Errors trying to redirect Android 14 via ADB

[Drizzt321]

I'm trying to intercept/use HTTP Toolkit for Android 14 3rd party app HTTPS traffic sniffing. Obviously the CA Cert issue is...annoying. In searching found HTTP Toolkit, which seemed like the answer to my prayers. Unfortunately, I'm getting errors trying to get it connected.

I'm running on a Pixel 7a, running LineageOS 21 (Android 14), Rooted with Magisk, without Chrowme or what not, and getting the below errors when trying to start the Android ADB interception. I do see on the screen saying Shell granted Superuser, momentarily, so I know it's getting to root fine.

It looks like something it's trying to do is causing ADB Debug to disconnect, because after this, ./adb devices shows nothing. If I restart the ADB server, I see the device listed as offline. If I unplug and re-plug, after restating the ADB server (via sudo ./adb start-server), I see the device again.

Since HTTP Toolkit is running as my user, it looks like whatever it's doing is causing an ADB Debug issue, and might be killing the ADB server (sometimes), it tries to restart ADB server. And since there's apparently there's udev permissions issues for my Linux install (Debian/Testing) with ADB server and usb_libusb, when I try and start it up myself via unzipped platform-tools, things error out completely.

Android command [ 'sh', '/data/local/tmp/htk-root-test.sh' ] returned `uid=2000(shell) gid=2000(shell) groups=2000(shell),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),1078(ext_data_rw),1079(ext_obb_rw),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid),3012(readtracefs) context=u:r:shell:s0`
Android command [ 'su', '-c', 'sh /data/local/tmp/htk-root-test.sh' ] returned `uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0`
Android command [ 'su', '-c', 'sh', '/data/local/tmp/htk-root-test.sh' ] returned `uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0`
Android command [ 'su', 'root', 'sh', '/data/local/tmp/htk-root-test.sh' ] threw Timeout for ADB command su,root,sh,/data/local/tmp/htk-root-test.sh
Timeout for ADB command su,root,sh,/data/local/tmp/htk-root-test.sh
Android command [ 'su', 'root', 'sh /data/local/tmp/htk-root-test.sh' ] threw Timeout for ADB command su,root,sh /data/local/tmp/htk-root-test.sh
Timeout for ADB command su,root,sh /data/local/tmp/htk-root-test.sh
Matching /system cacert exists
Android command [ 'ls', '/apex/com.android.conscrypt' ] returned `apex_manifest.pb  bin  cacerts  etc  javalib  lib  lib64  lost+found`
Matching /apex cacert exists
Cert already installed, nothing to do
Android command [ 'rm', '-f', '/data/local/tmp/htk-root-test.sh' ] returned ``
Android command [ 'su', '-c', 'sh /data/local/tmp/htk-set-chrome-flags.sh' ] returned `Chrome flags script completed`
Chrome flags script completed

Android command [ 'su', '-c', 'am force-stop com.android.chrome' ] returned ``
Android Chrome flags set
App not installed, installing...
Streaming local APK
Android command [ 'su', 'root', 'sh', '/data/local/tmp/htk-root-test.sh' ] returned `lynx:/ #`
Android command [ 'su', 'root', 'sh /data/local/tmp/htk-root-test.sh' ] returned `lynx:/ #`
Resetting & retrying APK install, after initial failure: a [PrematureEOFError]: Premature end of stream, needed 4 more bytes
    at Socket.i (/home/drizzt/Downloads/HttpToolkit-linux-x64-1.18.1/resources/httptoolkit-server/bundle/index.js:2:84818)
    at Socket.emit (node:events:530:35)
    at Socket.emit (node:domain:488:12)
    at endReadableNT (node:internal/streams/readable:1696:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  missingBytes: 4
}
Deleting all APKs: /home/drizzt/.config/httptoolkit/httptoolkit-v1.3.12.apk
Error: write EPIPE
    at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16) {
  errno: -32,
  code: 'EPIPE',
  syscall: 'write'
}
Streaming remote APK directly
Updating local APK to version v1.3.12
Error handling request to /interceptors/android-adb/activate/8000: spawn adb ENOENT
p [Error]: spawn adb ENOENT
    at ChildProcess._handle.onexit (node:internal/child_process:286:19)
    at onErrorNT (node:internal/child_process:484:16)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  cause: Error: spawn adb ENOENT
      at ChildProcess._handle.onexit (node:internal/child_process:286:19)
      at onErrorNT (node:internal/child_process:484:16)
      at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
    errno: -2,
    code: 'ENOENT',
    syscall: 'spawn adb',
    path: 'adb',
    spawnargs: [ '-P', '5037', 'start-server' ],
    cmd: 'adb -P 5037 start-server'
  },
  isOperational: true,
  errno: -2,
  code: 'ENOENT',
  syscall: 'spawn adb',
  path: 'adb',
  spawnargs: [ '-P', '5037', 'start-server' ],
  cmd: 'adb -P 5037 start-server'
}
Local APK written to /tmp/tmp-23187CPEss0bYbkk8.tmp
Local APK moved to /home/drizzt/.config/httptoolkit/httptoolkit-v1.3.12.apk
Deleting old APKs: 

[pimterry]

Thanks @Drizzt321, this is very interesting!

It looks like the initial root-access setup works fine (the certificate has been injected successfully) but the subsequent step to install the HTTP Toolkit Android app via ADB is failing.

Seemingly because there's an unexpected EOF error - it's unclear whether that means the APK file itself is incomplete, or the connection is being interrupted as it's being transferred. And then after that, ADB becomes unresponsive (and HTTP Toolkit tries to restart it, but fails because it can't see an adb binary in PATH).

I'm not sure exactly what's going on here. Is there anything particularly unusual about this device? Does this happen the same way every time?

One way to test this further would be to do the failing step manually: download the APK from https://github.com/httptoolkit/httptoolkit-android/releases, and then install it on the device via ADB. If you can do that successfully, HTTP Toolkit should just work afterwards (since it won't need to install anything), and if that fails then at least you'll see more info about what's not working here.