![]() ![]() There are some places most developers prefer to put the base URLs of the app for reuse over the entire app: We are sure that the REDACTED app is using secure https endpoints to communicate with the server because if just HTTP then it will be shown in HTTP history tab. Let’s hunt look for the URLs that the app is using because this is the parameter that network frameworks will use to make requests like NSURLSession, AlamoFire, AFNetworking… just to name as a few. In case you inspect the app and don’t find any certificate files with this command, it might be the developer pinned the public key instead, you need to inspect the binary file. mqttServer.cerĪs we can see, the certificate files are bundled in the app, so we can say mostly this app has SSL Pinning implemented - pin the certificate. To double confirm this, let’s do some analysis. And when the app communicates by HTTP protocol, there no need for SSL Pinning evaluation and our Burp Suite proxy will easily Catch ’Em All. To make app requests appear on this tab, we need to find a way to downgrade https requests to http. When the app has SSL Pinning implemented, connect it via proxy server will not work because the client will think that proxy as a server, not a real one and it won’t establish a connection to that proxy server (due to certificate/public key of that proxy server not match with the one bundled in the app), so no requests will be made and no records will be shown in HTTP history tab. ![]() In short, SSL Pinning is a way for the client-side to verify whether the app communicates only with the designated server itself. If you don’t know what is SSL Pinning, I suggest referring this detailed explanation article about how SSL Pinning works. Normally when we launch the app, we should see some kind of requests to get app configuration or send player state (game apps)… An idea comes in our minds that this may be due to SSL Pinning employed in the app. Observe HTTP history tab in Burp Suite while launching the app, we don’t see any requests that exchange player info or configuration, something looks wrong here. Launch Burp Suite and do some necessary setup as Prerequisites section. We want to know how REDACTED app exchange info with server, so let pick up Burp Suite as proxy tool to sniff requests. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |