Android Device & Emulator

How to set up Android Device or Emulator with Proxyman to capture HTTP/HTTPS Requests/Response

PrevioustvOS & watchOS NextAutomatic Script for Android Emulator

Last updated 3 months ago

In order to capture and decrypt HTTP/HTTPS request/response from your physical Android Devices or Android Emulators, please navigate to:

Certificate Menu -> Install Certificate on Android -> Device
Certificate Menu -> Install Certificate on Android -> Emulator

Check out the

For the Android Emulator, let's check out the

1. Android Setup Guide

If you want to capture & decrypt HTTP/HTTPS Traffic from your Physical or Emulator Android Device, please follow all steps in the setup guide:

Certificate Menu -> Install Certificate on Android -> Device
Get your Android Device or Emulator -> Open Setting app -> Wifi -> Select the current Wifi -> Config the HTTP Proxy by following the next tables.

Name

Value

Server IP

Your current IP Network

Port

The current port of Proxyman: 9090 is the default

Authentication

Some Samsung devices couldn't access the Internet after setting the HTTP Proxy. Please try to forget your current network and connect again.

If you're using any VPN app, please make sure to close it, since some VPN apps conflict with HTTP/HTTPS Proxy configs.

Android 11, Android 12 or later:

Visit http://proxy.man/ssl from the Google Chrome app to download the certificate.
From Android 11 or later, you have to manually install the certificate in the Setting app.
Settings app -> Security -> Encryption & Credentials -> Install a Certificate -> Selec "CA Certificate" -> Select Proxyman CA Certificate in your storage.

Android 10 and below:

As soon as you visit http://proxy.man/ssl, your Android devices will download and install it automatically. Make sure you select the VPN and App Section.

On Android 12+, If you encounter this warning "Can't install the Certificate: This file can't be used as a VPN & app user certificate", please try to select "CA Certificate" instead.

http://proxy.man/ssl is a local website, which serves from the local Proxyman's HTTP server. If you can't open it, please forget the wifi, re-connect, and make sure the Proxyman app is opening.

4. On Android 11 and Android 12. Let's verify by opening the Trusted Credentials -> User Tab.

Make sure you can see the Proxyman CA Certificate like the below screenshot.

5. Open your app Source Code: Adding the two following xml files.

Add res/xml/network_security_config.xml

network_security_config.xml

<network-security-config>
  <debug-overrides>
    <trust-anchors>
      <!-- Trust user added CAs while debuggable only -->
      <certificates src="user" />
      <certificates src="system" />
    </trust-anchors>
  </debug-overrides>

  <base-config cleartextTrafficPermitted="true">
    <trust-anchors>
      <certificates src="system" />
      <certificates src="user" />
    </trust-anchors>
  </base-config>
</network-security-config>

Add to AndroidManifest.xml

manifest.xml

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
    ...
    </application>
</manifest>

Make sure that you remove those configs in the Release build. If not, your HTTP/HTTPS requests can be intercepted and leak your sensitive data in the Production build.

6. If it's Android Emulator, please restart the emulator

7. Done ✅

2. Troubleshooting

3. Sample Android Project

If you've struggled to config XML settings, let's check out this simple project that we've configured:

4. React Native Android app

5. Intercept Traffic from embedding WebView

Some Android apps have embedded WebView that requires extra steps in order to intercept HTTPS traffic.

Make sure you're able to see other HTTPS traffic from your Android app. It means that you've set up the certificate properly
Inject the following code to your WebView

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
    WebView.setWebContentsDebuggingEnabled(true);
}

// The following two lines help with disabling asset caching
webView.getSettings().setAppCacheEnabled(false);
webView.getSettings().setCacheMode(WebSettings.LOAD_NO_CACHE);

3. Open a new Chrome tab on your computer and navigate to chrome://inspect

4. When you open the WebView, the view will appear in your Chrome tab, then you can simply click inspect to start using the remote debugger.

6. SSL Proxying using Root Device

If your Android version is below 7 you don't need to do this step. Google added extra security that doesn't allow man-in-middle-app to attack after Android 6. i.e unable to do MITM attack on android apps.

We don't bear any responsibility for problems caused by rooting phones. So please follow the guide at your own risk.

Root your phone with magisk framework.
Install the Root file browser so you can copy and paste files in a restricted system folder.

Type the following script in the command line

$ cd ~/.proxyman
// We copy certificate to another file name just so we may need it later
$ cp proxyman-ca.pem temp.pem
$ hash=$(openssl x509 -inform PEM -subject_hash_old -in temp.pem | head -1)
$ mv temp.pem "$hash.0"

If you go to ~/.proxyman folder you must notice a file name starting with numbers with extension
Copy that file to your Android.
Using root file browser transfer that file to /system/etc/security/cacerts/
Enjoy proxying.

When using Android phones, set the gateway to any wrong IP just so you can be sure all your traffic goes from proxy man proxy only.
We can use the macOS sharing feature to create a mobile hotspot. And from an Android phone, you can use Proxyman proxy easily. It is much better because sometimes the router can block requests between mobile and macOS.