Waydroid is a project that allows you to run Android applications on a Linux distribution. It’s a fork of the project Anbox-Android-in-a-Box. Android applications are run in a container and do not have the overhead of emulators.
This article will explain how to use a proxy with Waydroid and intercept the traffic using a proxy. This can be useful to reverse engineer an API or for security testing.
Install Waydroid on Ubuntu
First, you need to install Waydroid on your Ubuntu distribution. You can follow the instructions on the official website.
Here is a quick summary:
$ sudo apt install curl ca-certificates -y # Install curl and ca-certificates
$ curl https://repo.waydro.id | sudo bash # Add the repository
$ sudo apt install waydroid adb -y # Install Waydroid package and Android Debug Bridge
$ sudo systemctl enable --now waydroid-container # Start the service
BE CAREFUL: Waydroid require Wayland.
At this point, you should be able to launch Waydroid from the application menu. You will be prompted to download the Android image with or without the Google applications. Once the download is complete, you will be able to launch Android applications.
If the newtork doesn’t work you can use https://github.com/waydroid/waydroid/issues/143
sudo sed -i~ -E 's/=.\$\(command -v (nft|ip6?tables-legacy).*/=/g' \
Install a Proxy
We are going to use Mitmproxy as a proxy. You can install it with the following command:
$ sudo apt install mitmproxy -y
Mitmproxy will be used to intercept the traffic between the Android application and the Internet. It’s an Open Source project that allows you to inspect and modify HTTP traffic. It’s also easy to script with Python.
Mitmproxy can be used as a command-line tool or with a web interface. We are going to use the web interface.
You can start Mitmproxy with the following command:
$ mitmweb -p 8888
This will start Mitmproxy on port 8888 and launch the web interface. You can access the web interface by opening the following URL in your browser: http://127.0.0.1:8081
Test with curl
You can test the proxy with Curl. You need to set the proxy with the following command:
$ export http_proxy=http://127.0.0.1:8888
Next, you can test the proxy with the following command:
$ curl http://example.com
You should see the request in the Mitmproxy web interface.
If you try to proxy HTTPS traffic, you will get a certificate error.
$ export https_proxy="http://127.0.0.1:8888"
$ curl https://example.com
You can ignore the certificate error with the following command:
$ curl --insecure https://example.com
To make it work in Waydroid you will need to install the certificate in the Android image.
The certificate is located in the following directory:
Setup the proxy in Waydroid
First you need to get the IP address of your computer on the container network. You can get it with the following command:
$ ip address show waydroid0
18: waydroid0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:00:00:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.240.1/24 brd 192.168.240.255 scope global waydroid0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
Here the IP is 192.168.240.1
We restart Mitmproxy with the following command:
$ mitmweb -p 8888 --listen-host 192.168.240.1
Then you can configure the proxy in Waydroid with the following command:
$ adb shell settings put global http_proxy "172.17.0.1:8888"
You can now test in the browser a non HTTPS page.
Install the certificate in Waydroid
All credit goes to this GitHub issue.
First you need the certificate hash.
This is the first line of the output of the following command:
$ openssl x509 -subject_hash_old -in ~/.mitmproxy/mitmproxy-ca-cert.pem
Next we create an overlay directory in Waydroid:
$ sudo mkdir -p /var/lib/waydroid/overlay/system/etc/security/cacerts/
-p is used to create the parent directories if they don’t exist.
And we copy the certificate in the overlay directory:
$ sudo cp ~/.mitmproxy/mitmproxy-ca-cert.pem /var/lib/waydroid/overlay/system/etc/security/cacerts/a8990c1d.0
$ sudo chmod 644 /var/lib/waydroid/overlay/system/etc/security/cacerts/a8990c1d.0
Pay attention to the extension of the certificate. It must be
.0 and the file name must be the hash of the certificate.
Remove the proxy
adb shell settings put global http_proxy :0