Most Android apps use HTTP to get data, load content, and communicate with servers. By capturing and changing these network requests, you can see how apps work, fix issues, and even control their behavior.
Requestly is a popular, open-source tool for developers that helps them capture and modify traffic from browsers, Android apps, iOS apps, and more. It allows developers to troubleshoot, test, and alter API requests and responses seamlessly.
In this blog post, I’ll show you how to use Requestly to capture network traffic and modify API responses in Android apps. To intercept the android traffic we will first setup and connect Requestly
Setup
To connect your Android device with the Requestly desktop app, follow these steps
- First, Install the desktop app from
- Once installed, open the Requestly desktop app and click on
Connect apps - Then, choose the
Mobile apps and browserssection. - Then, choose the
Android External Deviceoption and click onSetup Instructions
Step 1: Set up Proxy
Let’s configure a manual proxy on our Android device’s WiFi settings. This will allow us to route traffic through Requestly on our desktop, provided both devices are connected to the same WiFi network.
Follow these steps to set up the proxy 👇
- Open your WiFi settings and go to the currently selected WiFi.
- On the top right, you should see an option to edit the settings. Click on the edit icon.
- Next, you should see a list of settings for your current WiFi. We want to set a manual proxy for this WiFi, so select the “Manual” option under the “Proxy” option.
- Add the Host and Port as suggested by the Android Setup guide on your Requestly app.
Here’s the step-by-step demonstration on an Android device 👉
If you’ve done the above steps correctly and configured a proxy successfully, you should see the following page when you visit the URL http://amiusing.requestly.io/ (Please note HTTP and not HTTPs here) on your device.
Now that you’ve installed a proxy on your device, and you can listen to HTTP(s) traffic, let’s add a certificate on your device so that you can also listen to HTTPs traffic.
Step 2 : Download certificate
- Open Incognito window in your browser
- Go to http://requestly.io/ssl (⚠️ Use http here, not https)
- This will download
RQProxyCA.pem.cert
Step 3 : Trust Certificate
- Open Trusted Certificate Settings by navigating to
Settings -> Security -> Encryption & Credentials -> Install a Certificate -> CA Certificate. - To install this certificate, select
Install Anywayand select the certificateRQProxyCA.pem.cert.- To verify Certificate trust settings are now active, go to
Trusted Credentials -> User.RQProxyCAshould be present here. Alternately, you may simply begin submitting requests and watch as they are logged in the Requestly Network Tab.
Step 4 : SSL Pinning
Due to Android’s recent mandate requiring SSL Pinning for all apps on the Play Store, intercepting HTTPS traffic can be challenging. To enable traffic inspection through Requestly, we need to bypass SSL Pinning. This step involves configuring your app to trust custom certificates, allowing Requestly to intercept and inspect HTTPS traffic.
Add these configs to your app codebase for it to work
- Add res/xml/network_security_config.xml
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</debug-overrides>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
- Add to AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config" ... >
...
</application>
</manifest>
Capturing Traffic from Android app
Step 1 : Launch the App
Step 2 : Interacting with the App
Perform actions within the app (e.g., navigating through different pages) to trigger API calls.
Step 3 : Check Requestly App
Go to Requestly app, where you’ll see the traffic being captured by the app.
- All API calls made by the app to its servers will be displayed.
- You can view specific API calls, inspect their responses, headers, and even modify them.
Modifying API Responses in Android app
To modify API responses, first, right-click on the API request you want to modify in Requestly and choose Modify Response Body.
In the Static Data section, locate the property you want to edit. For example, if you want to change the “Name,” find that part in the response. You can then change the “Name” to anything you like (e.g., “Testing“).
After you save the changes, go back to the app, and you’ll immediately see the new information.
This lets you test how the app works with the updated data.
Additionally, Requestly offers Dynamic Override, allowing you to modify responses based on conditions like methods, URLs, or headers, making it even more powerful for testing various scenarios.
Conclusion
Android development can be challenging without knowing what’s going behind the scenes, I hope you have better visibility on your apps with Requestly. Control over the network requests and feature to modify them gives you even more power, you can easily simulate edge cases like delays in requests, error responses, modified response or request body & modified query parameters etc. You can even connect your apps to a different environment(like staging or dev) without making any changes to your code.
