make sure android related utilities are on system paths

 mate ~/.bash_profile

need the following

#android studio
export PATH=~/Library/Android/sdk/tools:$PATH
export PATH=~/Library/Android/sdk/cmdline-tools/latest/bin:$PATH
export PATH=~/Library/Android/sdk/platform-tools:$PATH
export PATH=~/Library/Android/sdk/emulator:$PATH
export PATH=~/Library/Android/sdk/build-tools/35.0.1:$PATH

verify weibo app CA behavior

Apps can decide to ignore the system certificate store and maintain their own CA certificates.

To verify the behavior of the app, check network_security_config.xml.

apktool d com.sina.weibo_14.12.0_liqucn.com.apk

check res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true" />
    <debug-overrides>
        <trust-anchors>
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

install mitmproxy

brew install mitmproxy
#run it at least once
mitmproxy

# ~/.mitmproxy dir is created

now ~/.mitmproxy/mitmproxy-ca-cert.cer is created

cd ~/.mitmproxy/
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1` && cp mitmproxy-ca-cert.cer $hashed_name.0
ls

c8750f0d.0 is created

create emulator

create inside android studio

to create an emulator, use android studio and follow

https://developer.android.com/studio/run/managing-avds

create from command line

if you’d like to use command line, install the sdk commandline-tools first: https://github.com/Dart-Code/Dart-Code/issues/5054

if installing inside android studio fails, you can download the the commandline-tools directly from: https://developer.android.com/studio#command-line-tools-only, then unzip and copy the content to your android sdk path.

# see which api versions and system-images are installed
# to install more, see https://developer.android.com/tools/sdkmanager
sdkmanager --list_installed

avdmanager list target

avdmanager list device

to use avdmanager create avd, follow

https://developer.android.com/tools/avdmanager

select an emulator that works

emulator -list-avds

not every emulator works with mitmproxy!

but Nexus_S_API_30 works! (API 35 does not work)

put the cert onto emulator system partition

follow https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/#instructions-for-api-level--28-using--writable-system

adb push ~/.mitmproxy/c8750f0d.0 /system/etc/security/cacerts
adb shell chmod 664 /system/etc/security/cacerts/c8750f0d.0
adb ls /system/etc/security/cacerts

if successful: then you see the mitmproxy cert in the Trusted Credentials in Android system setting!
merely moving the certs into the system certs it not enough: sometimes the certs still does not show up in the system setting.

then each time run the following to start the modified image

emulator -avd Nexus_S_API_30 -writable-system

run mitmproxy

mitmweb

change the emulator network setting:
127.0.0.1:8080

Change the network setting in the emulator.

Change the network setting in the emulator.

don’t forget to click apply after the change.

install the weibo app to capture the traffics.