Published in


Intercept iOS/Android Network Calls using mitmproxy

Being a QA Engineer you might have come across a situation when you want to have a look at what API calls your iOS app is making.

The data which you are looking at, how it reaches you.

If you do a quick google search you will find there are numerous options available.

Then why mitmproxy?

For me, I prefer mitmproxy as it can be used within the shell.

Some of the other tools which get the job done are Charles Proxy and Burp Suite

mitmproxy comes very handy when you need to intercept network calls and gets the job done with the very minimal effort required to set it up. For instance, you might want to know what your favorite social app(What’s app, Instagram etc.) what data it is sending behind the scenes.

The tool takes 10 minutes to install and get started with. This can be used across all platforms but we’ll take the case for a macOS.

How Mitmproxy works

Mitmproxy sits in the middle of connection(classic man in the middle) between your phone/computer and the internet.

For more information check out this blog.

We are going to look at the flow of traffic between our favorite app and the internet on large.

App sends information to Mitmproxy and then tell Mitmproxy to send all information to the internet at large, which will then send back information and on and on. Your phone and computer send information to a router which in turn directs it to the company’s servers or mobile app you are trying to interact with. Mitmproxy decrypts SSL encrypted or HTTPS traffic for you to see. The traffic is sent in packets. Mitmproxy unencrypts it for us by installing a certificate on your phone or computer such that is sends Mitmproxy the information which is easy to understand from a user’s perspective.


For folks using a mac machine, it’s a delight to set up mitmproxy and get it up and running.

Mitmproxy can be installed easily using Homebrew.

If you don’t have homebrew set up open the terminal and paste the following :

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Wait for the installation to be completed.

Install mitmproxy using :

brew install mitmproxy

Once the above step is done type mitmproxy in terminal window

mitm proxy first look

On a Mac Machine Go to System PreferenceNetwork. On the left side, you can find which network is working wifi or you are connected to a wired network. It is recommended that you use wifi. Unplug the ethernet if you are connected to a wired network.

Click on Advance and click on TCP/IP tab. Check out the image for reference.

Network Settings

You’ll need the highlighted IPv4 address.

Setting up your iPhone

  1. First, we need to send iPhone’s information to your computer.

2. Go to Settings → Wi-Fi and click on the blue “i” next to the name of the network your iPhone is connected to then scroll Down to HTTP PROXY

3. Tap on Configure Proxy and Select manual. Use the Ipv4 address as server address and port as 8080(mitm proxy works on 8080 as default)

Settinngs for an iPhone

4. Start mitmproxy on your Mac's terminal. On your iPhone launch safari and in address bar type address mitm.it

5 . Select Apple and install the certificate. To verify go to Settings → General → Profile (iOS 11) and Settings → General → Device Management on iOS 9 and above devices.

We are almost there, to finish Navigate to Settings → General → About → Certificate Trust Settings. (iOS 10 and above devices). Turn on the toggle button to trust the mitm root certificate.

Horray! we are all good and ready to roll !.

You should see something like this on your computer while browsing your favorite app which should show HTTP and HTTPS packets. No HTTPS means you have problems with your certificate installation and no packets at all could indicate a problem with your network settings.

Setting up your Android Phone.

1.For Android, you’ll have to navigate to Settings → WiFi. Long press on network name and tap on Modify network.(Depends upon the device you are using)

2. Next step is to change the Proxy Settings. Tap on Show Advance options and you’ll find Host Name, Port. Use the same information as we did when setting up the iPhone.

3. Open your favorite browser(Chrome) on your Android and address bar type address mitm.it. This is similar to what we did on Safari while setting up the iPhone.

4. Open the certificate, as a security measure Android OS prompts you to set up a pin/pattern if not set before. Refer to screenshot. You might want to save it with a name. In my case, i saved it with mitm.

Now you should now be able to see traffic starting to appear in your terminal. I am using Box app in my case to monitor http traffic.

Few Pointers :

  • If you hit ENTER on any request, you can see more information such as request and response headers.
  • You can use TAB to switch between Request, Response and Detail tabs.
  • Hit q to go back to the request list.

Happy Reading!




Testvagrant is a test engineering company which helps shape the testing strategy and take Products a step closer to having a faster, accurate, and more predictable release.

Recommended from Medium

Connect slack with python

TPM Stories: Simon Karpen from DoorDash

Authorization in Golang Projects using Casbin

Developing an Interactive Dashboard for Value Investment with Python, Dash and Pandas (Version 1)

What Is Technical Translation?

Securing the monolith

How to Build a Taxi App In 2021

Deno: A better beginner’s guide

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gaurav Sharma

Gaurav Sharma

More from Medium

👨🏼‍💻Cloud Hosting Use Case for Text Classification with HMS ML Kit

Building Android App Bundle with Jenkins

Registering dependencies in Dagger 2

Understanding Dynamic Feature Module -Part 1. Why we need to use it ?