0

I used MitMproxy until recently I switched from the Samsung Galaxy S5 to the S9+ which runs Android 9... and suddenly I can't intercept apptraffic anymore. Looks like the proxy in the wifi-settings is ignored completely by apps?

Aside from that I noticed apps using certificate-pinning and refused to work.

Is there a solution for both? Or do I have to use some kind of Android-emulator on the PC now to check what data apps are sending out? I'm not an expert, just a DIY-pentester and curious about what my smartphone is doing.

Any way to resolve this? :) Thank you.

Phish
  • 1

2 Answers2

1

Typically I wouldn't monitor my network traffic directly on the device that it's coming from. You often miss a lot of traffic that is hidden. I would recommand to put it on WLAN and then record all the traffic with a suitable network card (promiscuous mode). Afterwards you can analyse it with Wireshark.

This way you can be 100% certain that you're seeing all the traffic.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
Kingflomb
  • 118
  • 8
1

It is not ignored by apps as much as your CA certificate is not root. This was changed in Android 7.

You need to root your Android device and install the certificate (renamed to $subject_hash.0) in the /system/etc/security/cacerts/ directory.

As for bypassing certificate pinning, you need to recompile the APK to disable it. Use sh d2j-dex2jar.sh -f your.apk.

isopach
  • 491
  • 1
  • 3
  • 14