Information Security Asked by qre0ct on December 26, 2021
Everything earlier used to work fine. However, recently I downloaded a newer virtual device on Genymotion, which is an Android 8.0 API 26. I have been struggling to get HTTPS traffic intercepted on this device. Some digging suggested that since Android Nougat things have changed with respect to the use of user installed CAs as trusted credentials. Further reading up landed me to this, quoted on multiple different forums as well, as a way to solve the problem.
Following the above link, although I have been able to successfully get the BURP cert installed as system
CA (as in the screen shot below) I am still unable to intercept the traffic.
PS: SSL pinning does not seem to be a problem (or is it :thinking_face:) since I have bypassed that with some off-the-shelf xposed ssl unpinning modules.
PS: let’s say I need to use a Nougat, so using an older API/Android is not an option as a solution.
PS: My virtual box settings for the device have 3 connected interfaces (host only, NAT & bridged)
I am now able to intercept app traffic. I actually did not change anything, other than restart the Genymotion virtual device & apply ssl unpin once again on the respective app/s.
But I am still unable to intercept any traffic from Google Chrome app or Firefox lite or even Web View browser on Nougat!
I am able to intercept implicit calls being made by Firefox lite browser to the host incoming.telemetry.mozilla.org
but not the search query itself. What is going on??
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP