hotpockets Posted June 23, 2016 Posted June 23, 2016 So I noticed a few things. I was attempting to sniff traffic from an android/ios application and it wasn't showing up in Fiddler2/Burp. It possibly showed up in Wireshark but it's encrypted and I can't read it. Long story short, I disabled SSL Pinning and have both Fiddler/Burp setup properly. It shows HTTPS/SSL traffic BUT it doesn't show all of the websockets. I believe it's a similar issue to WhatsApp/Facebook Messenger. When I try to sniff traffic from those chat applications it does not show any incoming/outgoing traffic. Any ideas what next steps I should take? I KNOW there is traffic going and leaving, but it's not being intercepted.
lucifeey Posted February 16, 2017 Posted February 16, 2017 (edited) Fiddler sets the System Proxy to 127.0.0.1:8888, but maybe those applications dont use that. You can "force" that with Proxifier or similar tools. // for Windows EDIT: Oops... i didn't read correctly Maybe its the same way on mobile. Edited February 16, 2017 by lucifeey im stupid
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now