A Brief Introduction to MITM Proxy
Examining Web Traffic on Your Phone
Hello, welcome to The Aggregate, the newsletter on the in depth analysis on topical yet unusual datasets and technical topics. If you want to sign up, a button to do that is below, or just read on!
So What is MITM Proxy?
MITM Proxy, with mitm standing for Man in The Middle, is an open source proxy service which via
brew install mitmproxy, can be quickly played around with on a Mac. To put it it simply, it is a proxy service for HTTP(S) requests, with a focus on being flexible, with command line, web, and a file dump versions available. By proxy that means it acts an intermediary between requests made from the client and the response from the server. You can even modify requests on the fly within the tool.
So Why Use MITM Proxy?
Typically on a web application within your browser, one has access to the
developer tools. This allows one to inspect the web traffic coming in and out a given website/ web application. For example on any given web page, typically one can see the various advertising and tracking tools that websites typically have nowadays, from Facebook pixels or Google Analytics code.
Unfortunately on a cellular device, due to the way they are designed for typical users, it is very difficult to directly look at the traffic coming in and out of phone appli, so one needs a proxy to intercept the traffic to inspect it.
To set it up to deal with IOS devices, following the steps below should help you get set up.
Download MITM proxy either from the website or via
brew install mitmproxy.
In your terminal, run mitmproxy or mitimweb. There is
mitmdumpbut these two are graphical and should suffice for the moment.
Download and install a certificate on your phone from mitm.it. (There are different certificates depending on your device so you’ll download a different certification depending on the phone type). In this case download the certificate for iPhones.
For iPhone’s, go to settings -> WiFi -> Click the blue info button -> click Configure Proxy -> Change it to manual and input the port of
mitmproxy(usually 8080) and the IP address of your computer.
If you have followed all these steps, you should soon see network requests from your various phone apps start to pop up on the
mitmproxy user interface.
A Brief Exploration
For example, on Spotify, I can see that the url and API
https://spclient.wg.spotify.com/metadata/4/shows?country=US&product=premium is being queried. It shows both client-token and authorization and then some.
As seen above, what this API does is very simple, it returns what country I am in and what tier of Spotify I possess, which is in this case premium. There are other APIs that are also being queried, some that represent data on individual songs, to data on playlists.
The information discovered can often show what product/analytic decisions have been baked into the product. To go to a different app, Bumble at https://eu1.bumble.com/hotpanel/hotpanel.phtml?version=2.0 shows not only that it is using EU servers despite me being based in the USA, but they are also directly sharing Badoo’s infrastructure because hotpanel is Badoo/Bumble’s big data analytics platform.
One can even see this information while using the tool. One can for example see the various analytics on how much scrolling occurred, if one swiped or not, analytics on the device the action was taken on, and how much time was spent on a given person. Honestly, it’s a bit disturbing how much information is collected that you can see in the network requests, and how much is likely going on that is not reflected in these requests.
While these two examples are relatively brief, the sky is the limit when it comes to analyzing network traffic for iPhone apps, given how many of them exist in the world. From reversing engineering APIs to seeing where your data goes, there are many ways to use mitim proxy.
I am going to be in Miami from the 6th to the 8th of April. If anyone is around, outside of any job related obligations I’d be free to meet up.