Not an issue but a question

[shyne99]

Dear,

This is not a bug report, but rather a question on how do you capture HTTP request from the app

Since the last issue with the header change, I was trying to find a fix on my own. I set up an android emulator and thought that by installing a mitm certificate on the emulator, I would be able to capture traffic through mitm. I spend an hour fighting with this, but each time traffic goes through the proxy, it gets detected by PCC and it just refuses to work.

My question is, as I want to learn, how do you capture HTTP traffic off of this app ? Or at least, how can you spot the changes in the PCC API if it is not through HTTP interception ?

PS : also tried the route of decompiling the apk, but i just got back hot steaming pile of garbage, impossible to read...

[sockless-coding]

@shyne99 I find the easiest way to figure out what they changed is by decompiling the apk, most of the stuff is just 3rd party libs that can be ignored. In this case, to find where the header code is located, the best way is to search for a header you know should be there like X-APP-VERSION.

I've tried inspecting the traffic with various tools, but they are doing proper certificate checking, so sniffing it is hard even if you installed a trusted root certificate. But I think I've had it working in the past using fiddler.

[shyne99]

Thank you. I'll try it again to see if I can find those changes on my own. Really thank you as this is real world forensics and there is not much resources on how to do this...

[codyc1515]

No problem. I think the issue can be closed now.