Proxying Android app traffic – Common issues / checklist (June 2025)

Latest update: June 2025 During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend API. In order to examine the security of the API, you will either need extensive documentation such as Swagger or Postman files, or you can let the mobile application generate all the traffic for you … Continue reading Proxying Android app traffic – Common issues / checklist (June 2025) →

Intercepting Flutter traffic on iOS

My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7. This blogpost does the same for iOS. ⚠️ Update August 2022 ⚠️An update to this blog post was written and can be found here. It covers both iOS and Android and a convenient script / … Continue reading Intercepting Flutter traffic on iOS →