Debugging Mobile Apps with mitmproxy

Ever wonder exactly what network connections your favorite mobile app is making? In this small walkthrough, we’ll use mitmproxy to gain insight into how some of our favorite mobile apps work.

Before getting started though, it’s worth mentioning that there are plenty of other tools that allow use to do the same; such as: Fiddler and Charles Proxy. I prefer mitmproxy for it’s simplicity. Fiddler is a close second as it provides far more rich network details (and Websocket frame inspection 👍)

Prerequisites:

• A mobile device connected to same network as your proxy PC
• mitmproxy — https://mitmproxy.org/

mitmproxy

This is what we’ll use to proxy information from our mobile device to our PC. mitmproxy is available for most devices: iPhone, Android and Windows phone on macOS, Windows and linux. For our example, we’ll be using an Android device on macOS Sierra.

Installation:

$ brew install mitmproxy

Usage:

$ mitmproxy

On mac, it couldn’t be much simpler to install and use. However, on Windows, you’ll need to use the mitmweb client.

Once you invoke mitmproxy, you should see a black screen in your terminal like the image above.

In order to use this proxy though, we’ll need to make a small configuration change on our mobile device. But before doing so, we’ll want to obtain our PC’s IP address by using ifconfig (or ipconfig for Windows).

As highlighted above, our (internal) network IP is 192.168.1.13.

Mobile Proxy Configuration

Once you have mitmproxy installed and listening for activity, we can then configure our Mobile device to use the proxy.

For Android, you’ll want to go into your Mobile Device’s Network Connection settings and long press the network in which you wish to use your proxy on (the same one your PC is connected to).

Ours is FBI Counter Intel 😃

Once configuring your network, you’ll need to go down to Advanced Settings in order to configure the proxy.

Here, we use the same IP address we obtained earlier along with 8080 (mitmproxy’s default) for the port.

Installing mitmproxy certificate

Visit: http://mitm.it

If all went well up until this point, you should be able to hit the URL above and download the certificate (which allows the proxy to sniff data).

If you’re able to hit mitm.it from your mobile device (which is a non-existing/proxy specific url), you should now be able to see traffic starting to appear in your terminal.

To leverage the mitmproxy output, you can use directional keys (mainly, up and down) to cycle through requests and a few other shortcuts to navigate further.

• If you hit ENTER on any request, you can see more information such as request and response headers, etc.
• You can use TAB to switch between Request, Response and Detail tabs.
• Hit q to go back to the request list.

So if we wanted to review more information on the initial mitm.it request our Android device made, we could hit ENTER and see the following.

Mobile Application Debugging

From here, the sky is the limit (with a few exceptions). Some applications are clever enough to detect when a proxy is used — and just refuse to work under those conditions. That said, most applications work going this route.

Let’s take a quick look at Kiloo’s Subway Surfers. You may remember this game from not too distant past. At 24 million installs via the Google Play store, this game is still running strong (get it?) and is definitely one of my favorites.

For the record, it’s probably worth mentioning that this likely breaks their EULA. Eh, I paid for Double Coins power up on iOS and was unable to port that feature over when switching to Android. For that, they get to be the subject of this demo — plus, it really is a fun game if you haven’t tried it.

Simply opening the Subway Surfers app, creates a lot of buzz within our mitmproxy terminal.

Also, if you’ve been using the mitmweb app, your output should look similar to the following:

And just like before, we can hit ENTER to see more details.

An interesting sidenote, this is a great way to understand how a particular application is built. By simply examining the request headers, we can see that this is a Unity powered game on version 5.5.1f1

Diving further, one popular quest within the game is the Daily Challenge in which, players are required to collect Letters that spell a given word.

And by looking at the request data, we can see where this Word of the day comes from — and even more detail; they’re using Apache and PHP 😅

Hope this helps!

Happy debugging!