0

Burp suite - Mobile apk request intercepting issues

I modified the apk manually using apk editor and also using a tool mitm-apk to intercept it's all traffic. During the process of modifying apk , tool did not returned any error as well. But when I tried to intercept traffic through burp it does not show any traffic. Burp proxy settings: <system.ip> <8000> I set the same settings on Android as a proxy as well also installed burp certificate on my Android device. Please guide me upon:

  1. How Can I modify apk effectively so I can perform mitm ?
  2. Let me know latest tools that can perform this job effectively

Please note , to test my burp and android settings i modified YouTube mobile application and it worked perfectly i.e. i was able to perform mitm . But when doing the same on another apk , it's not working.

John
  • 1
  • 2
  • Tools like mitm-apk can not fully work if the code is obfuscated as some certificate pinning implementations don't rely on a Android API and thus can not be identified if they are obfuscated. The only way to bypass I know is to decompile the app, identify the certificate pinning (requires knowledge on Java, certificate pinning, Android and a lot of luck to find it) remove it and recompile the app. – Robert May 30 '23 at 11:34

0 Answers0