1

I want to inspect inside HTTPS-encrypted packets that an app is sending. It is not my app, I don't have its source code.

My device is rooted, so I can modify /system/etc/security/cacert if needed, for instance to do man-in-the-middle proxying.

Up to Android 8, one could just install a self-made certificate, but it does not work anymore. I have Android 9, but I can upgrade if needed.

Improve this question
1
  • 2
    I've heard good reviews about this app in some forums. No personal experience /affiliation Commented Mar 26, 2020 at 5:28

1 Answer 1

Reset to default
1

As tipped by @beeshyams, HttpCanary is perfect for this.

You need a rooted device, of course.

HttpCanary takes care of all of the difficult steps (certificate generation and installation) transparently.

It shows a list of requests (filterable by app), and details of each request and response.

The best feature is this overlay showing request while I am using other apps (bottom right):

enter image description here

Even though the Google Play page says "HttpCanary core codes are opened in Github", https://github.com/MegatronKing/HttpCanary does not contain most of the source code, so I believe it is not open source.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.