I've been building a list of apps and libraries in this space. In no particular order:

https://requestly.io/

https://portswigger.net/burp

https://dutzi.github.io/tamper/

https://anyproxy.io/en/

https://wproxy.org/whistle/

https://www.telerik.com/fiddler

https://github.com/alibaba/lightproxy

https://httptoolkit.tech/

https://mitmproxy.org/

https://wiki.squid-cache.org/Features/SslPeekAndSplice

https://www.charlesproxy.com/

https://nssurge.com/

https://wrapapi.com/proxy

https://www.privoxy.org/

http://www.tofuproxy.stargrave.org/

https://github.com/http-party/node-http-proxy

https://github.com/joeferner/node-http-mitm-proxy

https://www.zaproxy.org/

https://proxyman.io

Note that any properly made android app will pin its certificates and disallow user-added certificates, so you'll only see garbage go through. You need to install your certificate as a system certificate, which either requires root, or using the emulator.

great collection. You can also create a Github awesome repo collection like awesome-requests-proxy-tools

Second that. Would be most useful, especially if maintained. I myself am still on fiddler

UPDATE: did that myself, but wish someone takes over. I only check for new and better stuff once in 3 years. The community deserves someone better.

https://github.com/michaelkariv/awesome-requests-proxy-list

I use burp suite(community version) for the same purpose along with frida. There is also Brida[1] its sort of a bridge between both of them.

Something which I don't like is that every time I need the traffic to go through burp I need to go the WiFi settings and modify the "advance option" to use proxy. And if I keep the proxy settings on all the time then I've had issues with playstore and other such app, on the testing device. So that small bit of manual work is what I don't like.

In another comment[2] they mentioned they'll be releasing an android interceptor which would work without proxy, I think that would make me try this.

[1] [https://github.com/federicodotta/Brida](https://github.com/f...

[2] [https://news.ycombinator.com/item?id=30541263](https://news....

I recently used Fiddler along with Frida[1] to deal with cert pinning in the app I was looking into.

[1] https://github.com/httptoolkit/frida-android-unpinning

Sweet, thanks for the link.

I was looking for something like this. Tried mitmproxy but it was useless against cert pinning. So I went with decompiling the app to extract the auth keys and urls for the internal API it was using.

Is there a way to deal cert pinning without decompiling the app?

Here's my setup (for private projects, work stuff is under NDA):

- Android device running Android 10 (generally using older versions is better) - Magisk for root + Trust User Certificates module - mitmproxy (sometimes using mitmweb) - ProxyDroid to connect to mitmproxy - Frida with a one of a handful open source SSL pinning bypass scripts (and a custom one at work)

When network requests aren't enough, I reach for JADX-GUI for decompilation and Frida (REPL and custom scripts) for extracting data at runtime (taking the necessary "cleanroom" precautions for commercial projects).

Same. mitmproxy (and its built-in mitmdump lib), along w/ the (criminally obscure / amazing) lnav (https://lnav.org), have served me very well in the past for this kind of thing.

I have seen Inav earlier but never used it. Does it also provide response modification capabilities?

No, at least not out of the box, bc that's outside its intended realm; lnav (short for log navigator) is like a mini-ETL CLI powertool w/ embedded SQLite. You can pipe (semi/)structured data in, then query and optionally transform and/or export it out. Its API makes it convenient for chaining w/ tools like mitmproxy, so you could do almost anything with it in a custom script pipeline.