Answer the question
In order to leave comments, you need to log in
A
A
Aleksey Kuzmin2017-02-04 16:00:17
Aleksey Kuzmin, 2017-02-04 16:00:17
How to watch https requests for ios/android apps?
I need to see ios/android app requests.
Tried charles proxy with SSL Proxying certificate substitution. With browsers it rolls. In the browser, an invalid certificate can be added to the exception.
But the attachments stop working -> ssl handshake failed. The connection is not established.
How can this be bypassed?
Upload your certificate to the phone?
2 answer(s)
@Rou1997
@z3apa3a
R
Rou1997, 2017-02-04 @Rou1997
For Android, there is a sniffer on Google Play, a yellow-blue one, like it can decrypt HTTPS, I also used a bunch of Genymotion + Fiddler, although I don’t know about HTTPS, and in any case, instead of debugging the network, you can use disassembly, decompilation and debugging of the executable code , now I'm doing it, anyway, it's also necessary, for example, to look at what algorithm the query parameters are formed.
V
Vladimir Dubrovin, 2017-02-04 @z3apa3a
If the application does not use SSL pinning, i.e. uses system root certificates, then yes, install the certificate in Android, there are step-by-step instructions for example here .
If the application uses pinning (this is not a very common case, but it happens), then only by replacing the certificate inside the application or by changing the application itself.
Similar questions
C
A
S
D
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question