VGTech is a blog where the developers and devops of Norways most visited website share code and tricks of the trade… Read more



Are you brilliant? We're hiring. Read more

Monitor HTTP traffic from your Android phone through Fiddler

Android

Either you are developing, or you want to inspect 3rd party apps, intercepting the HTTP traffic from Android apps can be very useful. There are several ways to achieve that. This post describes how to do it using my favorite HTTP inspector/proxy for Windows: Fiddler.

Preconditions

For this method to work you need 1) a rooted Android device and 2) an infrastructure which allows you to perform socket connections from your phone to your PC. There are at least four ways to achieve the latter:

  1. Through internet. Expose the Fiddler port through firewalls and NAT’ing you may be behind.
  2. Through WiFi intranet. Your PC and phone must be connected to the same subnet.
  3. Through WiFi by using your phone as an Access Point.
  4. Through USB using reverse tethering

Now for me, #1 was not an option since I was behind a corporate firewall. I tried #4 for two hours by testing this and that app – without any success.
I settled on #2, but you may choose the method most convenient for you.

As for rooting your phone, that is out of scope for this blog post

Installing and configuring the environment

1. Fiddler

Download the free version of Fiddler from Telerik. Make sure you select the .NET 4 version if you have that installed. When running it the first time, make sure you allow Fiddler to accept network connections from the intra- or internet, depending on your infrastructure setup. If you’ve need to modify this later you can always add or remove the rule by staring “wf.msc” throug Start-Run in Windows, and checking the Incoming Rules.

Configure Fiddler for incoming connections by going to Tools - Fiddler options... - Connections.. Set the following properties:

  • Fiddler listens on port: 8888 or any other port not in use at your computer
  • Allow remote computers to connect: on
Configuring fiddler

Hit OK and restart Fiddler. Note: you do not need to capture traffic from your browsers since you will force traffic from your phone to Fiddler anyway. So for less noice, disable capturing by clicking F12.

2. Proxy Droid

Update 03 dec 2014: You can also configure a proxy for your wifi connection through the regular wifi connection settings on Android 4.x+.┬áTap and hold the wifi connection entry you’re connected to and select “Modify”. Enable “Advanced settings”, select “Manual proxy” and enter the IP address. The disadvantage to this approach is that it’s more tedious as you have to enter the IP address each time you add/remove it. But if you don’t want/can root your device, this is a viable approach.

Download Proxy Droid by Max Lv to your Android phone. Run it and configure it to point at your Fiddler instance by entering the IP of your computer and ther port (8888 by default). Note that you must use the local IP address (often starting with 192.168.* or 10.*) if you used method #2 or #3 as described in the Preconditions chapter.

Configure Host and Port, then enable ProxyDroid

To test if your PC is reachable from your phone, you may simply ping it using ADB, given that it is connected with USB and have developer mode enabled. Example:
adb shell ping 192.168.1.6
(You need to have enabled reply to ICMP pings in your firewall for this to work. Fiddler may still work even if you get no ping replies)

You can also ping your phone from your PC. Acquire its IP address through this command:
adb shell netcfg
Usually the device eth0 will have the IP address you need.

3. Testing

Simply start your favorite Android browser and navigate to a random web page. You should ge tthe page presented normally in the browser, and see the HTTP requests line up in Fiddler. All apps will use this proxy now – not only the web browser. Below is a screenshot of Fiddler after I’ve run a request to bash.org from the browser, followed up by lanching and briefly using the now popular game 2048:

Fiddler with HTTP traffic log from the device

Here you can see that bash.org is a pretty clean site with no javascript and images, while 2048 reveleals that it needs to fetch a couple of images online, while sending usage analyics data to a server which is not listening.

Whether you’re using this for policing other apps, or for debugging your own applications or 3rd party APIs, this is a technique that should be in every Android developer’s toolbox.

Got any comments on my procedure, or suggestion for improving it, please don’t hesitate to comment.

Android developer at VG


4 comments

  • smorgasbroed

    This is easy and works for "normal" HTTP traffic but not for all. There are many apps which "talk" HTTP to some server which don't go through the proxy.

    On iOS this is setup the same way, a proxy is added to the WiFi connection, but iOS routes ALL traffic through this proxy then.

    So debugging/monitoring foreign apps for phoning home or some other background traffic is not completely possible on droid the way you describe it.


  • Dima

    @smorgasbroed, you're right
    mnay apps do not use proxy settings


  • David

    Excellent article, was really very useful to analyze and understand the traffic of android apps


  • David

    Excellent article, was really very useful to analyze and understand the traffic of android apps!!


Leave your comment