Open ItsMarcoDE opened 5 months ago
pimterry
commented
5 months ago Can you explain what "doesn't seem to work" means? There are no errors shown here and there's some traffic that's being intercepted correctly. How do you know it's not working?
It'd be useful to share any error messages you're seeing on the device, and the ADB logs (adb logcat -T1) from the period while you're intercepting the app.
ItsMarcoDE
commented
5 months ago The data within the app does not load, only the loading bars appear.
I have attached the adb log. adb-log.txt
ItsMarcoDE
commented
5 months ago This makes the loading bars disappear, but then I can't see the traffic: https://github.com/NVISOsecurity/disable-flutter-tls-verification
ItsMarcoDE
commented
5 months ago I have it when I'm with:
adb root adb remount adb shell "mount -o rw,remount /" adb push C:\Users\Admin.mitmproxy\c8750f0d.0 /system/etc/security/cacerts adb shell "chown root:root /system/etc/security/cacerts/c8750f0d.0" adb shell "chmod 664 /system/etc/security/cacerts/c8750f0d.0"
Change the root certificate, then I see the traffic in mitmproxy. So there seems to be a problem with overwriting the certificate using the config or?
Logs: log.txt proxy_log.txt
pimterry
commented
5 months ago Hmm, yes this is interesting and I can reproduce the issue. It does indeed look like the app is built with Flutter, which can often cause issues like this. Right now this repo isn't well set up to intercept flutter (which ignores most system settings & standard APIs by default) but I'm definitely interested in doing that eventually.
From what I can see, it looks like the app is failing in an unusual way when the certificate isn't trusted for intraniglo.nigloland.fr. Instead of explicitly rejecting the cert or closing the connection immediately (the normal behaviour, which would show a warning) instead it seems to keep the connection open but just never send anything. That's why nothing appears in the list.
I can confirm that using normal system interception (manual setup as you describe, or automatic ADB setup on a rooted device with HTTP Toolkit) does successfully capture all the intraniglo traffic that was missing otherwise.
It is a good test case for flutter interception with these scripts though. I don't have time to totally fix this myself right now, but I would be very interested to hear if you find any good approaches to intercept traffic like this with Frida alone.
The Nigoland app doesn't seem to work with the scripts, but I don't see a direct error in the log.
The APP: https://play.google.com/store/apps/details?id=com.nigloland.nigloland
Do you have any tips for me as to what the problem might be?
Log:
| (_| |
Starting scripts == Redirecting all TCP connections to 192.168.178.59:8080 == [+] Patched 2 libssl.so verification methods == Hooked native TLS lib libssl.so == Spawned
Rewriting
Rewriting
== Proxy configuration overridden to 192.168.178.59:8080 ==
[+] Injected cert into com.android.org.conscrypt.TrustedCertificateIndex
[ ] Skipped cert injection for org.conscrypt.TrustedCertificateIndex (not present)
[ ] Skipped cert injection for org.apache.harmony.xnet.provider.jsse.TrustedCertificateIndex (not present)
== System certificate trust injected ==
com.nigloland.nigloland. Resuming main thread! [SM-G988N::com.nigloland.nigloland ]-> Ignoring unix:dgram connection == Proxy system configuration overridden to 192.168.178.59:8080 == Rewriting[+] javax.net.ssl.HttpsURLConnection setDefaultHostnameVerifier [+] javax.net.ssl.HttpsURLConnection setSSLSocketFactory [+] javax.net.ssl.HttpsURLConnection setHostnameVerifier [+] javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) [ ] com.android.org.conscrypt.CertPinManager isChainValid [+] com.android.org.conscrypt.CertPinManager checkChainPinning [+] android.security.net.config.NetworkSecurityConfig $init() (0) [+] android.security.net.config.NetworkSecurityConfig $init() (1) => android.security.net.config.NetworkSecurityConfig $init() (1) => android.security.net.config.NetworkSecurityConfig $init() (0) [+] com.android.okhttp.internal.tls.OkHostnameVerifier verify(String, SSLSession) [+] com.android.okhttp.Address $init(String, int, Dns, SocketFactory, SSLSocketFactory, HostnameVerifier, CertificatePinner, Authenticator, Proxy, List, List, ProxySelector) [ ] com.android.okhttp.Address $init(String, int, SocketFactory, SSLSocketFactory, HostnameVerifier, CertificatePinner, Authenticator, Proxy, List, List, ProxySelector) [ ] okhttp3.CertificatePinner [ ] com.squareup.okhttp.CertificatePinner [ ] com.datatheorem.android.trustkit.pinning.PinningTrustManager [ ] appcelerator.https.PinningTrustManager [ ] nl.xservices.plugins.sslCertificateChecker [ ] com.worklight.wlclient.api.WLClient [ ] com.worklight.wlclient.certificatepinning.HostNameVerifierWithCertificatePinning [ ] com.worklight.androidgap.plugin.WLCertificatePinningPlugin [ ] com.commonsware.cwac.netsecurity.conscrypt.CertPinManager [ ] io.netty.handler.ssl.util.FingerprintTrustManagerFactory [ ] com.silkimen.cordovahttp.CordovaServerTrust [ ] com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyHostnameVerifier [ ] com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyInterceptor [ ] com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyTrustManager == Certificate unpinning completed == => android.security.net.config.NetworkSecurityConfig $init() (1) => android.security.net.config.NetworkSecurityConfig $init() (0) == Unpinning fallback auto-patcher installed == Scripts completed
[] Core Verify() called [] MD isEqual() called [] MD isEqual() called [] MD isEqual() called [] MD isEqual() called [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 111 to {"ip":"192.168.178.59","port":8080} (-1) [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 116 to null (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 117 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 116 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 116 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 116 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 116 to null (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 116 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 117 to {"ip":"192.168.178.59","port":8080} (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 116 to null (-1) [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to {"ip":"192.168.178.59","port":8080} (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 151 to {"ip":"192.168.178.59","port":8080} (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 157 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 158 to {"ip":"192.168.178.59","port":8080} (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 164 to null (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 165 to null (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 166 to null (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 167 to {"ip":"::ffff:192.168.178.59","port":8080} (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 158 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 151 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 166 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) Manually intercepting connection to [2a:a:15:80:20:0:6f:0:0:0:0:0:0:0:0:12]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 167 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 170 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 167 to {"ip":"192.168.178.59","port":8080} (-1) [] Mypid() = 12341 Manually intercepting connection to 188.114.96.3:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 170 to null (-1) [] Mypid() = 12341 [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 166 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 166 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to {"ip":"192.168.178.59","port":8080} (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 166 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 167 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 170 to null (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 171 to {"ip":"192.168.178.59","port":8080} (-1) Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 173 to null (-1) [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 Manually intercepting connection to 185.151.189.166:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp fd 159 to null (-1) [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341 [] Mypid() = 12341