What if I am reverse engineering an app and the app detects that the requests are being routed through a proxy? I need to use an invisible proxy, got root access btw. Should I use iptables somehow?
Android API call Note: You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu. Failure: SSL handshake with client failed: An unknown issue occurred processing the certificate (certificate_unknown)
@@terrygreen9if you're using non rooted physical device with fresh Android version you might not be able to see a lot of traffic. That's because at some point Android stopped supporting custom certificates for all apps except your own apps. When developing an Android app you must explicitly specify you trust that certificate. Although there is a workaround (maybe, worked like 2 years ago for me). You must manually update the manifest of the application you want to proxy. Decompilation is not needed because manifest is just a xml file.
Do you have any other recordings that gives more idea about how to fix charles issues("Something went wrong", Not able to login, Blocking issue, etc.) due to which app is not working.
@@DataSlayerMedia So by using Charles proxy I’m trying get a specific version of the app on Android (Minecraft to be specific). And I brought the game on the google play but unlike iTunes with using Charles proxy I just look for the buy part what do I do to find the thing on android to find the all of the app releases so I can put in breakpoints so I can get the version I want?
Hey thanks for the video, I have done everything correctly, i have done everything correctly but I'm still getting "Client closed the connection before a request was made. Possibly the SSL certificate was rejected". I was wondering it this can be worked around by running a earlier Android version? Thanks
Hi sir,i am new to this stuff and rn what i am trying to do is sniff some links which a certain app might be using to connect to some services. Is there any way i can found out the exact links while running the app live? Sorry for my bad english as english is not my first language.
Hardly authoritative with all those pauses and 'let's try this' I was hoping for something rehearsed and snappy I find sleepy and unplanned a bit of a turn off. I am sure you have something useful to say... you just haven't found the way to say it yet.
What if I am reverse engineering an app and the app detects that the requests are being routed through a proxy? I need to use an invisible proxy, got root access btw. Should I use iptables somehow?
Thanks, I needed that, it's really a pain reverse engineering apps network requests by looking at the decompiled code
Very helpful information. I like how the proxy is able to trace the network calls accurately
Glad it was helpful!
Bloody beautiful, thanks for the great video. Subscribed!
Android API call
Note: You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
Failure: SSL handshake with client failed: An unknown issue occurred processing the certificate (certificate_unknown)
From the device you are attempting to sniff, download and install the following.
chls.pro/ssl
@@DataSlayerMedia Thanks 😉
@@DataSlayerMedia I installed the cert but still the same problem on google translate and other apps.
@@terrygreen9if you're using non rooted physical device with fresh Android version you might not be able to see a lot of traffic. That's because at some point Android stopped supporting custom certificates for all apps except your own apps. When developing an Android app you must explicitly specify you trust that certificate. Although there is a workaround (maybe, worked like 2 years ago for me). You must manually update the manifest of the application you want to proxy. Decompilation is not needed because manifest is just a xml file.
@@user-tj9gj2wx5d modifying the manifest would break the signature, how is it possible?
Is there any tool that can inspect live traffic of an android app?
amazing video. im owner of a big discord bot and im using this method! thank u
You realy help me a lot! Thanks!
I needed this
I couldn't access the network traffic for native android app (made with flutter)
Thank you brother!
can we do it with android connected with usb?
Do you have any other recordings that gives more idea about how to fix charles issues("Something went wrong", Not able to login, Blocking issue, etc.) due to which app is not working.
I'm not sure it helps with blocking issues, it just makes network traffic transparent so you can discover the shape/content of the data payloads.
@@DataSlayerMedia Why is my messages getting deleted?
@@DataSlayerMedia So by using Charles proxy I’m trying get a specific version of the app on Android (Minecraft to be specific). And I brought the game on the google play but unlike iTunes with using Charles proxy I just look for the buy part what do I do to find the thing on android to find the all of the app releases so I can put in breakpoints so I can get the version I want?
Hey thanks for the video, I have done everything correctly, i have done everything correctly but I'm still getting "Client closed the connection before a request was made. Possibly the SSL certificate was rejected". I was wondering it this can be worked around by running a earlier Android version? Thanks
you are a fkn legend .. Keep up the good work I wish you the best
Hi sir,i am new to this stuff and rn what i am trying to do is sniff some links which a certain app might be using to connect to some services.
Is there any way i can found out the exact links while running the app live?
Sorry for my bad english as english is not my first language.
Do I need to have Root Access enabled?
Damn!!!! Good work.
Спасибо
is there any way to simulate ios device on windows?
Checkout virtual box, virtual machines. Otherwise if you have an iOS device you could just proxy it through your windows machine.
Bro I Do What You Do Step One Step But Still Not Dec Even I Have Installed Cerfiticate I Cannot Access
Spin up a node and let it run a while to begin to gauge how much it can earn you.
I dont see proxy in my top menu bar. Can anyone help???
thank you
what if apk using certificate pinning
That might create issues for this approach.
You might disable ssl pinning using frida.
this things are not helping anymore ... this is not going to decrypt applications ..only works for usles and crap apps
yes!
Hmmm
Unfortunately it doesn't work on m1
what issue did you face @Mattia?
Don't think this works with the Disneyland App
It doesn't work with every app.
what kind of developer uses a mac?
Furman Via
Hardly authoritative with all those pauses and 'let's try this' I was hoping for something rehearsed and snappy I find sleepy and unplanned a bit of a turn off. I am sure you have something useful to say... you just haven't found the way to say it yet.