[CartwheelLinux]

If you want to do this now with little setup, run waydroid and then run wireshark inside the network namespace that is created for waydroid

sudo ip netns exec <netns> wireshark

[jeroenhd]

Wireshark is nice, but for HTTPS MitM you'll need a tool like mitmproxy/Burp to do the proxying and either modifications to the system image or a Frida daemon running as root to make most apps trust the MitM'd certificates.

To get the traffic routed right, the Wireguard option for mitmproxy is pretty useful in my experience. Not sure how well Waydroid + Android VPNs work together, though.

[wraptile]

There's also certificate pinning which is done by basically every modern android app so you often need to modify apk to remove that. Httptoolkit has a good blog on the process: https://httptoolkit.com/blog/frida-certificate-pinning/

[jeroenhd]

With root access, Frida can patch applications in memory, so you don't need to mess with the APK file.

If root is not an option, injecting Frida into the APK will work (but that might break applications that verify signatures).

[feanaro]

What do you mean by the Wireguard option for mitmproxy?

EDIT: Oh, look at this https://mitmproxy.org/posts/wireguard-mode/. TIL.

[jeroenhd]

It's a pretty neat feature! I think it's in beta but it works flawlessly in my experience. Sure is a lot easier than setting up a separate (W)LAN with iptables rules to force redirect traffic.