Setup Mitmproxy With Certificate For HTTPS Traffic Interception Of Android Phone in 2025

Introduction

These days, any modern browser allows you to check traffic from any website. It is as easy as going to the target website, then opening the developer console by pressing F12, and checking out the Network tab where all of the web requests are laid out and neatly packaged for your scrutiny. However, it is not that easy to do on your mobile phone, especially if you want to get traffic from various apps installed on it. This easy step-by-step tutorial will show you how to accomplish exactly that with the help of Mitmproxy.

What is a Proxy Server?

A proxy server acts as an intermediary between a client device (like an Android phone) and the internet, forwarding requests and responses while providing additional functionality. When a client connects to a proxy server, it routes the client's network traffic to the intended destination, such as a website or app server, and returns the response to the client. Proxy servers can be configured to handle specific protocols (e.g., HTTP, HTTPS) and are commonly used for security, performance optimization, or debugging network traffic.

What is Mitmproxy?

Mitmproxy is an open-source, interactive HTTPS proxy tool designed for developers and security researchers to inspect, modify, and debug HTTP and HTTPS traffic between a client and a server. It operates as a man-in-the-middle (MITM) proxy, allowing users to capture, analyze, and manipulate network requests and responses in real time.

Approach Explanation

To intercept and analyze network traffic from an Android phone, we will set up Mitmproxy on a computer to act as a proxy server. First, we'll install Mitmproxy and configure it to listen for incoming connections. Then, we'll connect the Android phone to the same Wi-Fi network and configure its proxy settings to route all network traffic—HTTP and HTTPS—through the computer's Mitmproxy instance. To enable HTTPS interception, we'll install Mitmproxy's Certificate Authority (CA) certificate on the phone, allowing us to decrypt and inspect secure traffic. Once set up, Mitmproxy will capture all requests and responses, enabling us to study the traffic in detail, including API calls, headers, and payloads, using its interactive interface or exported logs.

Prerequisites

Before we begin, let's ensure that we have everything to complete this tutorial:

• Any Android Phone or Android Emulator Device (running Android 7.0 or later, as older versions have different certificate handling)
• Any macOS, Linux, or Windows machine
• Same Wi-Fi network with your phone and machine connected to it

1. Installing Mitmproxy

First, we need to install Mitmproxy on our machine

For Linux

sudo apt install mitmproxy

For Mac

brew install mitmproxy

For Windows

Just download the installer from the Mitmproxy official website

After installation, we can use the following command to check if it was installed correctly:

mitmproxy --version

And I am getting the following result:

$ mitmproxy --version
Mitmproxy: 12.1.1
Python:    3.13.3
OpenSSL:   OpenSSL 3.4.1 11 Feb 2025
Platform:  Linux-6.10.11-linuxkit-aarch64-with-glibc2.36

If you see the following output, that means everything was installed correctly and Mitmproxy is ready for action!

2. Running Mitmproxy

Now we can run our Mitmproxy proxy server through one of the following commands:

mitmproxy

or

mitmweb

if you prefer GUI instead of TUI.

I will go with the GUI option for convenience. As soon as you run the command, you will see the following output:

$ mitmweb
[19:38:30.867] HTTP(S) proxy listening at *:8080.
[19:38:30.868] Web server listening at http://127.0.0.1:8081

The first line says that the proxy server is running on our machine and we can connect to it, while the second line shows us the localhost address of the Mitmproxy client GUI.

The client GUI should open upon command execution in the browser.

Now our proxy server is running and ready to receive connections.

3. Proxy Client Configuration

Our next step is to make our phone pass all of the requests through our proxy server.

But first, we need to get the local IP address of our computer which runs our proxy server. To do that, just type the following command in your terminal:

ipconfig

Your local IP will look something like this: 192.168.x.x (e.g., 192.168.1.100). And with the known port (which is 8080 by default), we can compose the full local IP address of our proxy server: 192.168.x.x:8080. Let's remember this information, since we are going to need it a bit later.

Our next step is to go to Wi-Fi settings on our mobile phone and configure traffic forwarding to the proxy server.

In Wi-Fi settings, find Proxy config and input your proxy server IP and port. Both mobile phone and your computer must be in the same network.

After you have successfully connected your phone to the proxy server, we are still not done yet.

As you will see, if you try to open any website on your phone through Google, you will see an error. That is happening because most websites and apps use HTTPS, which encrypts traffic and requires the phone to trust the proxy's Certificate Authority (CA) certificate for interception. Without this, the phone rejects the connection, resulting in a security warning or error. To resolve this, you need to install Mitmproxy's CA certificate on your Android device.

While the phone is connected to the proxy, open a browser and navigate to http://mitm.it, select the Android option, and download the certificate.

Then, go to Settings - Security - Install from storage (or Encryption & credentials - Install a certificate on Android 14/15), install the certificate as a CA certificate, and name it (e.g., "mitmproxy").

After successful installation, you can now go to any website and you will see that all of the traffic is being intercepted by Mitmproxy.

You can even intercept some of the traffic from the Android applications, but not all of it. Since Android 7.0, apps may not trust user-installed certificates by default due to security restrictions, so for some apps, you may need advanced techniques like rooting or using tools like Frida to bypass certificate pinning.

Conclusion

Setting up Mitmproxy to intercept HTTPS traffic from your Android phone is a powerful technique for developers, security researchers, and anyone who needs to analyze mobile app network communication. With the proxy server running on your computer and the proper certificate installed on your Android device, you can inspect encrypted traffic, understand how apps communicate with their servers, debug networking issues, and even identify potential security vulnerabilities.

This approach provides invaluable insights into what your apps are doing behind the scenes, helping you better understand their behavior, troubleshoot issues, and ensure they're handling your data securely.