What if I am reverse engineering an app and the app detects that the requests are being routed through a proxy? I need to use an invisible proxy, got root access btw. Should I use iptables somehow?
Hey thanks for the video, I have done everything correctly, i have done everything correctly but I'm still getting "Client closed the connection before a request was made. Possibly the SSL certificate was rejected". I was wondering it this can be worked around by running a earlier Android version? Thanks
Android API call Note: You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu. Failure: SSL handshake with client failed: An unknown issue occurred processing the certificate (certificate_unknown)
@@terrygreen9if you're using non rooted physical device with fresh Android version you might not be able to see a lot of traffic. That's because at some point Android stopped supporting custom certificates for all apps except your own apps. When developing an Android app you must explicitly specify you trust that certificate. Although there is a workaround (maybe, worked like 2 years ago for me). You must manually update the manifest of the application you want to proxy. Decompilation is not needed because manifest is just a xml file.
Do you have any other recordings that gives more idea about how to fix charles issues("Something went wrong", Not able to login, Blocking issue, etc.) due to which app is not working.
@@DataSlayerMedia So by using Charles proxy I’m trying get a specific version of the app on Android (Minecraft to be specific). And I brought the game on the google play but unlike iTunes with using Charles proxy I just look for the buy part what do I do to find the thing on android to find the all of the app releases so I can put in breakpoints so I can get the version I want?
Hi sir,i am new to this stuff and rn what i am trying to do is sniff some links which a certain app might be using to connect to some services. Is there any way i can found out the exact links while running the app live? Sorry for my bad english as english is not my first language.
Hardly authoritative with all those pauses and 'let's try this' I was hoping for something rehearsed and snappy I find sleepy and unplanned a bit of a turn off. I am sure you have something useful to say... you just haven't found the way to say it yet.
Thanks, I needed that, it's really a pain reverse engineering apps network requests by looking at the decompiled code
Very helpful information. I like how the proxy is able to trace the network calls accurately
Glad it was helpful!
Bloody beautiful, thanks for the great video. Subscribed!
What if I am reverse engineering an app and the app detects that the requests are being routed through a proxy? I need to use an invisible proxy, got root access btw. Should I use iptables somehow?
I needed this
Is there any tool that can inspect live traffic of an android app?
Thank you brother!
amazing video. im owner of a big discord bot and im using this method! thank u
I couldn't access the network traffic for native android app (made with flutter)
You realy help me a lot! Thanks!
can we do it with android connected with usb?
Damn!!!! Good work.
you are a fkn legend .. Keep up the good work I wish you the best
Do I need to have Root Access enabled?
Hey thanks for the video, I have done everything correctly, i have done everything correctly but I'm still getting "Client closed the connection before a request was made. Possibly the SSL certificate was rejected". I was wondering it this can be worked around by running a earlier Android version? Thanks
Android API call
Note: You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
Failure: SSL handshake with client failed: An unknown issue occurred processing the certificate (certificate_unknown)
From the device you are attempting to sniff, download and install the following.
chls.pro/ssl
@@DataSlayerMedia Thanks 😉
@@DataSlayerMedia I installed the cert but still the same problem on google translate and other apps.
@@terrygreen9if you're using non rooted physical device with fresh Android version you might not be able to see a lot of traffic. That's because at some point Android stopped supporting custom certificates for all apps except your own apps. When developing an Android app you must explicitly specify you trust that certificate. Although there is a workaround (maybe, worked like 2 years ago for me). You must manually update the manifest of the application you want to proxy. Decompilation is not needed because manifest is just a xml file.
@@user-tj9gj2wx5d modifying the manifest would break the signature, how is it possible?
I dont see proxy in my top menu bar. Can anyone help???
thank you
Do you have any other recordings that gives more idea about how to fix charles issues("Something went wrong", Not able to login, Blocking issue, etc.) due to which app is not working.
I'm not sure it helps with blocking issues, it just makes network traffic transparent so you can discover the shape/content of the data payloads.
@@DataSlayerMedia Why is my messages getting deleted?
@@DataSlayerMedia So by using Charles proxy I’m trying get a specific version of the app on Android (Minecraft to be specific). And I brought the game on the google play but unlike iTunes with using Charles proxy I just look for the buy part what do I do to find the thing on android to find the all of the app releases so I can put in breakpoints so I can get the version I want?
Bro I Do What You Do Step One Step But Still Not Dec Even I Have Installed Cerfiticate I Cannot Access
Spin up a node and let it run a while to begin to gauge how much it can earn you.
is there any way to simulate ios device on windows?
Checkout virtual box, virtual machines. Otherwise if you have an iOS device you could just proxy it through your windows machine.
Спасибо
Hi sir,i am new to this stuff and rn what i am trying to do is sniff some links which a certain app might be using to connect to some services.
Is there any way i can found out the exact links while running the app live?
Sorry for my bad english as english is not my first language.
what if apk using certificate pinning
That might create issues for this approach.
You might disable ssl pinning using frida.
Don't think this works with the Disneyland App
It doesn't work with every app.
Unfortunately it doesn't work on m1
what issue did you face @Mattia?
this things are not helping anymore ... this is not going to decrypt applications ..only works for usles and crap apps
yes!
Hmmm
Furman Via
what kind of developer uses a mac?
Hardly authoritative with all those pauses and 'let's try this' I was hoping for something rehearsed and snappy I find sleepy and unplanned a bit of a turn off. I am sure you have something useful to say... you just haven't found the way to say it yet.