I'm developing an app and want to test if users could be capturing HTTPS based API endpoints from my app by using Wireshark monitoring.
I know how to capture some HTTP traffic from my wireless network in my PC from the phone, buy I won't be able to decrypt the HTTPS traffic coming from the Android phone in case it's encrypted via HTTPS. Furthermore, if I'm not wrong, I understand that in the header of the HTTPS packets, I might find the endpoint URL that it's being queried and maybe in the body, I might find the info is being sent to that endpoint.
How can I work around this issue?
PS: I'm not 100% into Wireshark yet, please answer me in a simple form
