Dexterceptor is a powerful tool for developers and researchers designed to intercept HTTP(S) requests directly inside Android applications, even when they are obfuscated.
It is based on Xposed / LSPosed and deeply integrates with OkHttp, featuring a built-in SSL bypass, a rule system, and an extensible architecture for future interception types.
Dexterceptor integrates into the application's networking stack and provides real-time access to:
- full request URL
- request and response headers
- request and response bodies
- automatic cURL generation for Windows CMD, PowerShell, and Unix shell environments
A flexible rule system enables automatic transformation of network traffic:
- URL rewriting
- request and response body modification
Dexterceptor can disable:
- certificate pinning (TrustKit, OkHttp PinVerifier, Conscrypt, OpenSSL)
- strict certificate validation
- hostname verification errors
This enables full visibility of traffic in external tools such as:
- Charles, Fiddler, Proxyman, BurpSuite
The architecture is designed for future extensibility.
Planned capabilities include interception of:
- method calls such as
setText() - arbitrary Java/Kotlin methods
- SQLite I/O
- IPC calls
- SharedPreferences access
- Dex-level functions, even in heavily obfuscated applications
Dexterceptor is evolving into a universal runtime inspector for Android applications.
- Darcula-style dark theme
- real-time logging without delays
- JSON syntax highlighting
- filtering, search, sorting
- rule editor with regex highlighting
-
✔️ OkHttp interception
-
✔️ HTTP data viewing and storage
-
✔️ request/response modification
-
✔️ SSL bypass
-
✔️ EventBusRx for transferring large logs between processes
-
⏳ system method interception (
setText, SQLite, Binder) -
⏳ advanced rule/script editor
