![]() That might provide more context, but the conclusion is the same: you need to modify the system, or modify the app. I've written a detailed breakdown of how android HTTPS trust works, and the low-level details of how to intercept it, here. For most apps (all apps that aren't specifically configured to allow user certificates/be debuggable) there is no other possible way to intercept the traffic. I really don't know, how it can be so hard, why can't I get a simple API calls, because my app somehow knows, where should it go and which type of data it should get (in browser it so much easier!)ĭo you have root access? To intercept an Android app really your only options really are root access (and changing the device system configuration) or modifying the app APK. java files, but it's too hard to find API paths there, because all names are unreadable (but I've found some, but it's not enough)Ĭan you tell me, what can I do, to get API of this mobile app? I've tried decompile APK of this application (with apktool) and I've found many. I've tried Wideshark / Charles / Mitmproxy on my Android emulator (tried Android versions 5.1 - 11.0) but it also didn't work If it's an online app, it can be a React Native, Flutter app, which (by default) doesn't go through the VPN. Maybe the app doesn't use URLSession (Apple Framework) to make a networking request. For example, I can't see request with the details of product, or with list of them. I've tried to use Proxyman on iOS and I've catched requests and responses (even HTTPs), but I can't see all of them. I have an Android mobile app, and I can't see some requests of it's, when trying to sniffing (this mobile app doesn't require any type of auth from user) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |