mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-29 19:08:44 +00:00
Docs: remove proxydroid instructions from Android.
The "official way" is now to just use transparent mode.
This commit is contained in:
parent
101f92b256
commit
04552375a9
Binary file not shown.
Before Width: | Height: | Size: 122 KiB |
Binary file not shown.
Before Width: | Height: | Size: 53 KiB |
@ -4,9 +4,9 @@ embarrasment](http://code.google.com/p/android/issues/detail?id=1273). It's
|
||||
scarcely credible, but Android didn't have a global proxy setting at all until
|
||||
quite recently, and it's still not supported on many common Android versions.
|
||||
In the meantime the app ecosystem has grown used to life without this basic
|
||||
necessity, and many apps merrily ignore it even if it's there. The upshot is
|
||||
that in many cases the only way to make interception work on Android is to do
|
||||
it without relying on the proxy settings.
|
||||
necessity, and many apps merrily ignore it even if it's there. This situation
|
||||
is improving, but in many circumstances using [transparent
|
||||
mode](@!urlTo("transparent.html")!@) is mandatory for testing Android apps.
|
||||
|
||||
We used an Asus Transformer Prime TF201 with Android 4.0.3 in the examples
|
||||
below - your device may differ, but the broad process should be similar.
|
||||
@ -16,7 +16,7 @@ Installing the mitmproxy certificate
|
||||
====================================
|
||||
|
||||
The first step is to install mitmproxy's interception certificate on the
|
||||
Android device. In your ~/.mitmproxy directory, there should be a file called
|
||||
Android device. In your ~/.mitmproxy directory, there is a file called
|
||||
__mitmproxy-ca-cert.cer__ - we need to transfer this file to
|
||||
__/sdcard/Downloads__ on the Android device. If this file doesn't exist for
|
||||
you, your certs were generated with an older version of mitmproxy - just copy
|
||||
@ -51,53 +51,3 @@ settings, you're just about done - simply configure the settings to point at
|
||||
mitmproxy. If not, proceed to the next step...
|
||||
|
||||
|
||||
Working around Android's proxy shortcomings
|
||||
===========================================
|
||||
|
||||
In response to Android's proxy situation, a number of apps have been created to
|
||||
duct-tape proxy support onto the OS. These tools work by running a rudimentary
|
||||
local proxy on the device, and forwarding all traffic destined for HTTP/S ports
|
||||
to it using iptables. Since the proxy is running locally, it can detect what
|
||||
the final IP address of the redirected traffic would have been. The local proxy
|
||||
then connects to a user-configured upstream proxy, and initiates a proxy
|
||||
CONNECT request to the destination IP.
|
||||
|
||||
Now, if the configured upstream proxy is mitmproxy, we have a slight problem.
|
||||
Proxy requests from the Android device in this scheme will specify only the
|
||||
destination IP address, __not__ the destination domain. Mitmproxy needs the
|
||||
target domain to generate a valid interception certificate. The solution is
|
||||
mitmproxy's [upstream certificate](@!urlTo("upstreamcerts.html")!@) option.
|
||||
When this is active, mitmproxy makes a connection to the upstream server to
|
||||
obtain the certificate Common Name and Subject Alternative Names.
|
||||
|
||||
Adding all this together, we can achieve reliable Android interception with
|
||||
only a few more minutes of setup. The instructions below show how to set up an
|
||||
Android device with
|
||||
[ProxyDroid](https://play.google.com/store/apps/details?id=org.proxydroid) (the
|
||||
local "duct-tape" proxy implementation) to achieve interception.
|
||||
|
||||
Install ProxyDroid
|
||||
------------------
|
||||
|
||||
First, root your device - this is required to install ProxyDroid. Then install
|
||||
ProxyDroid from the Google Play store:
|
||||
|
||||
<img src="android-proxydroidinstall.png"/>
|
||||
|
||||
You will be prompted for super-user access, which you must allow. Next, enter
|
||||
the ProxyDroid settings, and change the proxy settings to point to your
|
||||
mitmproxy instance. When you're done, it should look something like this:
|
||||
|
||||
<img src="android-proxydroidsettings.png"/>
|
||||
|
||||
In this case, our mitmproxy instance is at the host __maru.otago.ac.nz__,
|
||||
running on port __8080__.
|
||||
|
||||
When you start mitmproxy, make sure that the upstream certificate option is set
|
||||
(use the _--upstream-cert_ command-line option, or enable it interactively
|
||||
using the _o_ shortcut):
|
||||
|
||||
<pre class="terminal">
|
||||
mitmproxy --upstream-cert
|
||||
</pre>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user