Monitor HTTP traffic from your Android phone through Fiddler
Either you are developing, or you want to inspect 3rd party apps, intercepting the HTTP traffic from Android apps can be very useful. There are several ways to achieve that. This post describes how to do it using my favorite HTTP inspector/proxy for Windows: Fiddler.
For this method to work you need
1) a rooted Android device and 2) an infrastructure which allows you to perform socket connections from your phone to your PC. There are at least four ways to achieve the latter:
- Through internet. Expose the Fiddler port through firewalls and NAT’ing you may be behind.
- Through WiFi intranet. Your PC and phone must be connected to the same subnet.
- Through WiFi by using your phone as an Access Point.
- Through USB using reverse tethering
Now for me, #1 was not an option since I was behind a corporate firewall. I tried #4 for two hours by testing this and that app – without any success.
I settled on #2, but you may choose the method most convenient for you.
As for rooting your phone, that is out of scope for this blog post
Installing and configuring the environment
Download the free version of Fiddler from Telerik. Make sure you select the .NET 4 version if you have that installed. When running it the first time, make sure you allow Fiddler to accept network connections from the intra- or internet, depending on your infrastructure setup. If you’ve need to modify this later you can always add or remove the rule by staring “wf.msc” throug Start-Run in Windows, and checking the Incoming Rules.
Configure Fiddler for incoming connections by going to
Tools - Fiddler options... - Connections.. Set the following properties:
- Fiddler listens on port: 8888 or any other port not in use at your computer
- Allow remote computers to connect: on
Hit OK and restart Fiddler. Note: you do not need to capture traffic from your browsers since you will force traffic from your phone to Fiddler anyway. So for less noice, disable capturing by clicking F12.
2. Proxy Droid
Update 03 dec 2014: You can also configure a proxy for your wifi connection through the regular wifi connection settings on Android 4.x+. Tap and hold the wifi connection entry you’re connected to and select “Modify”. Enable “Advanced settings”, select “Manual proxy” and enter the IP address. The disadvantage to this approach is that it’s more tedious as you have to enter the IP address each time you add/remove it. But if you don’t want/can root your device, this is a viable approach.
Download Proxy Droid by Max Lv to your Android phone. Run it and configure it to point at your Fiddler instance by entering the IP of your computer and ther port (8888 by default). Note that you must use the local IP address (often starting with 192.168.* or 10.*) if you used method #2 or #3 as described in the Preconditions chapter.
To test if your PC is reachable from your phone, you may simply ping it using ADB, given that it is connected with USB and have developer mode enabled. Example:
adb shell ping 192.168.1.6
(You need to have enabled reply to ICMP pings in your firewall for this to work. Fiddler may still work even if you get no ping replies)
You can also ping your phone from your PC. Acquire its IP address through this command:
adb shell netcfg
Usually the device eth0 will have the IP address you need.
Simply start your favorite Android browser and navigate to a random web page. You should ge tthe page presented normally in the browser, and see the HTTP requests line up in Fiddler. All apps will use this proxy now – not only the web browser. Below is a screenshot of Fiddler after I’ve run a request to bash.org from the browser, followed up by lanching and briefly using the now popular game 2048:
Whether you’re using this for policing other apps, or for debugging your own applications or 3rd party APIs, this is a technique that should be in every Android developer’s toolbox.
Got any comments on my procedure, or suggestion for improving it, please don’t hesitate to comment.
Recent posts in Android
- Async patterns on Android: Kotlin with coroutines
- Simplifying login with Googles smart lock for passwords and Apples shared web credentials
- Two way data binding without RxJava
- Async programming patterns in different languages
- How App linking in Android M and iOS9 will help to increase app engagement