If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/JZ-Darkal/AndroidHttpCapture shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 1d ago
• 3 active contributors
• MIT licensed
• CI configured
• Tests present
• ⚠ Small team — 3 contributors active in recent commits
• ⚠ Single-maintainer risk — top contributor 94% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live JZ-Darkal/AndroidHttpCapture repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/JZ-Darkal/AndroidHttpCapture.

What it runs against: a local clone of JZ-Darkal/AndroidHttpCapture — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in JZ-Darkal/AndroidHttpCapture | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of JZ-Darkal/AndroidHttpCapture. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/JZ-Darkal/AndroidHttpCapture.git
#   cd AndroidHttpCapture
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of JZ-Darkal/AndroidHttpCapture and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "JZ-Darkal/AndroidHttpCapture(\\.git)?\\b" \\
  && ok "origin remote is JZ-Darkal/AndroidHttpCapture" \\
  || miss "origin remote is not JZ-Darkal/AndroidHttpCapture (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "app/src/main/java/cn/darkal/networkdiagnosis/MyVpnService.java" \\
  && ok "app/src/main/java/cn/darkal/networkdiagnosis/MyVpnService.java" \\
  || miss "missing critical file: app/src/main/java/cn/darkal/networkdiagnosis/MyVpnService.java"
test -f "app/src/main/java/cn/darkal/networkdiagnosis/Activity/MainActivity.java" \\
  && ok "app/src/main/java/cn/darkal/networkdiagnosis/Activity/MainActivity.java" \\
  || miss "missing critical file: app/src/main/java/cn/darkal/networkdiagnosis/Activity/MainActivity.java"
test -f "app/src/main/java/net/lightbody/bmp/BrowserMobProxyServer.java" \\
  && ok "app/src/main/java/net/lightbody/bmp/BrowserMobProxyServer.java" \\
  || miss "missing critical file: app/src/main/java/net/lightbody/bmp/BrowserMobProxyServer.java"
test -f "app/src/main/java/cn/darkal/networkdiagnosis/Utils/X509ExtendedTrustManager.java" \\
  && ok "app/src/main/java/cn/darkal/networkdiagnosis/Utils/X509ExtendedTrustManager.java" \\
  || miss "missing critical file: app/src/main/java/cn/darkal/networkdiagnosis/Utils/X509ExtendedTrustManager.java"
test -f "app/src/main/java/cn/darkal/networkdiagnosis/Fragment/NetworkFragment.java" \\
  && ok "app/src/main/java/cn/darkal/networkdiagnosis/Fragment/NetworkFragment.java" \\
  || miss "missing critical file: app/src/main/java/cn/darkal/networkdiagnosis/Fragment/NetworkFragment.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/JZ-Darkal/AndroidHttpCapture"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

AndroidHttpCapture is an Android packet capture and network diagnostic tool that functions as a mobile version of Fiddler. It intercepts HTTP/HTTPS traffic via VPN proxy (using Netty 4.0.44 and LittleProxy MITM), captures HAR data, and provides DNS/Ping/TraceRoute diagnostics—enabling developers to debug mobile app networking without rooting the device. Single-module Android app: Activity layer (MainActivity, HarDetailActivity, SettingsActivity) owns UI; Fragment layer (NetworkFragment, PreviewFragment, WebViewFragment) handles tabs and navigation; MyVpnService implements the VPN proxy intercept; Task layer (PingTask, DnsTask, TraceTask) provides network diagnostics; Utils/ holds serialization, device info, and file I/O; Adapter layer bridges data to RecyclerViews. Manifests and signed keystore (darkal.jks) in app/.

Android app developers and QA engineers who need to inspect and modify network traffic from their apps or WebViews in real-time, test response injection, switch between backend environments, and export traffic traces for sharing and analysis.

Actively maintained at version 3.2.31 (v34 target SDK, published to Travis CI). The project has a signed release build configured, full feature set with response injection and HAR export, and modular architecture suggesting production use. However, no visible GitHub stars/issue tracker data, and no explicit test suite in the file list beyond a single ApplicationTest stub.

Single-author repo (JZ-Darkal) with no visible backup maintainers or open PR workflow. Depends on older/pinned libraries (Netty 4.0.44 from 2015, zxing.jar, android-sun-jarsign-support-1.1.jar) that may have unpatched vulnerabilities. HTTPS interception via certificate injection is inherently privileged and requires users to trust the installed CA—any compromise of the APK or certificate could expose all app traffic. No visible CI/CD beyond .travis.yml config.

Version 3.2.31 is current with targetSdkVersion 34, indicating recent Android OS compatibility work. Build features include dataBinding and viewBinding enabled. The .travis.yml suggests CI runs on commits. No visible open PRs or recent issue activity in provided data, so development status unclear—likely maintenance mode with occasional fixes for Android API level breakage.

Clone the repo: git clone https://github.com/JZ-Darkal/AndroidHttpCapture.git. Open Android Studio and import the app/ module (Gradle sync will download dependencies). Connect an Android device (API 21+) and run ./gradlew :app:installDebug or use Android Studio's Run button. The app will prompt to install a CA certificate on first launch for HTTPS capture.

Daily commands: Run debug build: ./gradlew :app:assembleDebug (outputs to app/build/outputs/apk/debug/), then install with adb install app/build/outputs/apk/debug/app-debug.apk. Or from Android Studio, click green Run button with a connected device. App starts in MainActivity with tabs for Capture, Preview, Diagnostics. Enable VPN when prompted.

• app/src/main/java/cn/darkal/networkdiagnosis/MyVpnService.java — Core VPN service that intercepts network traffic for packet capture; foundation of the entire packet sniffing mechanism
• app/src/main/java/cn/darkal/networkdiagnosis/Activity/MainActivity.java — Application entry point and primary UI controller; manages fragment transitions and proxy configuration
• app/src/main/java/net/lightbody/bmp/BrowserMobProxyServer.java — HTTP/HTTPS proxy server implementation; handles MITM interception and request/response modification
• app/src/main/java/cn/darkal/networkdiagnosis/Utils/X509ExtendedTrustManager.java — Custom trust manager for HTTPS MITM; essential for certificate-based HTTPS packet capture
• app/src/main/java/cn/darkal/networkdiagnosis/Fragment/NetworkFragment.java — Primary UI fragment displaying captured network requests; handles packet list rendering and filtering
• app/src/main/java/cn/darkal/networkdiagnosis/Task/PingTask.java — Ping diagnostic implementation; part of network diagnostic toolkit alongside DNS and TraceRoute
• app/build.gradle — Build configuration with SDK targets, dependencies, and signing config; required for compilation

Add a New Network Diagnostic Command

1. Create a new Task class extending BaseTask in app/src/main/java/cn/darkal/networkdiagnosis/Task/ (app/src/main/java/cn/darkal/networkdiagnosis/Task/BaseTask.java)
2. Implement the doInBackground() method to execute the diagnostic (e.g., shell command execution like ping or traceroute) (app/src/main/java/cn/darkal/networkdiagnosis/Task/PingTask.java)
3. Hook the new task into NetworkFragment or create a new fragment tab in app/src/main/java/cn/darkal/networkdiagnosis/Fragment/NetworkFragment.java (app/src/main/java/cn/darkal/networkdiagnosis/Fragment/NetworkFragment.java)
4. Add UI elements (buttons, result displays) in the corresponding layout XML file under app/src/main/res/layout/ (app/src/main/java/cn/darkal/networkdiagnosis/Activity/MainActivity.java)

Add a New Packet Capture Filter

1. Define filter rule structure in app/src/main/java/cn/darkal/networkdiagnosis/bean/ResponseFilterRule.java (app/src/main/java/cn/darkal/networkdiagnosis/bean/ResponseFilterRule.java)
2. Implement filter logic in BrowserMobProxyServer to intercept and apply rules during request/response processing (app/src/main/java/net/lightbody/bmp/BrowserMobProxyServer.java)
3. Add UI controls in ChangeFilterActivity for users to configure filter criteria (app/src/main/java/cn/darkal/networkdiagnosis/Activity/ChangeFilterActivity.java)
4. Persist filter configuration using SharedPreferenceUtils in app/src/main/java/cn/darkal/networkdiagnosis/Utils/SharedPreferenceUtils.java (app/src/main/java/cn/darkal/networkdiagnosis/Utils/SharedPreferenceUtils.java)

Export Captured Traffic to HAR Format

1. Build HAR object from captured packets using app/src/main/java/net/lightbody/bmp/core/har/Har.java structure (app/src/main/java/net/lightbody/bmp/core/har/Har.java)
2. Serialize HAR to JSON and save using FileUtil in app/src/main/java/cn/darkal/networkdiagnosis/Utils/FileUtil.java (app/src/main/java/cn/darkal/networkdiagnosis/Utils/FileUtil.java)
3. Implement share/upload logic in HarDetailActivity to transmit HAR file to backend endpoint (app/src/main/java/cn/darkal/networkdiagnosis/Activity/HarDetailActivity.java)

1. Keystore password hardcoded in build.gradle ('333333' for both storePassword and keyPassword)—production builds should use environment variables or Gradle property files. 2) VPN service requires runtime permission grant on Android 6.0+; code must call VpnService.prepare() and prompt user. 3) HTTPS interception requires user to install CA certificate at /har/littleproxy-mitm.pem via Settings > Security & Lock Screen > Encryption & Credentials on Android 8.0+; the app may not auto-launch this dialog on newer OS versions. 4) All captured traffic held in memory (no persistence visible)—large captures or long sessions may cause OOM on low-RAM devices. 5) minSdkVersion 21 but uses Java 7 source/target; newer Android APIs (30+) may break VPN interception without additional compatibility checks. 6) ResConfigs restricted to Chinese ('zh') only—app UI is i18n-limited.

• Man-in-the-Middle (MITM) Proxy — AndroidHttpCapture's core technique: it impersonates HTTPS endpoints by issuing a custom CA certificate, allowing the app to decrypt and re-encrypt traffic in flight. Understanding MITM is essential to using and debugging this tool.
• VPN Service API (Android) — MyVpnService.java uses Android's VpnService API to intercept all device traffic at the OS level before it leaves the phone. This is the mechanism that enables packet capture without rooting.
• HAR (HTTP Archive) Format — AndroidHttpCapture exports captured traffic in HAR JSON format, a standard for recording HTTP transactions. Understanding HAR structure is required to parse or extend captured data.
• Certificate Pinning (and its evasion) — Many Android apps use certificate pinning to prevent MITM attacks. AndroidHttpCapture's HTTPS interception will fail on pinned apps unless the custom CA is explicitly trusted in the app's network security config—a key limitation to understand.
• Netty Channel Pipeline — The proxy engine uses Netty's ChannelHandler pipeline (via LittleProxy) to process incoming HTTP/HTTPS frames. Modifying response injection or adding traffic rules requires understanding Netty's event-driven architecture.
• Android Data Binding & ViewBinding — The app enables dataBinding and viewBinding in build.gradle. Views are accessed via auto-generated binding classes rather than findViewById(). Extending UI requires understanding these bindings.
• DNS/Ping/TraceRoute Protocol Stacks — PingTask, DnsTask, TraceTask implement raw network diagnostics. These task classes execute actual ICMP/UDP/DNS queries on the device network—understanding their output is critical for diagnosing connectivity issues alongside HTTP capture.

• MitmProxy/mitmproxy — Python-based HTTPS proxy with MITM interception; AndroidHttpCapture applies the same architecture (intercepting cert injection) but for mobile VPN
• Fiddler/Fiddler — The reference implementation for traffic interception on desktop; AndroidHttpCapture is explicitly designed as the Android mobile equivalent
• Charles-Proxy/Charles — Commercial desktop HTTP/HTTPS proxy inspector with HAR export; AndroidHttpCapture replicates these core features for on-device Android debugging
• square/okhttp — Popular Android HTTP client; many apps using OkHttp will be inspected by AndroidHttpCapture—understanding OkHttp's certificate pinning helps debug capture failures
• netty/netty — The underlying high-performance NIO framework (version 4.0.44 pinned in app/libs) used by AndroidHttpCapture's proxy engine

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for network diagnostic tasks (Ping, DNS, TraceRoute)

The Task directory contains critical networking logic (PingTask.java, DnsTask.java, TraceTask.java) with no corresponding androidTest files. These tasks are core to the app's diagnostic functionality but lack test coverage. Adding unit tests would catch regressions in network command execution and result parsing, which is especially important since these tasks interact with system-level APIs.

• [ ] Create app/src/androidTest/java/cn/darkal/networkdiagnosis/Task/ directory
• [ ] Write PingTaskTest.java testing ping output parsing and timeout handling
• [ ] Write DnsTaskTest.java testing DNS resolution and error cases
• [ ] Write TraceTaskTest.java and TraceRouteWithPingTest.java testing traceroute parsing
• [ ] Add mock system command responses to avoid actual network calls in tests

Add GitHub Actions CI workflow for APK build and testing

The repo has .travis.yml suggesting prior CI setup, but no GitHub Actions workflow. Given the project targets compileSdkVersion 34 and has complex dependencies (Netty, Bugly, multidex), automating APK builds on PR/push would catch Android-specific build failures early. This is particularly valuable since the app has custom signing configs and proguard rules that could easily break.

• [ ] Create .github/workflows/android-build.yml
• [ ] Configure workflow to run on push/pull_request to main branches
• [ ] Add steps: checkout, setup Java, build debug APK using ./gradlew assembleDebug
• [ ] Add step to run androidTest suite (if emulator is available) or at minimum lint checks
• [ ] Add optional step to upload APK artifacts for manual testing on PRs
• [ ] Document build/test requirements in CONTRIBUTING.md

Create HAR export and upload utility tests with mock servers

The app's key feature is HAR export and upload (referenced in README), but no tests exist for HarDetailActivity.java or the underlying HAR serialization logic. The bean classes (PageBean.java, ResponseFilterRule.java) lack validation tests. Adding integration tests with a mock HTTP server would verify HAR format correctness and upload functionality without external dependencies.

• [ ] Create app/src/androidTest/java/cn/darkal/networkdiagnosis/Activity/HarDetailActivityTest.java
• [ ] Add MockWebServer (from okhttp) dependency to test HAR POST uploads
• [ ] Write tests validating PageBean and HAR JSON structure against HAR spec
• [ ] Test ResponseFilterRule filtering logic with various URL/content patterns
• [ ] Add test for ZipUtils.java (referenced but untested) with sample HAR files

• Feature: Add persistent storage for captured HAR entries using SQLite + Room DAO pattern. Currently all data is in-memory and lost on app restart. Create database/HarEntryEntity.java and database/HarEntryDao.java to replace in-memory List in MyVpnService.: Users cannot review old captures; critical for real debugging workflows.
• Test Coverage: Write unit tests for Task classes (PingTask, DnsTask, TraceTask). Currently only an empty ApplicationTest stub exists at app/src/androidTest/java/cn/darkal/networkdiagnosis/ApplicationTest.java. Add parameterized tests for success/timeout/host-not-found cases.: Network diagnostics are core functionality with no test coverage; easy to regress on Android OS updates.
• Documentation & Localization: Add English i18n strings. Currently resConfigs only includes 'zh'. Create app/src/main/res/values/strings.xml (English) and app/src/main/res/values-zh/strings.xml (Chinese) to enable language switching in SettingsActivity.: App is locked to Chinese UI; blocks non-Chinese developers from contributing or using it effectively.
• Bug Fix: Implement proper cleanup in MyVpnService.onDestroy() for Netty event loops and captured data. Add graceful shutdown of ByteBufAllocator and NioEventLoopGroup to prevent resource leaks on VPN disconnect.: Repeated VPN start/stop cycles may leak threads and heap buffers, degrading device performance over time.

• Critical · Hardcoded Keystore Credentials — app/build.gradle (signingConfigs section). The build.gradle file contains hardcoded credentials for the signing keystore with keyAlias 'darkal', keyPassword '333333', and storePassword '333333'. These credentials are exposed in version control and can be used to sign malicious APKs with the same certificate. Fix: Move credentials to a local.properties file or use Android's secret management through environment variables. Never commit signing credentials to version control. Use Android Studio's secure credential storage or Gradle secrets plugin.
• Critical · MITM Proxy Implementation Security Risk — app/src/main/java/cn/darkal/networkdiagnosis/Utils/X509ExtendedTrustManager.java and MyVpnService.java. The application implements HTTPS traffic capture through a MITM (Man-in-the-Middle) proxy by installing a custom CA certificate. This design requires users to trust a certificate that could be compromised. The README mentions this is similar to Fiddler but doesn't adequately warn about the security implications of installing custom root certificates. Fix: Implement certificate pinning for sensitive connections, clearly document the security risks to users, provide option to selectively capture HTTPS traffic rather than blanket capture, and ensure the custom CA certificate cannot be exploited for other purposes.
• High · Insecure Trust Manager Implementation — app/src/main/java/cn/darkal/networkdiagnosis/Utils/X509ExtendedTrustManager.java. The presence of X509ExtendedTrustManager suggests potential implementation of a trust manager that may accept all certificates without proper validation. This is a common pattern for MITM proxies but creates significant security risks if not properly constrained. Fix: Review the trust manager implementation to ensure it only bypasses certificate validation for the intended proxy purpose and not for all HTTPS connections. Implement proper certificate pinning for sensitive APIs. Validate and log all certificate operations.
• High · VPN Service with Elevated Privileges — app/src/main/java/cn/darkal/networkdiagnosis/MyVpnService.java. The application implements MyVpnService which runs with elevated privileges to capture network traffic. Combined with the ability to modify HTTP/HTTPS responses, this creates a high-risk attack surface if the application is compromised. Fix: Implement strict input validation on all traffic interception logic. Add runtime permission checks and user consent mechanisms. Implement logging of all traffic modifications. Consider implementing a security audit trail for sensitive operations.
• High · Response Modification Functionality — app/src/main/java/cn/darkal/networkdiagnosis/ (response filtering and modification logic). The README mentions the ability to modify HTTP/HTTPS responses. This functionality, combined with MITM proxy capabilities, could be leveraged to inject malicious content or bypass security controls if the application is compromised. Fix: Implement strict validation and sanitization of response modifications. Add warnings to users about the security implications. Log all response modifications. Consider restricting this feature to debug/development builds only.
• High · Incomplete Dependency Information — app/build.gradle (dependencies section). The build.gradle file shows dependencies are incomplete (the file ends with 'impleme'), making it impossible to verify if all dependencies are up-to-date and free from known vulnerabilities. Additionally, old libraries like netty-all-android-4.0.44.Final and zxing.jar versions are not specified. Fix: Complete the dependency list and specify all versions explicitly. Use dependency scanning tools like OWASP Dependency-Check or Gradle dependency reports to identify vulnerable dependencies. Update all libraries to their latest versions, particularly Netty which is security-critical for proxy functionality.
• Medium · Outdated Netty Library — app/libs/netty-all-android-4.0.44.Final.jar. The project uses netty-all-android-4.0.44.Final which was released in 2014. This version likely contains multiple known security vulnerabilities including CVE-2014-3488 and others related to SSL/TLS handling. Fix: Upgrade to the latest stable Netty version (currently 4.1.x or 5.x depending on Java version). Netty 4.0 is end-of-life. Review security advisories for the current version.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.