With friTap
First, you need to set up Root access to AVD and make sure you have allocated enough RAM for the virtual device.
Then, install friTap with pipx and follow https://fkie-cad.github.io/friTap/platforms/android/ to install frida-server on your emulator.
You should then find the specific app you want to analyze.
# List all installed packages
adb shell pm list packages
# Search for specific app
adb shell pm list packages | grep instagram
# Get package details
adb shell dumpsys package com.instagram.android | grep versionand use these commands to extract TLS keys or decrypted PCAP file. Use -v to show errors otherwise hidden from command output, and also add -do if it’s not enough.
# Extract TLS keys from Android app
fritap -m -k instagram_keys.log com.instagram.android
# Capture decrypted traffic
fritap -m --pcap instagram_traffic.pcap com.instagram.android
# Spawn app from beginning
fritap -m -s -k keys.log com.example.app
# Verbose analysis with debug output
fritap -m -v -k keys.log -do com.example.appIf --pcap is not working, or that you prefer capturing PCAP directly via adb and tcpdump, use
adb exec-out "tcpdump -U -w - 2>/dev/null" | wireshark -k -S -i -to stream the captured packets live and set the (Pre)-Master-Secret log file to instagram_keys.log in Wireshark preferences Protocols → TLS. Replace the filename instagram_keys.log as needed.