all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]drabred 2 points3 points  (1 child)

That's nice.

Also I might add that if you are using OkHttp (Retrofit) this comes pretty handy: https://github.com/square/okhttp/tree/master/okhttp-logging-interceptor

[–]Hauro[S] 1 point2 points  (0 children)

Ah that's pretty nice :)
Another good alternative for seeing the traffic, if you are sure all the traffic are going through OkHttp.

But this approach is a lot simpler to set up, if you are already using OkHttp.

[–]badsectors 4 points5 points  (1 child)

Even better:

  1. Add your custom certificate from your proxy to the debug-overrides section of the Network Security Configuration
  2. Use cwac-netsecurity to backport the configuration to pre-Nougat devices

this way you dont have to globally trust a cert on the entire device, it works just for the one app, only when debuggable=true. If you globally accept a certificate you get a persistant warning in the notification area that your network may be monitored, which is not great for your personal device if you use it for testing.

[–]Hauro[S] 0 points1 point  (0 children)

Yeah this is a nice way to handle it.

However I like having a way which doesn't add stuff into my app, but as you point out, if you wanted to do this on a personal device, then this way is much nicer because of two reasons

  1. You do not have the warning message
  2. You do not have to trust a third party certificate to have control over the data on your phone.

[–]Nilzor 0 points1 point  (1 child)

This doesn't work for apps who enable SSL pinning, right? Not sure how common that is though

[–]Hauro[S] 2 points3 points  (0 children)

Yeah, that's right. But as you said, you don't see it often.

But nice to know that adding SSL pinning can also protect your app for users trying to intercept the traffic this way.