| There's a detailed Android guide here: https://httptoolkit.tech/docs/guides/android/ In short, most of the time you need to either: - Connect an Android emulator or a rooted device to ADB, in which case HTTP Toolkit can do totally automated setup for you. - Use a non-rooted device, and make some minor config changes to the target application (trivial if it's your own application, slightly more difficult if it's not). That handles 99% of Android apps, which usually don't actually pin certificates - they generally rely on Android's built-in non-modifiable system certificate store instead. Lots more detail on how this all works here: https://httptoolkit.tech/blog/intercepting-android-https/ For apps that really do manually pin certificates, I've also written a general purpose Frida script that covers most cases out of the box. There's a full guide with more detail here: https://httptoolkit.tech/blog/frida-certificate-pinning/. And if even that doesn't work, I've also written a "reverse engineering an Android app from scratch so you can write you own Frida script" guide here: https://httptoolkit.tech/blog/android-reverse-engineering/ |