xmppmitm VS MagiskTrustUserCerts

I was reverse engineering my microwave a few years ago and couldn't MITM on XMPP because of the TLS so I used a jailbroken iPhone and was able to "swizzle" the Objective-C methods to log the data at a method right before encryption started. Fun.

There was another XMPP MITM I could have used, but I think I was already invested in figuring out the first idea before I learned of the simpler, existing way:

https://github.com/BrianHenryIE/XMPPFrameworkLogger

https://github.com/iamultra/xmppmitm

I am doing this right now. I'm using burp to proxy the traffic from a mobile application to test it's APIs. I did the following: 1. Root device and install Magisk 2. Connect phone to computer running burp and Android Debug Bridge. 3. Establish proxy connection using adb tunnel and ProxyDroid app. 4. Download Burp certificate to phone (it's stopped in User trust store but needs to be put in System. 5. Use the following Magisk module. MagiskTrustUserCerts 6. Profit

This is true, by default Android apps do not trust user-installed certificate authorities. IMO the easiest solution if you're doing security testing on a dedicated device is MagiskTrustUserCerts[1]. If you're not testing on a dedicated device or you don't want to root the device, I'd recommend using the objection[2] tool which has a guided mode for patching an apk, and you can modify the manifest to add your CA or to trust all user-installed CAs.

[1]: https://github.com/NVISOsecurity/MagiskTrustUserCerts

[2]: https://github.com/sensepost/objection/wiki/Patching-Android...

2) in magisk install https://github.com/NVISOsecurity/MagiskTrustUserCerts