Pokemon Go MITM Proxy - Intercepts the traffic between your Pokemon Go App and their servers, decodes the protocol and gives you a handy tool to enrich your own game experience by altering the data on the fly.
Take a look at the examples to get started. Feel happily invited to contribute more!
-
Get nodejs
-
Get protobuf >= 3
-
Clone the code to experiment with the examples! (otherwise use it as a npm package)
git clone https://github.com/rastapasta/pokemon-go-mitm-node.git && cd pokemon-go-mitm-node
npm install
-
Setup the CoffeeScript interpreter (optional if using
npm
scripts)npm install -g coffee-script
-
Android
- on a rooted phone: install the Xposed module pokemon-go-xposed
- otherwise: install a pre-patched version
-
iPhone
If you are using pokemon-go-xposed, set the custom endpoint to your machines IP (default port it 8082). All done!
-
Generate a CA MITM certificate
- Run
npm start
(orcoffee example.logTraffic.coffee
) to generate a CA certificate - Download the generated certificate from the started server via
https://host:8082/ca.crt
(or copy the file.http-mitm-proxy/certs/ca.pem
) - Add the certificate to the "trusted certificates" of your mobile (for "VPN and apps" on Android)
- Run
-
Setup your mobile's connection to use your machine as a proxy (default proxy port is 8081)
-
Done!
-
Android N requires a different certificate format, make sure you download
https://host:8082/ca.crt
to your mobile -
To let an iPhone or iPad trust the certificate, you might have to save and email
https://host:8082/ca.crt
to yourself to open it in the Mail app -
On very few systems (Raspberry Pi) the CA certificate has to be generated manually:
openssl genrsa -out .http-mitm-proxy/keys/ca.private.key 2048 openssl rsa -in .http-mitm-proxy/keys/ca.private.key -pubout > .http-mitm-proxy/keys/ca.public.key openssl req -x509 -new -nodes -key .http-mitm-proxy/keys/ca.private.key -days 1024 -out .http-mitm-proxy/certs/ca.pem -subj "/C=US/ST=Utah/L=Provo/O=PokemonCA/CN=example.com"
-
If you are unable to log in after installing the certificate on Android, you may have to reboot for apps to see the new CA (#208)
PokemonGoMITM = require 'pokemon-go-mitm'
server = new PokemonGoMITM port: 8081
# Replace all PokeStops with kittys!
server.addResponseHandler "FortDetails", (data) ->
data.name = "Pokemon GO MitM PoC"
data.description = "meow!"
data.image_urls = ["https://thecatapi.com/api/images/get?format=src&type=png"]
data
Thanks to the awesom work done around POGOProtos, all requests and responses can be intercepted and altered on the fly by now!
- AddFortModifier
- AttackGym
- CatchPokemon
- CheckAwardedBadges
- CheckCodenameAvailable
- ClaimCodename
- CollectDailyBonus
- CollectDailyDefenderBonus
- DiskEncounter
- DownloadItemTemplates
- DownloadRemoteConfigVersion
- DownloadSettings
- Echo
- Encounter
- EncounterTutorialComplete
- EquipBadge
- EvolvePokemon
- FortDeployPokemon
- FortDetails
- FortRecallPokemon
- FortSearch
- GetAssetDigest
- GetDownloadUrls
- GetGymDetails
- GetHatchedEggs
- GetIncensePokemon
- GetInventory
- GetMapObjects
- GetPlayer
- GetPlayerProfile
- GetSuggestedCodenames
- IncenseEncounter
- LevelUpRewards
- NicknamePokemon
- PlayerUpdate
- RecycleInventoryItem
- ReleasePokemon
- SetAvatar
- SetContactSettings
- SetFavoritePokemon
- SetPlayerTeam
- StartGymBattle
- UpgradePokemon
- UseIncense
- UseItemCapture
- UseItemEggIncubator
- UseItemGym
- UseItemPotion
- UseItemRevive
- UseItemXpBoost
Enjoy! And heaps of thanks to everyone who contributed here and on slack!