0

I'm wondering if it is still possible these days to proxy/spoof traffic on secured apps for example the Mcdonald's app. I use this example because it's a well known app with a lot of securities in place:

  • Safetynet checks
  • Root checks
  • Certificate pinning
  • SSL encryption
  • Proxy aware

On android you could root your phone. Use Magisk hide so the app passes the root checks, U could use Universal safetynet fix to still pas Safetynet. With move certificates u could install the certificate of your proxy into the system certificates on android. And if you would use mitmproxy in transparent mode the app would not be aware its being proxied. But then there's still certificate pinning... For that there are modules like TrustmeAlready (EdXposed) and SSLUnpinning or Frida's universal SSL unpinning script. The latter requires me to disable Magisk hide for the app so the root checks would fail and the former also makes it impossible to start the app (app shows an error).

Are there setups, tools, methods in order to still successfully proxy the traffic without the app complaining?

Niya
  • 61
  • 6
  • What is the attack vector you're scared of? Someone attacking the app on their own device? Pretty impossible to secure that, they can always use a version of AOSP tweaked to do whatever they want, including compromised versions of lib SSL that log to a file. If it runs on someone else's hardware, it isn't secure. There's just the question of what you'd gain from it- order McDonalds delivery that you could have just done via the app? Its not generally a concern. – Gabe Sechan Nov 27 '21 at 00:43
  • As long as no code in TEE (like used by Google SafetyNet check on some devices) you can modify the app as you want using Frida. It is just a matter of time, knowledge and practice to bypass every check. – Robert Nov 27 '21 at 18:17

0 Answers0