D
D
Dmitry Maslennikov2018-02-12 12:47:50
Facebook
Dmitry Maslennikov, 2018-02-12 12:47:50

How to perform packet capture in the Facebook app?

Unable to sniff HTTPS traffic in Facebook app via Fiddler and Burp. The root certificates of these programs are successfully added to the device, SSL Pinning is disabled via SLL Kill Switch 2 (other applications like Twitter, Snapchat with attached certificates are fine listening) and Mobile Assistant (for Burp). The web version of Facebook is working fine, HTTPS traffic is listening successfully.

I suspect that the possible problem lies in some kind of authentication service that runs separately from the main application, as described in this article:

https://nabla-c0d3.github.io/blog/2013/08/20/inter...

For example, for Twitter and Facebook, the accountsd service is used, which is responsible for integration with these applications. But, firstly, this problem is solved in the new versions of Kill Switch, and secondly, I tried to kill the process manually, but it does not work with Facebook.

How can I solve the problem of packet sniffing in the Facebook application?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
H
hOtRush, 2018-02-12
@hOtRush

Most likely this is what is called SSL Pinning and it is rather problematic to get around this, because it is problematic to replace the certificate that is hardwired into the application itself.
https://medium.com/@appmattus/android-security-ssl...
https://www.emaro-ssl.ru/blog/ssl-pinning-for-android/
On ios, you can bypass it only on jailbroken firmware https https://github.com/iSECPartners/ios-ssl-kill-switch

R
rubtsoff, 2018-02-12
@rubsoff

No way! The only thing is to do a protocol redirect from https to http

D
doublench21, 2018-03-20
@doublench21

I can help with this.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question