Welcome to the Off-Shore Club

The #1 Social Engineering Project in the world since 2004 !

Important Notice:

✅UPGRADE YOUR ACCOUNT TODAY TO ACCESS ALL OFF-SHORE FORUMS✅

[New]Telegram Channel

In case our domain name changes, we advise you to subscribe to our new TG channel to always be aware of all events and updates -
https://t.me/rtmsechannel

OFF-SHORE Staff Announcement: 30% Bonus on ALL Wallet Deposit this week


For example, if you deposit $1000, your RTM Advertising Balance will be $1300 that can be used to purchase eligible products and service on forums or request withdrawal. The limit deposit to get the 30% bonus is $10,000 for a $3000 Marketplace wallet balance Bonus.

Deposit Now and claim 30% more balance ! - BTC/LTC/XMR


Always use a Mixer to keep Maximum anonimity ! - BTC to BTC or BTC to XMR

Intercepting Android SSL Tutorial

⚠️Always Remember to keep your identity safe by using a Zero-KYC Zero-AML like https://coinshift.money⚠️

Gold

Showman

Business Club
💰 Business Club
USDT(TRC-20)
$0.0
One of the most important things in android application penetration testing is “Capturing Android application’s HTTPS traffic”.

Reading HTTP traffic generated by android apps is some what easier than reading HTTPS traffic.

Recently some people asked me about “how to get Facebook for Android access token”. It can be done by intercepting SSL / HTTPS traffic from Facebook application.

So here it goes the easy way to intercept, read and modify SSL network traffic generated by android applications.

intercept android https ssl trafficThings we need :
1) Android mobile phone.
2) WiFi Internet Connection.
3) Laptop or Desktop with Charles proxy installed.

Note : Desktop/Laptop should be connected to the same network connection where your mobile is connected. i.e. same WiFi connection.

Step 1 : Install intercepting proxy software (Charles proxy in our case)
Charles proxy is one of many good alternatives to Burp suite to perform Man in the Middle Attacks (MITM).

Read their documentation for any help related to installation. By default, charles proxy listens to port number 8888. Charles proxy is available for Windows, Mac and Linux users.

Step 2 : Setup WiFi proxy in your android mobile
In your android mobile, go to Settings > Wi-Fi, long press the active network connection. Select “Modify network” > Tick “Advanced options”. Change none to manual under proxy drop down menu.

Enter your computer’s local IP address (i.e. 192.168.1.100) in host, 8888 in port.

Also, note down the local IP address of your mobile shown at the top of the Modify network menu. Please note that some older versions of android do not support WiFi proxy feature.

Step 3 : Install SSL certificate in android trusted credentials
Before installing ssl certificate, we need to add our android mobile’s local network ip in charles proxy access control list. Proxy – > Access Control Settings in charles proxy.

Add the local IP we got from step 2 to the access control list.

Download charles proxy ssl certificate zip here.

Extract the certificate and copy it to your mobile’s SD storage.

In your mobile, Settings > Security > Install (certificates) from Memory / SD Card and then select the certificate file.

Step 4 : Intercept SSL / HTTPS traffic
We can now intercept all HTTP traffic. For HTTPS, we need to enable SSL proxying in the settings of charles proxy. Proxy > Proxy Settings > SSL and select “Enable SSL proxying”. Add Hostname : * and Port : * in it.

This will add all the domains and ports. You can change the wildcards as per your need.

That’s all we are done.

Charles proxy shows all the requests made from android device. Make use of breakpoints in charles proxy to modify requests and responses.

Now we can read and modify all the traffic (both http and https) generated by android applications which obey android proxy settings.

Some apps disobey android proxy settings, we need to go for rooted android device in that case.

For those who want to get the “Facebook for Android access token”, go to Facebook app in your mobile and you will be able to see the access token in Authorization header of every request sent to graph.facebook.com or api.facebook.com in charles proxy.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Friendly Disclaimer We do not host or store any files on our website except thread messages, most likely your DMCA content is being hosted on a third-party website and you need to contact them. Representatives of this site ("service") are not responsible for any content created by users and for accounts. The materials presented express only the opinions of their authors.
🚨 Do not get Ripped Off ! ⚖️ Deal with approved sellers or use RTM Escrow on Telegram
Gold
Mitalk.lat official Off Shore Club Chat


Gold

Panel Title #1

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Panel Title #2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Top