Ask Your Question

Revision history [back]

How can I capture API endpoints sent to HTTPS from an Android App?

I'm developing an app and want to test if users could be capturing HTTPS based API endpoints from my app by using Wireshark monitoring.

I know how to capture some HTTP traffic from my wireless network in my PC from the phone, buy I won't be able to decrypt the HTTPS traffic coming from the Android phone in case it's encrypted via HTTPS. Furthermore, if I'm not wrong, I understand that in the header of the HTTPS packets, I might find the endpoint URL that it's being queried and maybe in the body, I might find the info is being sent to that endpoint.

How can I work around this issue?

PS: I'm not 100% into Wireshark yet, please answer me in a simple form