Brook and mitmproxy for mobile app deep packet capture
Updated at: 2023-05-21

Why not capture packets by configuring the system proxy

Because many apps can choose to bypass the system proxy. For details, you can view this article.

A few years ago we made the mitmproxy helper application, sale $9.9.

Now Brook supports very powerful scripts, which can easily achieve the same functions as the above App through scripts. You save $9.9.

Brook independently captures and modifies packets

In fact, Brook can also capture and modify packets independently without relying on any other software. You can view this article.

Why you should choose a professional tool like mitmproxy for packet capture

Read here

Step 1: Install mitmproxy on your computer and run it

mitmproxy -m socks5 --rawtcp --listen-port 8080

This will create a socks5 with port 8080

Because mitmproxy only supports HTTP/1.1 and HTTP/2 packet capture; it does not support UDP and certainly does not support HTTP/3.

So we have to use scripts to block the UDP of domainaddress, and let the UDP of ipaddress directly connect or block UDP, or skip some addresses that cannot be caught. In actual combat, we need to analyze it according to the specific situation.

Step 2: Install Brook on your mobile

Config and Connect Brook

This script blocks secure DNS, blocks IPv6 AAAA, blocks UDP of domainaddress, and allows direct connection of UDP of ipaddress. The script is here.

Step 3

Visit with your mobile phone to install the CA certificate of mitmproxy

Step 4

Then open the app you want to capture packets