PROCESS | Capturing SSL Traffic on Android using ZAP Proxy

15 Dec 2020 - Ottawa

Summary

This will work on all Android versions (as of v11) but there are a couple things to know going in:

• This method works for HTTP/S requests on the browser, to capture application traffic requires a different configuration
• Some traffic doesn’t use layer 7 protocols, for example, TCP and UDP traffic both operate on layer 6
• This was tested on a physical device running Android 11, there are better methods for emulators
• All commands run on Ubuntu 20.04 (should be transferable to other Debain distros but some troubleshooting may be required)

Prep Work

On your PC

A few things have to be installed before we get started:

• ZAP Proxy software (v.2.9.0), can be downloaded at zaproxy.org (Extract the zip file to your preferred destination, I’ll be using my Desktop folder)
• Java 8

To install Java 8:

 sudo apt-get update
 sudo apt-get install openjdk-8-jdk

Starting ZAP (Terminal started in extracted ZAP Folder):

./zap.sh

It might ask if you want to persist the ZAP session, this is asking whether you want to save the data for later.

On your Mobile Device

You’ll need to enter developer mode to be able to install your own certificates. This method varies by device and if they used the open-source android or have made changes themselves.

For a Pixel device, search Build Number and tap it 7 times. A notification will pop up that you’ve entered developer mode and there will be a section of new features.

I recommend plugging in your device and allowing file movement (click the notification that says it is connected, opens connection settings), it makes the next step easier.

Last thing you’ll need to do is confirm you’re connected to the same router as your PC.

The Process

Step 1: Configure SSL Certficate

1. In ZAP at the top of the screen, click Tools->Options or you can hit Ctrl+Alt+O
2. In the options window, you’re looking for Dynamic SSL Certificates
3. Click Save, location is not relevant as long as you keep note of where it is 4.a) IF your device is plugged in and file sharing enabled, copy and paste the .cert file to the Downloads 4.b) If you did not connect your device and enable file sharing, you’ll have to find a way to get the file to the device. Few different ways you could do it are logging into an email account, cloud file share service, upload it to a publically available site and download from there.
4. In the settings on your mobile device, search Cert and click on CA Certificate, this might flash a warning, click install anyway
5. Select your downloaded .cert file

Step 2: Configure Local Proxy

1. Back on ZAP, navigate to Options once again (Ctrl+Alt+O), and click on Local Proxies, use the following info:
   • Address : 0.0.0.0
   • Port : 8080
   • Behind NAT : Unchecked
   • Remove Unsupported Encodings : Checked
   • Always unzip gzipped content : Checked
   • Security Protocols : Select All
2. Open a terminal on your PC, run either ipconfig or ifconfig depending on your OS and note down your local IP.

Step 3: Connect your Mobile device to the Proxy

Go to the Wi-Fi settings on your phone, click the pen at the top to edit your configuration. Change the proxy mode to manual, use these options:

• hostname : your PCs IP address from Step 8
• Port : 8080

And that is it, to test, browse to Google.com and the requests will appear under Sites/hxxps://www[dot]google[dot]com on ZAPs leftmost panel.

Related Posts

• 26 Feb 2022 » Layman's Guide to Passwords
• 11 Jul 2021 » REFERENCE | Commands for ClamAV
• 23 Mar 2021 » Writing a Batch file to Open Multiple Programs at Once on Windows