HttpCanary User Manual

HttpCanary is a powerful network analysis tool for the Android platform. It supports multiple protocols such as HTTP, HTTP2, HTTPS and WebSocket.

Before using, it is recommended to read the basic usage steps and advanced usage of HttpCanary in order to have a general understanding of the features of HttpCanary.

PS: This manual is based on the v2.6.0

Features

  • No root requirement, will not affect network usage.
  • Supports protocols like HTTP1.0, HTTP1.1, HTTP2, HTTPS and WebSocket.
  • Supports modification and injection of capture data, you can intercept the packets and modify them.
  • Supports repeat and compose requests.
  • Supports filtering and searching for packet capture records, as well as setting the specified app and Host/IP.
  • Contains Raw, Hex, Text, Header, JSON and many other viewers.
  • Automatic decode data like gzip, deflate, chunked.
  • Supports for previewing URL, JSON, form, image, audio, cookie, set-cookie, and many other data types.
  • Supports for saving request and response data to a file or adding to favorite.
  • Supports WebSocket real-time preview.
  • Supports sharing of request and response data, and open shared file with HttpCanary.
  • Supports blocking request and response.

Getting Started

1. Installation certificate

HttpCanary uses Man-in-the-Middle (MITM) technology to capture and parse TLS/SSL packets, such as HTTPS, WSS, etc., so you need to install a self-signed Certificate Authorities (CA) before using it. Tap the capture button -> Confirm your pattern -> OK to complete the installation of the certificate.

2. Android 7.0+(Optional)

This is an optional step for some special cases of the Nougat(7.0)+ system. From Android Nougat(7.0), Google changed the network security policy. Self-signed Certificate Authorities (CA) are not trusted by any apps' secure connections by default. That means HttpCanary is unable to decrypt TLS/SSL packets. But we have four ways to get around it.

2.1 Your own app

Add a network security configuration in AndroidManifest.xml:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config"
                    ... >
        ...
    </application>
</manifest>

And the network_security_config file in res/xml/:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>

For more information, please see Android Developer Network security configuration.

2.2 Third-part app

We can use Parallel Space App to capture the third-part app's TLS/SSL packets.

Go to HttpCanary Settings -> Install Parallel Space and click to install.

Open Parallel Space App and install the target app which you want to capture. Launch the installed target app from Parallel Space App and then you will see the packets hosted by Parallel Space in HttpCanary.

2.3 Install a lower targetVersionSDK version of the target app

If the app's targetVersionSDK < 24, HttpCanary can capture SSL/TLS packets even runs on Android 7.0+.

2.4 Add HttpCanary root certificate to system trusted list(Root required)

HttpCanary root certificate is a self-signed certificate, but if we could make this certificate to be a real CA, system will trust the MITM server. Try like the following steps to be a real CA.

  • Goto HttpCanary Settings -> HttpCanary root certificate -> Export HttpCanary root certificate -> System Trusted(.0)
  • Remount system and copy the expored .0 file to /etc/security/cacerts/
  • Restart the target app's process.

Running HttpCanary

Tap the floating button in home page to start and stop capturing packets. Remember, long presses can quickly clear the record (A trick).

Capture packets are sorted by time, the list contains elements such as app icon, app name, request method, request URL, response code, and time. You can clear the list by clicking the button in ActionBar.

1. Specify Capture

HttpCanary supports specifying capture targets, you can specify the apps or the Hosts and IPs.

Tap the 🔍 menu button in ActionBar and go to the advanced search page. You can configure multiple conditions to filter the packets.

Tap the menu button in this page to reset all filter conditions.

If a filter condition is set, the 🔍 button in ActionBar will change to an triangle icon, indicating that the record has been filtered.

3. Packet Browsing

HttpCanary provides detailed data browsing capabilities. The details page contains three main tabs: Overview, Request, and Response.

3.1 Overview

The overview provides packet reports including status, request protocol, request method, response code, server IP and port, cookie, Content-Type, timing, packet sizes, and more.

Tips: Long press an item to copy it quickly.

If the URL has query parameters, tap the item to go to the URL preview page:

Tap the Cookie item to go to the Cookie preview page:

Tap the Set-Cookie item to go to the Set-Cookie preview page:

3.2 Request and Response

The request and response contain multiple viewers, tap the bottom tabs to switch.

3.2.1 Raw Viewer

The Raw viewer presents the original packet data, without any decoding and decrypting. The viewer contains the full packet data. You can long press and select data to copy.

This viewer displays up to 32k of data due to character limitations.

3.2.2 Header Viewer

The Header viewer presents request lines, request headers, response lines, and response headers. Long press an item to copy quickly.

3.2.3 Text Viewer

The Text viewer presents content data, will automatically decode data like gzip, chunked, deflate, etc.. Long press an item to copy quickly.

This viewer displays up to 32k of data due to character limitations.

3.2.4 Hex Viewer

The Hex viewer presents content data in hex format, it will be easy to analyze them.

This viewer displays up to 32k of data due to character limitations.

3.2.5 Preview Viewer

HttpCanary supports previews of some data types, like JSON, Forms, images, audio and so on.

3.2.6 JSON Viewer

If the data type is JSON, you can open the JSON viewer by clicking the JSON content. You can operate JSON nodes, expand or collapse all nodes. It also supports horizontal screen.

3.2.7 Audio Viewer

If the data type is an audio, you can click to open the audio viewer. The audio viewer supports audio playback and saving.

3.2.8 WebSocket Viewer

The WebSocket viewer presents the packets in the form of a chat.

3.3 Packet Save

You can save the request and response packets in this page. The packets will be save into three files: raw file, header file, text file. And you will find the save files in /HttpCanar/download directory.

3.4 Packet Share

You can share the request and response packets to others in this page too. The shared file format is ‘.hcy’. This file can be opened directly with HttpCanary.

Injection

Injection is one of the core functions of HttpCanary. You can modify the request and response to hack the packets.

This feature is a paid version feature, and the free version has a 7-day trial.

HttpCanary provides two different modes for the injection. They are static mode and dynamic mode. You can long press on the record to choose an injection mode.

1. Static Mode

Static mode supports the full injection of the HTTP/HTTPS packets, includes query parameters, request headers, request body, response status line, response headers and response body.

If you configured a static mode injection, the injector will be stored for next usage. And you can manage them in Settings -> Mod Manager. In mod manager, you can disable, enable or delete an injector.

1.1 Request Injection

Static mode provides an injection edit page to preprocess data. You can choose to inject the query parameters, request headers or the request body.

For the query parameters and headers injection, static mode has three options: follow, custom, disable.

  • Follow:Use the original data from client, do nothing to them.
  • Custom:Add or replace the value by key, like Map add operation.
  • Disable:Remove the key and value from client, like Map remove operation.

For the body injection, see the following response injection.

1.2 Response Injection

Static mode supports injecting response status line, headers and body. The following figure is an injection of the status line, you can select one from the list:

For the body injection, static mode provides two ways.

  • Upload a body file, tap the upload icon and select a file from File Browser.
  • Edit online, it supports only when the body data is human readable.

2. Dynamic Mode

Compare to static mode, the dynamic mode doesn't support the injection of request body and response body. This is due to the difficulty of handling big data bodies on mobile apps. We are considering to support tiny bodies later.

You can use the dynamic mode when the capture service is running. And remember that you should handle the data before timeout.

3. Injection Results

If a request is injected, the record item will show an indicated text.

Repeat and Compose

From v2.2.0, HttpCanary supports repeat and compose requests.

This feature is a paid version feature, and the free version has a 7-day trial.

You can long press the record item and choose the function.

1. Repeat

You can choose an item and repeat to send it. The repeated request is from HttpCanary app, and can be injected by you injectors. So if you want to inject a request, the repeat function would be very helpful.

2. Compose

Compose is an advanced repeat feature. You can edit the existing request data and then repeat it.

There are two menu items on ActionBar. The left one is revert, use this to revert your changes. And the right one is submit.

More

More features is coming!

FAQ

Q: What is the difference between paid version and free version?
A: The paid version features:

  • No ads.
  • Unlimited use of injections.
  • Support repeat and compose.
  • More powerful features in future.

Q: Why are some requests not caught?
A: If you use an Android 7.0+ phone, please refer to the Getting Started of this manual. If you follow the configuration, still have the issue. I think maybe the client or the server did a security check on the SSL certificate, and in this case, the packet cannot be captured.

Copyright © GuoShi 2019 all right reserved,powered by GitbookFile Modify: 2019-08-28 10:03:38

results matching ""

    No results matching ""