jayluxferro
commented
1 month ago @tcmaps No it can’t do that. You can write a burp plugin to handle that for you.
Open tcmaps opened 1 month ago
jayluxferro
commented
1 month ago @tcmaps No it can’t do that. You can write a burp plugin to handle that for you.
A modified and resigned apk will usually not be able to access Firebase Auth and other APIs that are bound to the original SHA1. Though it's possible to modify the header with an intercepting proxy like Burp, having the option to hook the signature check directly would be preferable. Can this toolkit take care of that already?