6

I am using mitmproxy to analyse the https traffic of some Android Apps. A few days ago I was able to intercept all the traffic without any problem and now mitmproxy doesn't seem to work properly.

Some of the apps recognise the fake certificate (I guess they use certificate pinning), for some I can only see one or two http GET requests (even for the apps that few days ago I was able to properly capture everything), and for some apps the proxy doesn't catch anything at all.

What could have possibly changed in few days? I am sure that I have configured the device correctly. I am also sure that the phone didn't update.

I would really appreciate your help.

Update: Here is the event log. This is from an app I used to be able to intercept the traffic from.

event log for ebay

Irene Ant
  • 659
  • 7
  • 19

1 Answers1

3

If you press ⇧ Shift + E, you can view the event log. This should give you a better idea of what is happening. clientconnect means that mitmproxy registers a TCP connection. If this is not the case, traffic from your phone does not reach mitmproxy at all.

Otherwise, there might be erros during the TLS handshake. You should have a Client Handshake failed message in the event log then. Maybe you need to install the mitmproxy root certificate again by visiting http://mitm.it/? If you still encounter certificate errors in the event log after you have installed the certificate properly (check by opening https://example.com/ in your mobile browser), your app is most likely using certificate pinning.

Community
  • 1
Maximilian Hils
  • 336
  • 2
  • 4
  • I did try to re install the mitmproxy root certificate again but it hasn't solved the problem. – Irene Ant Mar 20 '16 at 22:32
  • I updated my answer above. If https://example.com/ works fine but your app doesn't, the app most likely just enabled Certificate Pinning. – Maximilian Hils Mar 20 '16 at 22:53