Intercepting Flutter traffic on iOS

My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7. This blogpost does the same for iOS. ⚠️ Update August 2022 ⚠️An update to this blog post was written and can be found here. It covers both iOS and Android and a convenient script / … Continue reading Intercepting Flutter traffic on iOS

Intercepting Flutter traffic on Android (ARMv8)

In a previous blogpost, I explained my steps for reversing the flutter.so binary to identify the correct offset/pattern to bypass certificate validation. As a very quick summary: Flutter doesn't use the system's proxy settings, and it doesn't use the system's certificate store, so normal approaches don't work. My previous guide only explained how to intercept … Continue reading Intercepting Flutter traffic on Android (ARMv8)

Intercepting traffic from Android Flutter applications

Update: The explanation below explains the step for ARMv7. For ARMv8 (64bit), see this blogpost. ⚠️ Update August 2022 ⚠️An update to this blog post was written and can be found here. It covers both iOS and Android and a convenient script / Frida codeshare to use. Flutter is Google's new open source mobile development framework that … Continue reading Intercepting traffic from Android Flutter applications

Solving Flaggy Bird (Google CTF 2019)

A few weekends ago we participated in the Google CTF. While we didn't make it to the top 10, we did manage to solve quite a few challenges. This is my writeup of FlaggyBird, the only mobile challenge that was available. The challenge The challenge was an .apk that did not require network connectivity. Installing … Continue reading Solving Flaggy Bird (Google CTF 2019)

Circumventing SSL Pinning in obfuscated apps with OkHttp

TL;DR - There are many Android SSL pinning bypass scripts available for Frida. However, those don't always work on obfuscated applications. If the application uses OkHttp, there's an easy way to find a convenient place to bypass the pinning by grepping for the right SMALI string. The target For this blogpost, I've created a little … Continue reading Circumventing SSL Pinning in obfuscated apps with OkHttp

Using a custom root CA with Burp for inspecting Android N traffic

TL;DR: Follow these steps to intercept traffic using Burp with a self made root CA on Android (or any browser) The problem In a previous blogpost, we presented a Magisk module that easily integrates user certificates into the system CA store in order to bypass Android N's new hardened security model. For instrumenting applications, this … Continue reading Using a custom root CA with Burp for inspecting Android N traffic