Starting my journey as a dev, one goal is to create an app that gets data from another app (points of a loyalty program), and an interesting approach would be using mitmproxy to see where the API comes from.
I managed to setup mitmproxy on my PC, and managed to connect my phone to the service through the proxy settings, and miproxy sees my web activity perfectly.
EXCEPT for the apps. All apps will not even connect to the web, as if there is no connection, but I can access the web I Chrome still. The CA-certificate is set as a "user" cert on my phone, maybe it has to be a system cert?
Seen some tutorials using an iPhone, seems to work fine there. Anything I might be missing? Thanks.
If youre having trouble intercepting traffic from Android apps using mitmproxy, there could be several reasons for this issue. Here are some troubleshooting steps you can follow:
Certificate Installation: Ensure that the mitmproxy CA certificate is correctly installed on your Android device. As you mentioned, it should ideally be installed as a system certificate rather than a user certificate. System certificates have higher privileges and are trusted by all apps on the device.
Rooted Device: If your device is rooted, you may have more success intercepting traffic from apps. Root access allows mitmproxy to intercept encrypted traffic by installing the mitmproxy CA certificate as a system certificate. However, rooting your device may void its warranty and expose it to security risks, so proceed with caution.
App Behavior: Some apps implement certificate pinning or use other security mechanisms to prevent traffic interception. In such cases, mitmproxy may not be able to intercept traffic even if the certificate is installed correctly. You can try bypassing certificate pinning using tools like Frida or modifying the apps code if you have the necessary permissions.
Proxy Settings: Double-check the proxy settings on your Android device to ensure that they are configured correctly. Make sure that the device is configured to use the correct IP address and port for the mitmproxy instance running on your PC.
Firewall or Antivirus: Sometimes, firewall or antivirus software installed on your PC may interfere with mitmproxys ability to intercept traffic. Try temporarily disabling any such software and see if it resolves the issue.
Network Configuration: Ensure that your PC and Android device are connected to the same network and that there are no network restrictions or firewalls blocking traffic between them.
mitmproxy Configuration: Review your mitmproxy configuration to ensure that it is set up correctly. Make sure that you are running mitmproxy with the appropriate options to intercept HTTPS traffic (e.g., mitmproxy -p < port> --ssl-insecure).
By troubleshooting these potential issues, you should be able to intercept traffic from Android apps using mitmproxy successfully. Remember to respect the privacy and security of users and only intercept traffic for legitimate testing purposes.