo tcpdump -i en0 port 80
• Save the captured data (optional): If you want to save the captured network traffic to a file for later analysis, you can redirect the output to a file using the ">" operator. For example: sudo tcpdump -i en0 > network_traffic.pcap

This blog has detailed steps on multiple ways you can inspect the network on Mac.

You can also use Requestly desktop app to inspect the network traffic on Mac.

Answer 2

Basically, you might need to use a man-in-the-middle app like Wireshark, Fiddler, Charles. Here I take an example of how I use Proxyman (the one I'm currently using now) to intercept HTTP requests/ responses:

- Step 1: Download and Setup Proxyman to override your Network Proxy. Once you've done, all HTTPs coming from/to you Mac should be captured like this

- Step 2: Here I want to see the response content of Product Hunt so I use Command F to search for specific URLs

- Step 3: As you can see, if I click a request/ response, it is still encrypted so I need to enable SSL Proxying to see the content. Just click button "Enable only this domain" or "Enable all domains from Product Hunt" and re-sent the request.

Tips: If you Right click the request --> choose Pin this domain, that URL would be isolated and then Proxyman would automatically enable SSL Proxying for you

You even can manipulate the requests/ responses using Advanced tools like Breakpoint, Map Local,... Hope it helps! (: