mitmproxy
mitmproxy mitmproxy is the interactive HTTPS proxy for capturing and replaying mobile traffic, with Python scripting for custom filters on Android/iOS app flows during security audits. Install via pip, configure certs on your device, and inspect requests in its console or web UI for tampering tests. Open-source and scriptable, it's the traffic tinkerer for pentesters proxying encrypted app comms seamlessly.
Explore →frida
frida frida is the dynamic instrumentation toolkit that hooks network calls in running mobile apps, intercepting SSL traffic or API responses via JS scripts for real-time manipulation without repacks. Attach to processes on rooted/jailbroken devices, injecting handlers for packet logging or response forging. Open-source and cross-platform, it's the live interceptor for reverse engineers bypassing native protections.
Explore →objection
objection objection is the Frida-powered runtime explorer that automates mobile traffic interception, dumping SSL keys or forwarding proxies for MITM on iOS/Android apps during dynamic analysis. Bridge to your instrumented app, run 'frida-trace -f com.app' for hook traces, and manipulate flows on the fly. Open-source from sensepost, it's the all-in-one agent for pentesters exploring encrypted internals.
Explore →HTTP Toolkit
HTTP Toolkit HTTP Toolkit is the open-source proxy for mobile traffic capture, with auto-setup for Android emulators and device bridging to decrypt HTTPS without manual cert installs. Launch its desktop app, select your device, and rewrite requests/responses in real-time for vuln testing. GitHub-hosted and extensible, it's the user-friendly usher for analysts routing app traffic through custom rules.
Explore →proximac
proximac proximac is the macOS-specific proxy for iOS simulators, tunneling traffic through mitmproxy for interception and modification without jailbreak hassles. Configure via its Go binary, bridging simulator network to your host for seamless HTTPS decryption. Open-source from proximac, it's the simulator sidekick for Apple devs intercepting local app flows effortlessly.
Explore →frida-ios-hooker
frida-ios-hooker frida-ios-hooker is the script suite for intercepting iOS network layers with Frida, hooking NSURLSession to log or alter requests for traffic analysis in jailbroken setups. Inject via frida-server, tracing API calls for payload inspections or response tampering. Open-source from community, it's the iOS hook harness for mobile RE folks capturing native comms dynamically.
Explore →android-ssl-bypass
android-ssl-bypass android-ssl-bypass is the Xposed module for rooting and unpinning SSL in Android apps, enabling proxy interception of HTTPS traffic for Burp or Wireshark integration. Flash via Magisk, toggle for targeted processes, and route decrypted flows for endpoint mapping. Open-source from community, it's the root enabler for pentesters exposing app APIs through pinned barriers.
Explore →PacketCapture
PacketCapture PacketCapture is the non-root Android app that sets up a local VPN to intercept and decrypt app traffic, exporting pcaps for Wireshark without system mods. Enable in settings, select apps, and capture sessions for protocol dissection or replay. Open-source alternative via F-Droid, it's the VPN virtuoso for users sniffing mobile packets on stock devices.
Explore →mitmproxy-android
mitmproxy-android mitmproxy-android is the ported proxy for emulated Android devices, bridging host mitmproxy to guest traffic for HTTPS interception in AVD sessions. Configure via adb forwarding, injecting certs for decryption of emulator app flows. Open-source fork, it's the bridge builder for devs proxying virtual mobile environments with host tools.
Explore →frida-android-interceptor