From 3a2414fb4c8cf0fbb35ff0c7ef31dd3b2789b4d2 Mon Sep 17 00:00:00 2001
From: ARZ <60057481+AbdullahRizwan101@users.noreply.github.com>
Date: Tue, 25 Jan 2022 15:56:09 +0500
Subject: [PATCH] Create Android-Pentesting- Android Appsec (Kotlin) HTTP &
 HTTPS Traff

---
 ...Android Appsec (Kotlin) HTTP & HTTPS Traff | 60 +++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 Android/Android-Pentesting- Android Appsec (Kotlin) HTTP & HTTPS Traff

diff --git a/Android/Android-Pentesting- Android Appsec (Kotlin) HTTP & HTTPS Traff b/Android/Android-Pentesting- Android Appsec (Kotlin) HTTP & HTTPS Traff
new file mode 100644
index 0000000..61fdc2f
--- /dev/null
+++ b/Android/Android-Pentesting- Android Appsec (Kotlin) HTTP & HTTPS Traff	
@@ -0,0 +1,60 @@
+# Android-Pentesting- Android Appsec (Kotlin) HTTP & HTTPS Traffic
+
+Android Appsec is an intentionally made vulnerable application made by https://twitter.com/hpandro1337 for educating about securtiy in android applications for learning purposes so I will be taking a look into intercepting HTTP and HTTPS traffic which comes in SSL pinning and it's a security flaw that developers leave in their applications as if one could intercept the requests being made from the application he can read the secrets , plain text data if not encrypted 
+
+<img src="https://i.imgur.com/mU3VSFw.png"/>
+
+
+To intercept the requets on burp suite we need to first install the certificate , this can be installed quite easilty.
+
+You can follow this guide to install burp's certificate 
+
+https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-android-device
+
+After installing the certificate , make sure that your burp's listener is running on all interfaces
+
+<img src="https://i.imgur.com/TxlPb6K.png"/>
+
+Add the IP address of your host machine in the network's proxy configuration
+
+<img src="https://i.imgur.com/nUDU52U.png"/>
+
+Now let's test this to see if we can intercept HTTP traffic
+
+## Intercepting HTTP Traffic
+
+As we click on Reload button while having the intercept turned on we can intercept the request 
+
+<img src="https://i.imgur.com/ID0GD5k.png"/>
+
+Send the request to repeater to get the response
+
+<img src="https://i.imgur.com/dEmXlGj.png"/>
+
+
+## Intercepting HTTPS Traffic
+
+Now intercepting https traffic may or maynot be easy as this is where ssl pinning comes in 
+
+<img src="https://i.imgur.com/snJxUaY.png"/>
+
+As you can see this is not intercepting https traffic even tho we have added the burp certificate , so it will only allow the https traffic only through a trusted certificate so we need to bypass this , this can bypassed through `objection`
+
+```
+objection --gadget com.hpandro.androidsecurity explore
+```
+
+```
+android sslpinning disable
+```
+
+<img src="https://i.imgur.com/mv8ol6j.png"/>
+
+Now if we try to intercept it , it will work
+
+<img src="https://i.imgur.com/eyExK2m.png"/>
+
+<img src="https://i.imgur.com/jdZaWeR.png"/>
+
+## References
+- https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-android-device