2

I just bypassed SSL pinning on an android application but the problem is application won't let me play with the request on my intercepting proxy. It says something like problem with your network or check your internet connection, it might be slow. It used to say the same thing before I didn't bypassed SSL pinning.

My assumption is that the application is coded in such a way that it expects to get response from the server quickly. Since am playing around with the request on my intercepting proxy there is no response from the server because the request is still on my proxy and not sent to the server.

Is there any way out of it?

Sam
  • 21
  • 2
  • 2
    Try scripting the modifications you want with mitmproxy, that will let you respond quickly. Also, what proxy do you use? There might be a heartbeat going on constantly that you can let through. – J.A.K. Nov 06 '19 at 19:48
  • 1
    Usually most actions are repeatable. Let's for example talk about the click on a button in the app: you click the button and intercept the request. Then you do your modifications on the request, and copy it to your clipboard. Then just drop the request. Click the button again, paste your modified request and send it immediately. – Martin Fürholz Nov 06 '19 at 20:08
  • @MartinFürholz, that's exactly what I was thinking but its kind of a hack. Since this is being done by an android app can't we reverse engineer and make changes in the application's code? – Sam Nov 07 '19 at 09:21
  • Because its time consuming to do as you said, for every modified request I would have to do this. – Sam Nov 07 '19 at 09:22
  • @J.A.K. I use burp. There is no issue with the proxy. – Sam Nov 07 '19 at 09:23

1 Answers1

1

The answer is almost certainly a solid: No.

The length of time that a client is willing to wait until it receives a response from the server is fully configurable by the client. Either the HTTP library being used by this app has a short time set by default, or the app itself has configured the request to have a short timeout. For an example, see this documentation for how you would set the maximum wait time for a request with CURL. If an app has set a maximum timeout of, say, 2 seconds, then there is nothing you can do at the proxy level to make it wait longer.

If you were running the app in an emulator you would have more control (because you could effectively pause it while you did your thing), and if you rooted your phone you may have a way to trick it, but there isn't anything you can do purely at the proxy level.

Your only option will be to figure out how to modify the response quickly, either by pre-setting the response in your proxy, or by some sort of scripting option.

Also, as a general rule of thumb a minute is a long time in the modern network world. In my experience even 2 seconds is a slow response. I would expect most clients to have a default timeout measured in seconds, not minutes. A mobile app that is built for high performance may use an even smaller timeout if the developers know that their API endpoints will return very quickly, and don't want the user to have to deal with a laggy experience.

Conor Mancone
  • 29,899
  • 13
  • 91
  • 96
  • "if you were running the app in an emulator you would have more control (because you could effectively pause it while you did your thing)" Yes, am using emulator but can't understand what you meant by more control. – Sam Nov 07 '19 at 09:24
  • 1
    @Sam Can you "pause" the emulator? It's possible in general for emulators, but whether or not your particular emulator supports it is another question. The off-the-top-of-my head suggestion is to to tap whatever button or do whatever it is in the app that triggers the HTTP request. Then immediately pause the emulator. Look at your proxy and edit the response (you can take your time now). When you're ready, resume the emulator and immediately send the response with your proxy. I can't make promises and it is hacky, but it may work. – Conor Mancone Nov 07 '19 at 13:09