Nerixyz
commented
2 years ago I haven't looked at ios.
Open crylonblue opened 2 years ago
Nerixyz
commented
2 years ago I haven't looked at ios.
crylonblue
commented
2 years ago Should be the same, the only difference i saw so far, that on android, the session gets saved in a cookie. In ios the Bearer-Token is present in the request header.
Nerixyz
commented
2 years ago In ios the Bearer-Token is present in the request header.
Android uses the token as well.
crylonblue
commented
2 years ago I think for the most part, it should be the same. Any tipps on reverse engineering in ios? My current setup is wireshark, with mitm proxy transparent, and frida for ssl unpin. Anything I have to lookout for and maybe some resources where i can find something about mqttot?
Nerixyz
commented
2 years ago Any tipps on reverse engineering in ios?
I have never done iOS RE.
Anything I have to lookout for and maybe some resources where i can find something about mqttot?
MQTToT isn't a standard. You can look here on how it's different from regular MQTT 3/3.1.
Hey, i am currently trying to do your thing in python and for iOS.
I am trying to use frida for the ssl unpinning and mitmproxy for getting the traffic. But mitmproxy is unable to show the data properly. Any tips on reverse engineering the ig mqtt api on iOS?
Thanks in advance