Thursday, April 10, 2014

How to see, edit and tamper all http, https requests, responses made from an android mobile or tablet device?

In previous posts we saw an introduction to web proxy debugging and decrypting secure SSL requests.

Yet still, have you ever wondered how your mobile/tablet communicates with websites? , How information is being sent & received in my Facebook, Gmail app that you installed in your smartphone?

Well, I did, and here is what I found. We can view, capture and play with data sent from any smartphone over the network.


Install & open Charles. Go to Help Local IP address. Note down your IP address.

Now let’s move on to try capturing what all that is being sent from your android/windows/ IPhone device.
(Make sure both your device and PC are connected in the same network)
Go to android settings WiFi → long press your connected network → modify Network 


At the bottom, Check “show advanced options” → set proxy as “manual”. Proxy hostname is your IP address that you noted as seen when we started. (192.168.1.6 for me) Proxy port is Charles’s port “8888” by default. (Proxy menu → Proxy Settings →Port).
Let’s get to test if that is correct.


Now we have set all your android traffic to go through your PC and Charles read it clean and nice for you.
I am opening browser from my mobile and doing a Google search.

Then I am going to Charles and …
BINGO! Yes, I can view what I searched in my mobile, right here in my PC. Ok, can we edit and interpret the information being transferred?
Let’s do a similar thing to what we did in our previous post,

Go to any website, say “m.dictionary.com” & here is how it looks,
Note how the response is the HTML page of “m.dictionary.com”. Now enable breakpoints for this website in Charles, and reload the website in your device.

The request gets paused before being sent to the web-server. Let’s just let the request go, by clicking “Execute”.
Now Charles brings up the response sent by the server, which is to be sent to your smartphone.
But before that I am going to edit the Response with my own HTML content and then click execute.


Check out what gets displayed in my phone, for the website “m.dictionary.com”.
That’s the direction of things you can do with proxy debugging.
Android developers can use this method to see all your data traffic, whether requests are going good and responses are received OK.
If you encounter secured HTTPS/SSL data, please refer this post to decrypt them in Charles.


Yet, sometimes, new android versions may feel a bit insecure and just don’t believe this proxy drama.
If you’re not able to see encrypted data, go to this URL http://charlesproxy.com/charles.crt from your device browser and install the certificate.
Be sure to remove the certificate after using (settings → security → ! sign -> select Charles certificate & remove)

Try out to see what all information your phone sends and receives.
If you are using other’s device, inform them & respect their privacy. (All personal data including passwords & auth codes are viewable)
Please be noted this tutorial is for only educational purpose and be responsible. Have a great day :)

14 comments:


  1. Share or Sell your documents, designs, graphic, 3d models, artworks, photographs, etc., earn money, and get hired worldwide. Register via e-mail or your social media account here:http://www.ehuub.com/login/ by choosing category "GRAPHICS, DESIGN, AND MULTIMEDIA", thank you!

    ReplyDelete
  2. This is so essential post. This information helps them who are new bloggers. Thanks for helpful post for us.
    ExtraTorrent UK proxy

    ReplyDelete
  3. FITA is the leading IT training institute in Chennai offering professional training on more than 125+ IT courses by experienced professionals. Here, we offer 100% practical and placement oriented training that assist students to get placed in leading MNCs with good salary package. Android Training in Chennai

    ReplyDelete
  4. this is really too useful and have more ideas from yours. keep sharing many techniques. eagerly waiting for your new blog and useful information. keep doing more.
    Digital Marketing Course in Chennai

    ReplyDelete
  5. Excellent post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
    Android training in Chennai | Android course in Chennai

    ReplyDelete
  6. Quite an insightful post. This has cleared so many of my doubts in this subject & has thrown light on many aspects that I didn’t know before. Thanks a ton!
    Best institute chennai

    ReplyDelete
  7. Excellent post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it...Android Training in Bangalore

    ReplyDelete
  8. Web Proxies Explained An intermediary is any product that backings the http intermediary conventions. In it's least difficult shape an intermediary is a hand-off for information between two PCs. An intermediary is a middle of the road server that advances data between to points.View More

    ReplyDelete
  9. Thank you a lot for providing individuals with a very
    spectacular possibility to read critical reviews from this site.


    Android Training in Bangalore

    ReplyDelete