-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added ios & android technique and tool for re-flutter (by @appknox) #2600
Changes from 1 commit
1570297
c66ad79
67ef2c4
55cceab
c7b2103
a8e2af9
bab130a
3e8026e
4400933
2e8a6db
a7313bf
58a0c5b
a739edc
987322d
b3fc2e1
2f9e0bd
3d414a7
338d809
e5eff2d
6541328
f91f157
843c05e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -5,6 +5,9 @@ platform: android | |||||||||||||||||||
|
||||||||||||||||||||
Flutter is an open-source UI software development kit (SDK) created by Google. It is used for building natively compiled applications for mobile, web, and desktop from a single codebase. Flutter uses Dart, which is not proxy-aware and uses its own certificate store. The application doesn't take proxy configuration from the system and send the data directly to the server. Due to this, it is not possible to intercept the request using the BurpSuite or any MITM tools. | ||||||||||||||||||||
|
||||||||||||||||||||
|
||||||||||||||||||||
There are alternative methods for intercepting traffic, such as [sending traffic to the proxy through ProxyDroid/iptables](https://blog.nviso.eu/2019/08/13/intercepting-traffic-from-android-flutter-applications/). However, these techniques require some configuration. By employing the re-flutter command-line tool, the application can be patched effortlessly without the need for any setup. | ||||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
The re-flutter app also has downsides, so this is pretty one-sided:
I've used reFlutter a few times (mostly for the object-dump) and it's great when it works, but not straightforward if it doesn't. So I modified this section to give a more generic introduction of what needs to be done, and then the rest can explain both reFlutter and Frida+(eg)ProxyDroid We should also use reFlutter, as the tool calls itself, and not re-flutter. |
||||||||||||||||||||
|
||||||||||||||||||||
## Intercepting Traffic using re-flutter | ||||||||||||||||||||
|
||||||||||||||||||||
1. Patch the app to enable traffic interception. | ||||||||||||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I modified this a bit, since the proxy-unaware isn't really an issue (you could use a VPN, arp spoofing, DNS spoofing, WIFI MITM, ...), but the fact that it has a built-in cert store is an issue that can't be solved by any conventional technique.