Client (Mobile) how to intercept and modify http response

6.8k views Asked by At

I am Android developer, my application uses a bunch of http REST calls and it gets responses from servers. I use Charles to inspect the data (so I have to install Charles certificate onto my device so that https traffic can be read by myself).

Are there any tools out there like Charles that will allow me to modfiy that response packet before sending to the client ??

5

There are 5 answers

0
x-ray On

Depending on what exactly you want to modify, Charles' inbuilt Rewrite Tool might be what you are looking for. You find it in the Tools menu. You can specify which requests shall be modified by protocol, host, port, path and query, and you have the following modification options:

  • Add, modify, remove headers (request and response)
  • Modify Host, Path, URL, Response Status
  • Add, modify, remove Query Parameters
  • Modify body (request and response)

Another option is Fiddler. Like Charles it can be configured as a proxy for android, decrypt HTTPS traffic and modify request and response.

0
suitianshi On

Charles itself has the functionality. Follow the steps:

  1. enable break points by right click on individual request or a path

enter image description here

  1. Before sending the request, Charles will give you a change to edit it. See below. Click "edit request" to fill in whatever you want and click "execute" to send the request.

enter image description here

  1. Before posting the result back to your mobile phone, you have a change to edit the content. See below.

enter image description here

0
samson On

You may try OWASP ZAP or Burp Suite. OWASP ZAP is completely free and provides a number of features.

0
CoolMind On

See also Android : Capturing HTTP Requests with non-rooted android device.

I've recently tested HTTP Toolkit on Android emulator. It works and allows to capture and edit response from a server. Some functions are paid (in Pro version). Requires root priviledges on real devices.

You can also use Burp Suite or Fiddler.

0
NSR On

You can also use Requestly, which is a modern alternative to Charles.

The setup with android is very similar to that of Charles (Connect to proxy on android -> Trust the custom self-signed certificate)

Requestly provides easy to use, but powerful rules for Redirection, Header modification, Modifying response (even programmatically), and many more

In this case, you can use the Modify Response rule to either return a static response, or change it programmatically. You can also decide which status code to return and also serve the response from a local file using the map local feature (similar to the one in charles)