iOS Simulator and Android Emulator HTTP Proxy

UPDATE 2020

Use Proxyman!

https://proxyman.io/blog/

Proxyman dashboard - HTTP Web debugging on macOS

For iOS and Android developers, it’s very important inspecting HTTP/HTTPs traffic in order to have a better understanding of what’s happening during a debugging session.

During these years, setting a proxy for simulators (or emulators) has became more and more easy and today I’m pretty happy to show you how to do on your Mac.

On Windows you could, of course, set a proxy only for Android and I will write a dedicated post and we will use a different proxy program.

But for now we must focus on OS X.

What do we need to do that?

  • BurpSuite (HTTP proxy)
  • Android Studio (for Android developers)
  • XCode (for iOS developers)

Let’s download BurpSuite free edition from its official site: https://portswigger.net/burp/

After you have been installed the program, lunch it and choose “Temporary Project” and for this very first time “Choose Burp Default”.

Go to Proxy and then disable interception, then go to Proxy -> Option and check whether the standard proxy port is okay for your, otherwise change it with the edit button on the left.

I need to listen on port 8888 instead to port 8080 and for Android we need to add another rule for listen specifically to your Mac IP Address.

Your final configuration should look like that (except for the IPv4 192.168.1.2 because your machine should have another one).

Then if you wanna save your settings (except for the interception that must be removed every time you start Burp) you can go to Burp -> Project Options -> Save project options and save your settings so at the next start you can say Burp to load settings from the file you saved

Android

With BurpSuite running, open Android Studio and lunch your Emulator.

Open Emulator settings and use a manual configuration for proxy.

Set host as 192.168.1.2 and port as 8888. Save and close.

Open the Browser and go to 192.168.1.2:8888. We need to install the Proxy CA Certificate in order to listen to SSL traffic.

Click above on the right the CA certificate button and Download it.

If your version of Android lets you install it from the Download folder you can try to open it directly from there. Otherwise the path that works in any case is the following one.

Go to Downloads App and rename cacert.der in cacert.cer and move it on SD Card,

Then go to Settings -> Security -> Install from SD Card choose our certificate.

Then click on it and follow the instruction.

At the end open the Browser and navitgate to https://www.google.it and you can now sniff your HTTP and also HTTPS traffic.

We have left a very final step to do, and It’s to enable proxy also to our Data Connection on the Emulator. This because we wanna sniff traffic of our Apps and not only of the Browser.

And finally if you have a web call on your Application you can easily inspect it.

Pay attention to the Filter section (the red arrow highlights it) in which by default Burp filter CSS, images, etc. If you want to see also this HTTP calls you must enable it by clicking on the filter section and check the right choices.

I hope this could help you, as an Android Developer, debugging all your Rest API.

UPDATE: As of targeting SDK API 24 or higher you must follow this configuration for your Android APK in order to be able to sniff SSL Traffic: trusting debug CA.

NOTE: on Windows the procedure is exactly the same if you use always Burp Suite. But on Windows environment I prefer to use Fiddler from Telerik (http://www.telerik.com/fiddler). You have to do a litte change in Fiddler regarding the CA Certificate, I hope to write a post soon.

iOS

iOS Simulator has not a specific settings section for Proxy. It uses the System Proxy, so that we have to set the proxy directly on the Advanced Settings of our current network interface.

Go to System Preferences -> Network and choose your current interface, click Advanced and go to Proxy tab to set Proxy settings. In this case, differently from Android, you could use the localhost address.

Set the same configuration either for HTTP and for HTTPS. Ok and Save.

Now let’s try:

It works! The only drawback is that having set a global system proxy, we proxy all the traffic of our Mac, not only the one of the simulator like for Android.

Note: If you test, like me, an image HTTP Request, check the Filter section of BurpSuite and opt-in for images too because, by default, images are filter out. The Filter section is just below “HTTP history” tab. You have only to click on it to expand its configurations.

Also in our iOS simulator in order to be able to sniff HTTPS traffic we need to install BurpSuite CA Certificate.

Similarly as we have done for the Android emulator we must open the browser and navitagate to http://127.0.0.1:8888 and install the certificate.

Here the process it’s simpler but on iOS 11 we need to do one more thing. Enable the Full Trust from the About Settings menu.

And it works!

So we have finished our setup. We can now start coding happier!

NOTE: of course you can set a proxy also on a real device. If you do that (the proxy settings are on the netwok configuration of the device you use) remember that the device and the PC where is the proxy must belong to the same Network and they must be reachable from each other.
Moreover if you wanna sniff the SSL traffic you must install the CA Certificate of the proxy but that exposes your device to the MITM Attack (it’s that what we do here, we act like a Man In The Middle) if you use it in your real life. So… remember to remove the certificate once done.

iOS Simulator and Android Emulator HTTP Proxy