Can't read traffic through one specific app with Burp

432 Views Asked by GoekhanDev At 06 April 2023 at 07:29

So I'm trying to debug this specific app:

https://sahibinden-com.tr.uptodown.com/android

To debug I'm using Frida, Genymotion and this script to unpin the certificate: https://codeshare.frida.re/@akabe1/frida-multiple-unpinning/

Since I'm using android 11 I've installed the Burp certificate like in this blog post: https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/

The issue I'm facing is that, when I change the proxy settings of the phone to the local address for burp I'm facing this error:

I've tried removing the certificate manually and with various tools like apk-mitm with no success. I also resetted the emulator tried other versions with no success.

Here is the classes7.dex file which includes the CertPinenr class: https://codefile.io/f/QQccFcGxnN79IBav3TeM

EDIT:

I've just realized if I run the same request in a python script no error appears, just when the app make the request it fails.

curl -i -s -k -X $'GET' \
    -H $'X-Device-Descriptor-Id: Yjk0N2MyYzRkMDhlZDY2Mg' -H $'User-Agent: Sahibinden-Android/4.64.1 (1235; Android 11; Samsung Galaxy S7)' -H $'x-api-key: 51999c399f7cfe43b3bf8c42b2bd002a5b57573b070420923bf952cf98ae3847' -H $'X-Search-Type: LAST_SEARCH/LAST_SEARCH_HOME_PAGE/LIST' -H $'x-client-profile: Generic_v2.1' -H $'x-device-id: c9b0c08c9272406687a3eb586b789657' -H $'x-timestamp: 1680793480176' -H $'x-api-hash: 81B935CCD59E8E8E166FFB2E2DF19DA7ACBA123D' -H $'X-Activity-Session-Id: 0b9e3168-de1b-43e0-8759-ec95d857cb1b' -H $'x-language: tr' -H $'Content-Type: application/json; charset=utf-8' -H $'Host: k8tmllapi.sahibinden.com' -H $'Connection: Keep-Alive' -H $'Accept-Encoding: gzip, deflate' \
    $'https://k8tmllapi.sahibinden.com/sahibinden-ral/rest/classifieds/showcase/homepage?language=tr'

This requests gives me a successful response when running it through python, on the app im getting this response:

{"success":false,"errorCode":"14002","error":{"code":"CFXBNDKA-0406","prefix":null,"name":null,"description":"CihazÄ±nÄ±zdan ya da baÄŸlÄ± olduÄŸunuz aÄŸdan sitemize olaÄŸan dÄ±ÅŸÄ± (otomatik) eriÅŸim yapÄ±lmaya Ã§alÄ±ÅŸÄ±ldÄ±ÄŸÄ±nÄ± gÃ¶rÃ¼yoruz. Åžu anda talebinizi gerÃ§ekleÅŸtiremiyoruz, kÄ±sa bir sÃ¼re sonra tekrar deneyebilirsiniz.","message":"OlaÄŸan dÄ±ÅŸÄ± eriÅŸim tespit ettik...","trace":null,"clientMessage":"CihazÄ±nÄ±zdan ya da baÄŸlÄ± olduÄŸunuz aÄŸdan sitemize olaÄŸan dÄ±ÅŸÄ± (otomatik) eriÅŸim yapÄ±lmaya Ã§alÄ±ÅŸÄ±ldÄ±ÄŸÄ±nÄ± gÃ¶rÃ¼yoruz. Åžu anda talebinizi gerÃ§ekleÅŸtiremiyoruz, kÄ±sa bir sÃ¼re sonra tekrar deneyebilirsiniz."}}

Original Q&A

Can't read traffic through one specific app with Burp

There are 0 best solutions below

Related Questions in FRIDA

Related Questions in BURP

Related Questions in SSLPINNING

Trending Questions

Popular # Hahtags

Popular Questions