3

I would like to be able to read traffic of my Android phone to see what data it's sending. It is running Android 9.

I have been able to use Charles but it can only read traffic that doesn't have SSL. It seems that if I was testing my own application there is something that I can set so it trusts the certificate, but I'm trying to get all traffic (all apps etc). I also have used the apps Packet Capture and NetCapture but they have the same limitation.

Is this video the guy is able to do it, but it appears to be an older version of Android where all apps would've trusted a user installed certificate.

Anyone got any ideas?

spectops1904
  • 61
  • 1
  • 1
  • 3

2 Answers2

7

On Android 9 installing a custom root certificate usually does not affect the apps, therefore HTTPS connections performed by apps don't trust the certificate from Charles that you have installed. To change this you would have to manipulate every app or modify the Android system itself. Additionally some apps (e.g. Google services and PlayStore) perform certificate/key pinning which totally prevents breaking the HTTPS traffic unless the system is heavily modified:

You have to root your device and install XPosed + multiple modules to allow SSL/TLS interception like TrustMeAlready (or the older projects Just Trust Me and SSL Unpinning).

Another possibility is using Frida in combination with some anti-TLS checking/pinning script(s).

More possibilities are described in this Answer.

WARNING: Doing so totally eliminates the security of each and every SSL/TLS/HTTPS connections on your device Therefore not only you but everybody can intercept the connections made by a device modified this way!

Robert
  • 39,162
  • 17
  • 99
  • 152
0

To answer simply... No.

There are ways to look into the traffic but it won't show you much of anything worthwhile. You might be able to take a guess here and there but nothing will satisfy what you are after. I would not waste your time TBH.

Source: Had to do this for my job. Analyzed our app as well as many many others.

Check this out: https://security.stackexchange.com/questions/83028/possibility-to-sniff-https-traffic-on-devices-without-installing-a-certificate/83039

Richard Dapice
  • 838
  • 5
  • 10