Debugging Mobile Apps with mitmproxy

Sean Wragg
Aug 6, 2017 · 5 min read

Ever wonder exactly what network connections your favorite mobile app is making? In this small walkthrough, we’ll use mitmproxy to gain insight into how some of our favorite mobile apps work.

Before getting started though, it’s worth mentioning that there are plenty of other tools that allow use to do the same; such as: Fiddler and Charles Proxy. I prefer mitmproxy for it’s simplicity. Fiddler is a close second as it provides far more rich network details (and Websocket frame inspection 👍)


Image for post


This is what we’ll use to proxy information from our mobile device to our PC. mitmproxy is available for most devices: iPhone, Android and Windows phone on macOS, Windows and linux. For our example, we’ll be using an Android device on macOS Sierra.


$ brew install mitmproxy


$ mitmproxy

On mac, it couldn’t be much simpler to install and use. However, on Windows, you’ll need to use the mitmweb client.

Once you invoke mitmproxy, you should see a black screen in your terminal like the image above.

In order to use this proxy though, we’ll need to make a small configuration change on our mobile device. But before doing so, we’ll want to obtain our PC’s IP address by using ifconfig (or ipconfig for Windows).

Image for post

As highlighted above, our (internal) network IP is

Mobile Proxy Configuration

Once you have mitmproxy installed and listening for activity, we can then configure our Mobile device to use the proxy.

For Android, you’ll want to go into your Mobile Device’s Network Connection settings and long press the network in which you wish to use your proxy on (the same one your PC is connected to).

Ours is FBI Counter Intel 😃

Image for post

Once configuring your network, you’ll need to go down to Advanced Settings in order to configure the proxy.

Here, we use the same IP address we obtained earlier along with 8080 (mitmproxy’s default) for the port.

Image for post

Installing mitmproxy certificate


If all went well up until this point, you should be able to hit the URL above and download the certificate (which allows the proxy to sniff data).

Image for post

If you’re able to hit from your mobile device (which is a non-existing/proxy specific url), you should now be able to see traffic starting to appear in your terminal.

Image for post

To leverage the mitmproxy output, you can use directional keys (mainly, up and down) to cycle through requests and a few other shortcuts to navigate further.

  • If you hit ENTER on any request, you can see more information such as request and response headers, etc.
  • You can use TAB to switch between Request, Response and Detail tabs.
  • Hit q to go back to the request list.

So if we wanted to review more information on the initial request our Android device made, we could hit ENTER and see the following.

Image for post

Mobile Application Debugging

From here, the sky is the limit (with a few exceptions). Some applications are clever enough to detect when a proxy is used — and just refuse to work under those conditions. That said, most applications work going this route.

Let’s take a quick look at Kiloo’s Subway Surfers. You may remember this game from not too distant past. At 24 million installs via the Google Play store, this game is still running strong (get it?) and is definitely one of my favorites.

For the record, it’s probably worth mentioning that this likely breaks their EULA. Eh, I paid for Double Coins power up on iOS and was unable to port that feature over when switching to Android. For that, they get to be the subject of this demo — plus, it really is a fun game if you haven’t tried it.

Image for post

Simply opening the Subway Surfers app, creates a lot of buzz within our mitmproxy terminal.

Image for post

Also, if you’ve been using the mitmweb app, your output should look similar to the following:

Image for post

And just like before, we can hit ENTER to see more details.

An interesting sidenote, this is a great way to understand how a particular application is built. By simply examining the request headers, we can see that this is a Unity powered game on version 5.5.1f1

Image for post

Diving further, one popular quest within the game is the Daily Challenge in which, players are required to collect Letters that spell a given word.

Image for post

And by looking at the request data, we can see where this Word of the day comes from — and even more detail; they’re using Apache and PHP 😅

Image for post

Hope this helps!

Happy debugging!


Code, Comics, and Fhqwhgads!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store