|
|
|
|
|
|
by Aissen
3130 days ago
|
|
|
Even without certificate pinning, starting with Android 7, you must decompile the app to allow user provided certificates. Or use an xposed module if you have a rooted device. See this mitmproxy bug: https://github.com/mitmproxy/mitmproxy/issues/2054 And this tool is nice to automate decompiling, adding the line in the manifest to be able to use user-installed certificates, and recompiling: https://github.com/levyitay/AddSecurityExceptionAndroid Also, if the app uses Google signin, you have to be rooted, because play services uses the package manager to check the app signer before giving the app a token. |
|
|