2

This is a rather conceptual question than a line of code question.
I'm trying to proxy an android app in order to inspect its API calls, without having root access to the device.

I'm using mitmproxy, and I've managed to create a system wide proxy using this, but I'm quite clueless as to how can I filter the wanted requests from just the given app.

I can tell the bundle id of the app, but how can I target just this app's requests? With root, this can be easy - using iptables, but how can it be done without root?

This app can be third-party, so using heuristics based on domain or header can be a bit problematic since I don't control them. Also, I would actually prefer a solution style iptables, but without root.

Thanks!

Lior Pollak
  • 3,362
  • 5
  • 27
  • 48
  • I believe you are going to need root if you want to handle third-party apps. In older versions of Android, non-rooted devices you could have used [http proxies](https://stackoverflow.com/q/62730978/295004) like [charles](https://stackoverflow.com/q/52752081/295004) but now requires app authorship for proper functionality. – Morrison Chang Oct 17 '22 at 08:07
  • The simplest solution would be to use a phone with only that app installed. Note that on unrooted devices most likely you will have to modify the app to accept the root certificate of mitmproxy, just installing the root CA certificate as user CA isn't working on recent Android phones: https://stackoverflow.com/a/61169464/150978 – Robert Oct 17 '22 at 09:30
  • For capturing one app only you may want to check TLS interceptions systems which work as app (virtual VPN). AFAIR Android can be configured so that only certain apps use the VPN and thus the intercepting proxy. – Robert Oct 17 '22 at 09:31
  • Thanks. I guess that the app should be modified a bit for the proxy part. @Robert how can it be possible for only the app to use the vpn? That would be great, if I can’t otherwise know which app sent the request. – Lior Pollak Oct 17 '22 at 10:06
  • That is a feature that has to be supported by the VPN app (see e.g. https://android.stackexchange.com/q/22959/2241). Apps like [PCAP Remote](https://play.google.com/store/apps/details?id=com.egorovandreyrm.pcapremote) do support to select the apps you want to intercept. – Robert Oct 17 '22 at 10:09
  • Cool! But this is a vpn solution, it is a bit low level to what I need (layer 2 vs http proxy). Is there anything more “high-level”? – Lior Pollak Oct 17 '22 at 10:33
  • Starting with mitmproxy 9.0, you can use WireGuard mode, which supports proxying specific apps in the Android WireGuard app. Note that mitmproxy 9 is not yet released, so you need to use the development snapshots. The relevant docs are at https://docs.mitmproxy.org/dev/concepts-modes/#wireguard-transparent-proxy, feedback on GitHub is welcome! – Maximilian Hils Oct 17 '22 at 20:20

0 Answers0