Intercept iOS/Android Network Calls using mitmproxy

Gaurav Sharma
Oct 30, 2018 · 5 min read

Being a QA Engineer you might have come across a situation when you want to have a look at what API calls your iOS app is making.

The data which you are looking at, how it reaches you.

If you do a quick google search you will find there are numerous options available.

Then why mitmproxy?

For me, I prefer mitmproxy as it can be used within the shell.

Some of the other tools which get the job done are Charles Proxy and Burp Suite

mitmproxy comes very handy when you need to intercept network calls and gets the job done with the very minimal effort required to set it up. For instance, you might want to know what your favorite social app(What’s app, Instagram etc.) what data it is sending behind the scenes.

The tool takes 10 minutes to install and get started with. This can be used across all platforms but we’ll take the case for a macOS.

How Mitmproxy works

Mitmproxy sits in the middle of connection(classic man in the middle) between your phone/computer and the internet.

For more information check out this blog.

Image for post
Image for post

We are going to look at the flow of traffic between our favorite app and the internet on large.

App sends information to Mitmproxy and then tell Mitmproxy to send all information to the internet at large, which will then send back information and on and on. Your phone and computer send information to a router which in turn directs it to the company’s servers or mobile app you are trying to interact with. Mitmproxy decrypts SSL encrypted or HTTPS traffic for you to see. The traffic is sent in packets. Mitmproxy unencrypts it for us by installing a certificate on your phone or computer such that is sends Mitmproxy the information which is easy to understand from a user’s perspective.

Installation

For folks using a mac machine, it’s a delight to set up mitmproxy and get it up and running.

Mitmproxy can be installed easily using Homebrew.

If you don’t have homebrew set up open the terminal and paste the following :

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Wait for the installation to be completed.

Install mitmproxy using :

Once the above step is done type mitmproxy in terminal window

Image for post
Image for post
mitm proxy first look

On a Mac Machine Go to System PreferenceNetwork. On the left side, you can find which network is working wifi or you are connected to a wired network. It is recommended that you use wifi. Unplug the ethernet if you are connected to a wired network.

Click on Advance and click on TCP/IP tab. Check out the image for reference.

Image for post
Image for post
Network Settings

You’ll need the highlighted IPv4 address.

Setting up your iPhone

  1. First, we need to send iPhone’s information to your computer.

2. Go to Settings → Wi-Fi and click on the blue “i” next to the name of the network your iPhone is connected to then scroll Down to HTTP PROXY

3. Tap on Configure Proxy and Select manual. Use the Ipv4 address as server address and port as 8080(mitm proxy works on 8080 as default)

Image for post
Image for post
Settinngs for an iPhone

4. Start mitmproxy on your Mac's terminal. On your iPhone launch safari and in address bar type address mitm.it

Image for post
Image for post

5 . Select Apple and install the certificate. To verify go to Settings → General → Profile (iOS 11) and Settings → General → Device Management on iOS 9 and above devices.

We are almost there, to finish Navigate to Settings → General → About → Certificate Trust Settings. (iOS 10 and above devices). Turn on the toggle button to trust the mitm root certificate.

Horray! we are all good and ready to roll !.

Image for post
Image for post

You should see something like this on your computer while browsing your favorite app which should show HTTP and HTTPS packets. No HTTPS means you have problems with your certificate installation and no packets at all could indicate a problem with your network settings.

Setting up your Android Phone.

1.For Android, you’ll have to navigate to Settings → WiFi. Long press on network name and tap on Modify network.(Depends upon the device you are using)

Image for post
Image for post

2. Next step is to change the Proxy Settings. Tap on Show Advance options and you’ll find Host Name, Port. Use the same information as we did when setting up the iPhone.

3. Open your favorite browser(Chrome) on your Android and address bar type address mitm.it. This is similar to what we did on Safari while setting up the iPhone.

4. Open the certificate, as a security measure Android OS prompts you to set up a pin/pattern if not set before. Refer to screenshot. You might want to save it with a name. In my case, i saved it with mitm.

Image for post
Image for post

Now you should now be able to see traffic starting to appear in your terminal. I am using Box app in my case to monitor http traffic.

Image for post
Image for post

Few Pointers :

  • If you hit ENTER on any request, you can see more information such as request and response headers.
  • You can use TAB to switch between Request, Response and Detail tabs.
  • Hit q to go back to the request list.

Happy Reading!

TestVagrant

Solving testing problems intuitively and intelligently

Gaurav Sharma

Written by

TestVagrant

Testvagrant is a test engineering company which helps shape the testing strategy and take Products a step closer to having a faster, accurate, and more predictable release.

Gaurav Sharma

Written by

TestVagrant

Testvagrant is a test engineering company which helps shape the testing strategy and take Products a step closer to having a faster, accurate, and more predictable release.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store