LebGeeks

sero

Member

Capturing https URL

I have an app on my mobile phone (android) that runs https requests and prints received data.

Mobile app > https request > json/xml data received > data is shown to the user

Is there a way to get the https URL (maybe using a sniffing app)?

rolf

Member

Re: Capturing https URL

AFAIK there is no way to capture the complete URL because the HTTP protocol happens inside an encrypted tunnel.
However it is possible to know the domain name because someone who can sniff your traffic (ISP, etc) can know which IPs you are connecting to and can also listen to your DNS - most DNS is cleartext, but there are ways to protect it.
If you want maximum privacy then use an SSH tunnel or a VPN.

For example, given this URL:

https://lebgeeks.com/forums/viewtopic.php?pid=175440#p175440

It is possible (but not guaranteed) to get this part by spying on your connection:
lebgeeks.com

But not this part because it is handled by HTTP (HTTP GET request) which will be encrypted:
/forums/viewtopic.php?pid=175440#p175440

Last edited by rolf (May 25 2018)

samer

Admin

Re: Capturing https URL

Yes, but this only works if the app does not use certificate pinning (lots of them don't).
You can do it using a tool like Charles Proxy. Here's a tutorial: https://medium.com/@hackupstate/using-c … 1fc38760f7
You can skip the part about setting up a new android app, as you'll be using an existing one.

sero

Member

Re: Capturing https URL

Thanks Samer
I tried your procedure, However the app stops connecting to its sever when I set a proxy (a connection error is displayed. Other apps still work)
Does this mean the app uses certificate pinning?

Any other way to proceed?

Last edited by sero (May 28 2018)