Here are some rough notes describing how to setup Ubuntu to view all web traffic (including SSL) coming from an Android phone.

* Install required tools.

sudo apt-get install dsniff
sudo pip install mitmproxy

  • Enable IP forwarding and create iptables rules to redirect ports 80 and 443 to mitmproxy.

    sudo sysctl -w net.ipv4.ip_forward=1
    sudo iptables -t nat -A PREROUTING -i <interface> -p tcp --dport 80 -j REDIRECT --to-port 8080
    sudo iptables -t nat -A PREROUTING -i <interface> -p tcp --dport 443 -j REDIRECT --to-port 8080

  • In one terminal, run arpspoof to ARP poison phone and make it think we are the router.

    sudo arpspoof -i <interface> -t <android IP> <gateway IP>

  • In another terminal, run mitmproxy in transparent proxy mode.

    mitmproxy -T --host

  • Connect phone to computer with USB and copy autogenerated file from ~/.mitmproxy/mitmproxy-ca-cert.cer to phone.

  • On Android phone, go to Settings -> Security -> Credential Storage, and select “Install from storage”. Choose ‘mitmproxy-ca-cert.cer’ and pick to use it for WIFI.

  • You should now see all web traffic from phone being sent to mitmproxy.