How to intercept HTTPS Traffic on Android Devices and Android Emulators?
This mini-blog will guide you on how to start intercepting HTTPS Traffic from Android Devices and Android Emulators.
1. Intercept HTTPS Traffic
Intercepting HTTPS traffic on Android Devices and Android Emulators is more complicated than iOS.
If you've struggled to config XML settings, let check out this sample project that we've already configured for you:
Read the original blog at Sample Android Project from Proxyman Doc
2.1 Prepare
- Android Studio 4.0.1
- Pixel 3 Emulator with API 29 (We suggest that we should create a brand-new Emulator device rather than using the current one. Visit Android Virtual Devices windows in Android Studio)
- Download a NetworkConnect sample project.
2.2 Set Wifi Proxy to Proxyman
- Open your Android Emulator -> Setting app -> Wifi: Make sure your Wifi connection is good. Sometimes, it's "Limited Connection" that you could not set the Wifi Proxy. If it happens, please remove the emulator and create a new one again.
- Click on the Wifi then clicking on Edit Button in two places
- Start set HTTP Proxy that the same IP and Port value from Android Guideline (Proxyman app -> Certificate -> Install Certificate on Android Devices)
Make sure the Proxy Hostname and Port match with the values in (Proxyman app -> Certificate -> Install Certificate on Android Devices)
2.3 Download and Install Proxyman Certificate
- Open Google Chrome on your Android Emulator
- Visit http://proxy.man/ssl
- Download the Certificate and select VPN and App Category
If you could not access http://proxy.man/ssl, it means Wifi Proxy doesn't work. Please try to delete your Android Emulator and create a new one in Android Virtual Devices Manager from Android Studio
Turn OFF / ON the Wifi in Emulators might do the trick
- At this stage, please verify that everything is good before moving to the next stage
2.4 Start the sample project
- After config the Proxy Wifi on your Android Emulator, please make sure to stop the sample app if you're opening
- Make sure Proxyman app is opening
- Start the sample project again in Android Studio and click the Fetch button on the top right navigation bar
![Intercept HTTPS Traffic on Android Devices](/assets/blog/intercept-https-android-devices-emulators/8.png">
- At this stage, you can see HTTPS Traffic on Proxyman -> Select google.com domain and enable SSL
- Try to click the Fetch button again to see HTTPS Content on Proxyman. All done
If you still encounter SSL Error, it means your Android Studio doesn't recognize Proxyman Certificate yet. Please Stop the app and Start again in Android Studio, then try again!
3. Sample Config
The following is the config that you can intercept HTTPS Traffic from https://google.com
You're only able to see HTTPS content from the www.google.com domain because it's hardcoded in the network-config. In your real application, please make sure you've added all domains that you're going to intercept. Read more
- AndroidManifest.xml
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.android.networkconnect"
android:versionCode="1"
android:versionName="1.0">
<!-- Min/target SDK versions (<uses-sdk>) managed by build.gradle -->
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<application
android:label="@string/app_name"
android:icon="@drawable/ic_launcher"
android:theme="@style/Theme.Sample"
android:allowBackup="true"
android:networkSecurityConfig="@xml/network_security_config">
<activity
android:name="com.example.android.networkconnect.MainActivity"
android:label="@string/app_name"
android:uiOptions="splitActionBarWhenNarrow">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>
- res/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!--Set application-wide security config using base-config tag.-->
<!--Set domain-specific security config using domain-config tags. -->
<!--See https://developer.android.com/training/articles/security-config.html for more information.-->
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<domain-config>
<domain includeSubdomains="true">www.google.com</domain>
<trust-anchors>
<certificates src="user"/>
<certificates src="system"/>
</trust-anchors>
</domain-config>
</network-security-config>
4. Troubleshooting
Depend on Android Emulator and APIs version, you might encounter some errors.
-
After setting the Wifi Proxy in Android Studio, I could not visit http://proxy.man/ssl => Please try to restart the Emulator and make sure the Wifi Status in Emulator is "Connected" => Delete your Android Emulator and create a new one
-
I get SSL Errors when intercepting HTTPS traffics => Sometime, your Android Emulator doesn't load Proxyman Certificates => Please stop the project and start again. => Make sure your domains are listed in res/xml/network_security_config.xml
Proxyman is a high-performance macOS app, which enables developers to capture HTTP/HTTPS requests from apps and domains on iOS device, iOS Simulator and Android devices.
Get it at https://proxyman.io