How to Sniff HTTP Packets on Android Without ROOT

Activity sniff or capture on the network is usually done for testers and developers to find gaps in the current project. To do that is basically easier if you do it from a computer, but actually you can even do it from an Android phone.

Currently there are several supporting applications to sniff HTTP packets from an application. And some of them have different ways of doing it. From converting files into a PCAP format, or directly displaying the results.

In addition, there are also applications for sniffing even without ROOT access. That is use the help of a VPN and installing additional credentials or certificates on the phone, which will be explained in this article.

Network Sniff Tutorial from an Android App

The application that will be used is HTTPCanary. I think the functionality of this application is easier than the others. Please download first through the Play Store. And if it has been installed, follow the steps below to start installingcapture network.

  1. Please open the app HTTPCanary.

  2. Then tap the icon at the bottom right to get started.

  3. A VPN dialog will appear, please allow it.

  4. After that, open the application you want to capture.

  5. Later all network activity will appear in the HTTPCanary application.

    HTTP Packet Sniff on Android

  6. To stop it, tap the button again at the bottom right.

    Stop HTTPCanary

Now network activity will be trackable. Both TCP and UDP protocols can also be known with this application. However, for the HTTPS protocol, users may have to install other applications to find out.

Why HTTPS Protocol Can’t Be Sniffed?

Actually it can, because HTTPCanary has installed a user certificate on the phone. Also, if the phone is rooted, it will be even more accurate, as HTTPCanary will install the certificate directly into the system.

So if the HTTPS connection cannot be sniffed, as a suggestion, please open the target application via Parallel Spaceat least that’s the solution provided by HTTPCanary itself.

Also read: How to find out if there is a spy app on Android

HTTPCanary Solution Not Working

Make sure beforehand the certificate from this application has been installed. This is aimed at the network so that the VPN used is trusted to get TLS-based connections. And if it’s not already installed, you can delete the HTTPCanary application data and then open it again, later the dialog to install the certificate will reappear.

You should also make sure that the phone is current no currently using Private DNSbecause it will prevent the VPN from gaining access as the network is encrypted first.

How to Remove Certificate from HTTPCanary?

When a user certificate is installed from an application, usually some phones will display a notification if the current network is being recorded. That’s certainly true, considering that HTTPCanary works for network recording.

To remove it is very easy. Just go Arrangement > Security > Delete All Credentials. After deleting it, now the notification will no longer appear.

Don’t worry, deleting the credentials won’t delete any existing certificates on the system, so everything will be safe.

If you have any other questions regarding this article, don’t hesitate to comment in the column below to get answers and assistance as soon as possible.

Hopefully useful and good luck