I am taking a course in a school about network security. In a experimental exercise, I was asked to install a Man-In-The-Middle (SSL) app to a mobile phone, and install a certificate(with private key inside) on the phone.
My questions:
Is the certificate used to generate a fake certificate to pretend the app(might be a proxy?) is the server which client requests for?
Why there is a private key inside this kind of certificate? What is the private key used for here?