How to sniff HTTPS from Android app

Requirements

  1. Rooted device with ProxyDroid installed.
  2. “Computer” with Burp installed.

Let’s start

Launch Burp from your computer.

Proxy -> Options -> Proxy Listeners

Uncheck current “running” proxy, the Add a new Proxy Listener.

Choose:

  • Bind to port: 8080
  • Bind to address: All interfaces

Selection_010

From the button below, export CA certificate in DER format.

Now change the file extension into .cer and push it in a user-browsable folder on your device. E.g.: I connected the device to the computer and I used adb.

mv burpcert.der burpcert.cer
adb push burpcert.cer /sdcard/Download

While you’re there, take note of your ip address (in this example I’ll use 192.168.1.69).

Device configuration

Settings -> Security -> Install certificates from storage

Select the pushed .cer certificate (obviously), and give it a name.

You’ll be warned that your traffic  may be monitored (obviously).

Install ProxyDroid.

Configure:

  • Host: your pc address
  • Port: 8080
  • Proxy Type: HTTP (no HTTPS, I’m sure!)

I suggest to choose, under Feature Settings, the Individual Proxy configuration so that you can choose only the app of which do you want to sniff the traffic.

Enable Proxy Droid and enjoy.

Update Nexus without losing data

Depend on several things OTA updates fails on your rooted devices or you want to manually  upgrade your android.

Download the factory image of your Nexus from:

https://developers.google.com/android/nexus/images

Extract the archive and edit the flash-all file (.bat if you are under Windows or .sh if you are under Linux).

 

You have to remove the “-w” option from the command on line 23:

fastboot -w update image-....

It will become:

fastboot update image-.....

Reboot in fastboot mode with:

 adb reboot bootloader

And then you can run the flash-all script.

Reverse Engineering Android APK

Vicious… yes!

Problem:

You’ve downloaded an APK somewhere and you want to extract images, xml and source. For simplicity we work with appname.apk

Resources:

  1. http://code.google.com/p/android-apktool/
  2. http://code.google.com/p/dex2jar/
  3. http://java.decompiler.free.fr/?q=jdgui


Extract images and xml:

  1. Launch from command line apktool passing appname.apk as first argument, then
  2. appname folder will be created and there you can find xml files and images.

Extract sources:

  1. Rename appname.apk in appname.zip, open it with your favorite archive manager, and extract the classes.dex file.
  2. In order to avoid path problem, I advice you  to copy the classes.dex file in dex2jar-* folder.
  3. Depending your operating system, launch from command line related dex2jar script passing classes.dex as first argument.
  4. Then, you’ll find the executable jar file classes_dex2jar.jar in the same directory.
  5. Open it with jd-gui and good luck!