3

I have WhatsApp installed on an iPhone connected to mitmproxy running on a laptop. I can see the intercepted network requests for other apps like safari no problem. But for WhatsApp, I see no traffic, even though it functions correctly. Could it by bypassing the proxy somehow? Is it using a different protocol that's not routed through the proxy or is not intercepted by mitm.

I do appreciate that whatsapp has end to end encryption, so I'm not going to be seeing anything useful, but I'd like to understand the issue as it may help me with other projects.

I also tried kik and snapchat, and in those cases I see some requests being intercepted, but for other activities like sending a message, I see no requests intercepted.

james738
  • 31
  • 2
  • 1
    Check if Whatsapp still works if mitmproxy is active. If not it may simple use certificate pinning. Whatsapp uses if I am not wrong XMPP which is by default a protocol that does not make use of HTTP. Hence an HTTP proxy won't see much... – Robert Feb 09 '21 at 15:33
  • Whatsapp is working fine, but thanks for the tip on XMPP - that does seem to be the issue - I'll look at alternative tools – james738 Feb 09 '21 at 16:06
  • @Robert So the manual proxy setting on phones is just for http stuff and anything else like xmpp can ignore it easy? – West Feb 25 '22 at 11:16
  • 1
    @West As Android only support HTTP proxies no socks proxy by definition the configured proxy is HTTP only. Proxy settings can also be ignored for HTTP traffic, if a custom HTTP client is used that does not read Android proxy settings (on OS level those clients just us a plain socket connection and implement an own HTTP client). – Robert Feb 25 '22 at 12:09
  • @Robert Ah i understand, thanks. I guess ios is same as whatsapp also ignores manual proxy there – West Feb 25 '22 at 12:14

1 Answers1

1

You are running into Certificate Pinning here:

This means that mitmproxy and mitmdump’s certificates will not be accepted by these applications without modifying them. It is recommended to use the passthrough feature in order to prevent mitmproxy and mitmdump from intercepting traffic to these specific domains. If you want to intercept the pinned connections, you need to patch the application manually. For Android and (jailbroken) iOS devices, various tools exist to accomplish this.

Maximilian Hils
  • 6,309
  • 3
  • 27
  • 46
  • Its not pinning because whatsapp continues to work just fine when manual proxy is on. Pinned apps simply stop working with mitmproxy – West Feb 25 '22 at 11:12