0

Before starting I would like to say that I in general I don't really understand a lot of what's going on so it would be much appreciated if you could move on pass my mistakes/correct me while also providing an answer the the question. I'm just trying to use my current knowledge to do stuff I think is cool and I need help filling in the gaps - I can think of stuff to theoretically do, but I have no idea how to actually do it.

Ok, back to the question. I am trying to analyze the code of some android app (the app is irrelevant) that makes http requests to a server during its runtime.

I would like to try and setup some sort of proxy or something like that would enable me to see the http requests the app is making before they are sent to the server, and maybe modify them (something a bit like what Burp does [I have very minimal experience with Burp and its probably capable of a lot more, but I digress]).

I thought about maybe running some kind of emulator on my PC and actually use Burp but I have no idea how that would even work, and not a clue on how to approach this, and that's where I would like your help.

Thanks in advance for reading this and for your time, and I hope you have a good day.

Gil Levin
  • 41
  • 5
  • If you want to intercept Android HTTPS traffic be aware that it is not that easy to get the proxy root CA certificate onto the device and used by the app you want to investigate: https://stackoverflow.com/q/62730978/150978 – Robert Mar 05 '22 at 13:34
  • You can refer to this video: https://www.youtube.com/watch?v=_nPy5MhtNk0 – YogeshBen Nov 24 '22 at 16:55

1 Answers1

0

I'd go with some browser addon. Like Tamper data. It'll ask always before submiting your request to server.

And if there aint no working Tamper Data plugin anymore for Firefox, I bet you can find one from addon "shop".

And then there is always this: https://www.kali.org/get-kali/#kali-mobile

Juspa GG
  • 1
  • 1