June 24th, 2014

HTTP/HTTPS debugging on Mobile Apps with Man In The Middle

In this post I want to share with you an amazing tool called Man in the middle proxy. As you can imagine, this tool is an HTTP/HTTPS proxy that allow you to perform debug not only on HTTP communications but also on HTTPS/SSL calls.

Here you can see it in action!

mitmworking

I did the tests using an IPhone, but this method applies to any mobile or non mobile app or platform.

Installing MITMProxy

Installing mitmproxy is very easy, you just need to have Python installed and pip.

If you don’t have pip you can install it like this:

$ wget https://bootstrap.pypa.io/get-pip.py
$ Python get-pip.py

Once you installed pip you just need to:

$ pip install mitmproxy

Running MITMProxy and configuring your IPhone

To start debugging your http/https apps follow next steps:

1) Configure in your iphone the IP of your machine as http proxy and port 8080 (default for MITMProxy).
2) Start mitmproxy in your machine.
3) Open Safari in Iphone and navigate to http://mitm.it
4) Choose Apple icon and install the SSL Certificate for MITM.

mitmconfig

That’s all, now you just need to start using your apps, and you will be able to see the traffic in your console.

Hope be useful!