2023-11-5 22:19:18 Author: 0x00sec.org(查看原文) 阅读量:11 收藏
1
I need to figure out a way to intercept all network traffic on my phone in order to see if there are spywares on my phone and see if google collects my info, and if it does, to where exactly
peepingTom ([I like to watch])
2
Easiest way to do that is androiddump, either that or by having rooted phone or having a Openwrt router that captures and sends everything to a laptop/PC with wireshark using tcpdump.
c0z (Impetus Omnia Omnem Impetum)
3
Also you should use FRIDA to practice a technique called bypassing certificate pinning to see traffic of applications using HTTPS unencrypted.
Pinning is the process of associating a host with their expected X509 certificate or public key.
Once a certificate or public key is known or seen for a host, the certificate or public key is
associated or ‘pinned’ to the host.
The way it works is that you can hook into different functions that use the native SSL libraries on your phone to effectively just use the CA’s certificate that you want it instead. Which means every application you use will now use your certificate, which means you can decrypt the traffic.
如有侵权请联系:admin#unsafe.sh