First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How can I capture API endpoints sent to HTTPS from an Android App?

I'm developing an app and want to test if users could be capturing HTTPS based API endpoints from my app by using Wireshark monitoring.

I know how to capture some HTTP traffic from my wireless network in my PC from the phone, buy I won't be able to decrypt the HTTPS traffic coming from the Android phone in case it's encrypted via HTTPS. Furthermore, if I'm not wrong, I understand that in the header of the HTTPS packets, I might find the endpoint URL that it's being queried and maybe in the body, I might find the info is being sent to that endpoint.

How can I work around this issue?

PS: I'm not 100% into Wireshark yet, please answer me in a simple form

SirLouen's avatar
1
SirLouen
asked 2021-07-10 17:29:45 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The easiest way to capture and decrypt TLS traffic on Android is to use "PCAP Remote". The app act as Man-In-The-Middle by creating an local VPN connection and using its self-signed certificate. You can then download the unencrypted traffic as pcap file to open it in Wireshark for further analyzes.

Another way to see the unencrypted traffic is to use a TLS proxy like Burp or mitm. One of the advantages of those TLS proxys is, that you can see and manipulate the HTTP requests in the GUI in realtime. The big disadvantage is, that it is not really easy to add the needed self-signed certificate to the Android trusted certificate store. You will need to have root access to your phone to do so.

I think the only way to prevent that users are able to decrypt the TLS traffic and find the API endpoints of your app is, to implement HTTP public key pinning to it. Your app will then only accept the defined server certificate for TLS connections, which prevents MITM attacks.

JasMan's avatar
81
JasMan
answered 2021-07-25 12:50:39 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer