MagiskTrustUserCerts
ndbproxy
MagiskTrustUserCerts | ndbproxy | |
---|---|---|
3 | 1 | |
1,575 | 1 | |
1.9% | - | |
0.0 | 2.6 | |
6 months ago | about 2 years ago | |
Shell | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MagiskTrustUserCerts
-
Inspecting http traffic from mobile phone applications
I am doing this right now. I'm using burp to proxy the traffic from a mobile application to test it's APIs. I did the following: 1. Root device and install Magisk 2. Connect phone to computer running burp and Android Debug Bridge. 3. Establish proxy connection using adb tunnel and ProxyDroid app. 4. Download Burp certificate to phone (it's stopped in User trust store but needs to be put in System. 5. Use the following Magisk module. MagiskTrustUserCerts 6. Profit
-
Mitmproxy 8
This is true, by default Android apps do not trust user-installed certificate authorities. IMO the easiest solution if you're doing security testing on a dedicated device is MagiskTrustUserCerts[1]. If you're not testing on a dedicated device or you don't want to root the device, I'd recommend using the objection[2] tool which has a guided mode for patching an apk, and you can modify the manifest to add your CA or to trust all user-installed CAs.
[1]: https://github.com/NVISOsecurity/MagiskTrustUserCerts
[2]: https://github.com/sensepost/objection/wiki/Patching-Android...
-
Scraping an Android App
2) in magisk install https://github.com/NVISOsecurity/MagiskTrustUserCerts
ndbproxy
-
Mitmproxy 8
Mitmproxy is so much fun. I used it recently to inspect the traffic between a `node --inspect` process and the Chrome devtools. I then used my understanding to "fix" a few things that annoyed me about the node debugging workflow - like how each time the debug server starts, it has a unique URL that you need to manually attach to in the debugger. It's very hacky but it works for my needs.
https://github.com/b0o/ndbproxy
What are some alternatives?
mitmpcap - export mitmproxy traffic to PCAP file
hetty - An HTTP toolkit for security research.
super-auto-pets - A tool to allow for viewing of arbitrary Super Auto Pets replays
remotedebug-ios-webkit-adapter - Debug Safari and WebViews on iOS from tools like VS Code and Chrome DevTools
xmppmitm - XMPP Man-in-the-Middle, quick & dirty
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
XMPPFrameworkLogger - An iOS jailbreak tweak to log (MITM) XMPP communication.
objection - 📱 objection - runtime mobile exploration