![]() ![]() I'm not entirely sure why they went this route instead of sticking to their existing warnings (i.e. Android has always been quite annoying to use custom CA certs for, but since Android 7 it's pretty much impossible without root access. Sadly, there's no good way to MitM an Android device without full system access. Flagging the relevant setting in about:config does not work and about:config isn't even accessible on stable builds of Firefox for Android. Lastly, if you want to MitM Firefox, you need to enable their secret debug menu (available on some builds) to enable the flag that enables user certificates. You can't MitM those apps without either modifying the APK or hijacking them via Frida. Some apps (either not enough or too many, depending on your perspective) leverage Android's certificate pinning feature to connect a domain to a specific TLS certificate. I wrote a blog about it around the time Android 7 came out. ![]() With root access, you can put your certificate in the root store, which most apps use for validation. You can MitM apps that have this flag enabled, but very few mobile developers seem to even know what TLS is, let alone how and why you should change trust store settings. You can install certificates just fine, but apps need to opt in to use user certificates. This can be very useful if you're running into a bug accessing a backend endpoint from code that doesn't easily allow you to iterate through the request code, like some mobile dev frameworks. It's also useful as a general proxy for protocols like HTTP, for example to intercept, alter, and repeat requests. Just make sure to remove the cert afterwards and to reboot the device to make sure none of your mods remain in memory where they might affect your device's security. You'll also be able to see what data they're trying to send! With modern TLS pinning that's a little hard, but there are Frida scripts out there for rooted/jailbroken devices that will let you bypass that. Let it collect data for a while and you'll be surprised how many random servers even well known apps try to contact. You can use this to debug stuff happening over TLS connections, but there are also other practical ways to use it.įor example, install the CA certificate on your phone (with root if you have Android) and set up a WiFi network that transparently proxies everything through mitmproxy. ![]()
0 Comments
Leave a Reply. |