The MitM and HTTPS Capturing

June 3, 2025 · 1 min read · Page View:

The MitM and HTTPS Capturing

If you have any questions, feel free to comment below. And if you think it's helpful to you, just click on the ads which can support this site. Thanks!

Do you really know what is the network activity on your phone? Have you ever wondered how to capture the https packages on your phone? In this article, I will introduce you to the MitM and how to capture the https traffic on your phone.

MitM #

What is MitM? #

MitM is a technique that allows a user to intercept and modify the traffic between a client and a server, which is the abbreviation of Man-in-the-Middle.

Why use MitM? #

For some applications, you need to capture and decrypt the https traffic, then modify the traffic(such as filter out ads traffic), so you need to use MitM.

Nowadays, almost every app uses https to communicate with the server, and due to the encryption of the traffic, we cannot get the plaintext of the traffic. So, the capturing software such as Charles, Fiddler, etc. they usually acting as the middle to communicate between the client and the server by the means of install the certificate on the client side which is trusted by the client.

To prevent this middleman situation, some apps will install the certificate inside the client, and compare with the certificate inside the app and the server, if they are the same, then communicate normally, otherwise, the request will not work. This method is so called cert pinning.

If you have some sensitive data on your phone(eg, you want to pay something in the meantime), I recommend you to suspend the certificate after you have finished the https capturing.

Will the rules have some negative impact on the battery consumption?

Actually not, these apps will generate a search tree when loading rules, which can be understood as a finite state machine DFA from back to front, not line by line matching, and there is also a hash cache for each matching result. In other words, the rules of 2000 lines and 50 lines are of the same order of magnitude time complexity O(1).

How to use MitM? #

Actually, there are a bunch of tools to implement the MitM(do not forget to trust the certificate), such as:

• Quantumult X (IOS)
• Stream (IOS)
• mitmproxy^[1]
• Charles^[2]
• Fiddler
• Wireshark^[3]
• HttpCanary(Android)

References #

• Quantumult X manual^[4]
• Quantumult X https capturing^[5]

Related readings

• Introduction to the HTTP and HTTPS Protocol
• The Practice of Resolving Domain
• The Iftop
• The Method to Manage Traffic
• Mail Service and Protocol