26 ноября 2021 г.

How to intercept (capture, sniff) HTTPS traffic from 3rd party Android apps

Qiuck reference

Not working for me:

Extra conditions

  1. Hardware device OR emulator should be rooted
  2. 7 version of Android (Nougat) (default for Bluestacks 5). It allow to use user-signed certificate to decrypt https for 3rd party apps
  3. May be you need to trust http toolkit certificate on desktop by prompt popup

How to root Bluestacks 3,4,5 without BSTweaker

Check root state with "Root Checker" application from Play Market Check root state. It should be green with congratulations successfully rooted android


  1. Enable ADB in Bluestacks extra settings. It give you address & port adb bluestacks
  2. Extract platform tools. Open terminal, follow extract pathExecute ./adb connect connect with platform tools
    • Run app HTTP toolkit on Android
    • Open HTTP toolkit on Desktop find option "Android device connected via ADB". It should have active state. Choose it
    • access to adb http toolkit
    • Select emulator-5554
    • access to adb http toolkit
  3. in Bluestacks in HTTP toolkit app you shuld see success connectionhttp toolkit connection
  4. on Desktop in HTTP toolkit follow view section and you can see decrypted https traffic from all android appsdecrypted android https traffic
  5. All is done!