Hey there, let’s break down why you’re able to capture browser traffic but not requests from Android APKs with JMeter. I’ve run into this exact snag a few times, so here’s a step-by-step guide to diagnose and fix the issue:

1. Check for Certificate Pinning in the APK #

This is the most common culprit for missing APK traffic:

• Many modern apps use certificate pinning, which hardcodes trusted root certificates into the app. This means the app will reject any custom certificates (like JMeter’s) even if you’ve installed them on your device.
  • If you’re testing your own app: Disable certificate pinning in your test build to allow JMeter’s certificate to be trusted.
  • If it’s a third-party app: You can use tools like Xposed Framework with the JustTrustMe module to bypass pinning (note: this may violate the app’s terms of service, so proceed only for legitimate testing purposes).

2. Verify Network Protocol Compatibility #

JMeter’s default recorder doesn’t support all modern network protocols:

• Check if the app uses HTTP/3 (QUIC). If it does, JMeter won’t capture these requests natively. You can confirm this with Wireshark (look for QUIC packets). To work around this:
  • Use a tool like mitmproxy that supports HTTP/3 to capture traffic, then export the requests to JMeter format.

3. Double-Check Mobile Proxy Configuration #

Even if browser traffic works, APKs might not be using the proxy correctly:

• Ensure you’ve set a global proxy on your Android device (not just browser-specific). On Android 10+, go to Settings > Network & Internet > Proxy and confirm the proxy is set to "Manual" with your computer’s LAN IP and JMeter’s recording port (default: 8888).
• Make sure the APK isn’t excluded from the proxy. Some devices let you whitelist/blacklist apps for proxy use—verify your target app isn’t on the blacklist.
• Confirm your phone and computer are on the same WiFi network. Mobile data won’t route to your computer’s local proxy, so stick to WiFi.
• Check your computer’s firewall: Ensure it allows incoming connections on JMeter’s recording port (8888) so the phone can reach the proxy.

4. Tune JMeter’s Recorder Settings #

Sometimes the issue is with JMeter’s configuration:

• Re-generate and re-install JMeter’s root certificate:
  1. In JMeter’s HTTP(S) Test Script Recorder, click Generate Root CA.
  2. Export the certificate to your phone and install it.
  3. On Android 10+, go to Settings > Security > Encryption & Credentials > Trusted Credentials and find the JMeter certificate to mark it as trusted.
• Verify the Target Controller is set to a valid Thread Group. If you’re recording to an empty or unselected controller, requests won’t appear in your test plan.
• Widen the URL filter: In the recorder’s URL Patterns to Include, set the value to .* to avoid accidentally filtering out the APK’s requests.

5. Use Additional Diagnostics to Narrow Down the Issue #

• Run Wireshark on your computer to capture traffic on port 8888:
  • If you see APK requests in Wireshark but not JMeter: The problem is in JMeter’s recorder settings (double-check filters or target controller).
  • If no APK traffic shows up in Wireshark: The proxy isn’t being used by the app (go back to proxy configuration or certificate pinning checks).
• Test with a simple HTTP-only APK: Find an old app that uses plain HTTP. If JMeter captures its traffic, the issue is definitely HTTPS-related (certificate pinning or untrusted certificates).

内容的提问来源于stack exchange，提问作者taranjit singh