Use a proxy with Waydroid

in

Waydroid is a project that allows you to run Android applications on a Linux distribution. It’s a fork of the project Anbox-Android-in-a-Box. Android applications are run in a container and do not have the overhead of emulators.

This article will explain how to use a proxy with Waydroid and intercept the traffic using a proxy. This can be useful to reverse engineer an API or for security testing.

Install Waydroid on Ubuntu

First, you need to install Waydroid on your Ubuntu distribution. You can follow the instructions on the official website.

Here is a quick summary:

$ sudo apt install curl ca-certificates -y # Install curl and ca-certificates
$ curl https://repo.waydro.id | sudo bash # Add the repository 
$ sudo apt install waydroid adb -y # Install Waydroid package and Android Debug Bridge
$ sudo systemctl enable --now waydroid-container # Start the service

BE CAREFUL: Waydroid require Wayland.

At this point, you should be able to launch Waydroid from the application menu. You will be prompted to download the Android image with or without the Google applications. Once the download is complete, you will be able to launch Android applications.

If the newtork doesn’t work you can use https://github.com/waydroid/waydroid/issues/143

sudo sed -i~ -E 's/=.\$\(command -v (nft|ip6?tables-legacy).*/=/g' \
     /usr/lib/waydroid/data/scripts/waydroid-net.sh

Install a Proxy

We are going to use Mitmproxy as a proxy. You can install it with the following command:

$ sudo apt install mitmproxy -y

Mitmproxy will be used to intercept the traffic between the Android application and the Internet. It’s an Open Source project that allows you to inspect and modify HTTP traffic. It’s also easy to script with Python.

Mitmproxy can be used as a command-line tool or with a web interface. We are going to use the web interface.

You can start Mitmproxy with the following command:

$ mitmweb -p 8888

This will start Mitmproxy on port 8888 and launch the web interface. You can access the web interface by opening the following URL in your browser: http://127.0.0.1:8081

Test with curl

You can test the proxy with Curl. You need to set the proxy with the following command:

$ export http_proxy=http://127.0.0.1:8888

Next, you can test the proxy with the following command:

$ curl http://example.com

You should see the request in the Mitmproxy web interface.

If you try to proxy HTTPS traffic, you will get a certificate error.

$ export https_proxy="http://127.0.0.1:8888"
$ curl https://example.com

You can ignore the certificate error with the following command:

$ curl --insecure https://example.com

To make it work in Waydroid you will need to install the certificate in the Android image.

The certificate is located in the following directory: ~/.mitmproxy/

Setup the proxy in Waydroid

First you need to get the IP address of your computer on the container network. You can get it with the following command:

$ ip address show waydroid0
18: waydroid0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:00:00:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.240.1/24 brd 192.168.240.255 scope global waydroid0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe00:1/64 scope link
       valid_lft forever preferred_lft forever

Here the IP is 192.168.240.1

We restart Mitmproxy with the following command:

$ mitmweb -p 8888 --listen-host 192.168.240.1

Then you can configure the proxy in Waydroid with the following command:

$ adb shell settings put global http_proxy "172.17.0.1:8888"

You can now test in the browser a non HTTPS page.

Install the certificate in Waydroid

All credit goes to this GitHub issue.

First you need the certificate hash.

This is the first line of the output of the following command:

$ openssl x509 -subject_hash_old -in ~/.mitmproxy/mitmproxy-ca-cert.pem
a8990c1d

Next we create an overlay directory in Waydroid:

$ sudo mkdir -p /var/lib/waydroid/overlay/system/etc/security/cacerts/

-p is used to create the parent directories if they don’t exist.

And we copy the certificate in the overlay directory:

$ sudo cp ~/.mitmproxy/mitmproxy-ca-cert.pem /var/lib/waydroid/overlay/system/etc/security/cacerts/a8990c1d.0
$ sudo chmod 644 /var/lib/waydroid/overlay/system/etc/security/cacerts/a8990c1d.0

Pay attention to the extension of the certificate. It must be .0 and the file name must be the hash of the certificate.

Remove the proxy

adb shell settings put global http_proxy :0