如何在没有代码的情况下在 Android 上查看 React Native App 的网络流量

Question

I'm trying to view the network traffic of an android app for which I'm in no way associated.

Here's what I've done:

1. Install app from google play store. Running adb shell pm path ... shows multiple APK files have been installed.

2. Proxy network traffic through my laptop. This works but all the requests from the app are encrypted.

3. Install custom certificate authority on my android to prepare for SSL encrypt/decrypt inside laptop proxy.

4. Decrypt traffic on my laptop proxy. From laptop proxy logs I can see many requests are succeeding, including mail.google.com. However the app I'm interested in is failing SSL handshake between android and my laptop.

5. Pull all app APK files from my android to laptop.

My plan: Modify the APK files and reload them onto my android to accept my own SSL ca. I believe this can be achieved by simply modifying/adding xml files.

Problem: How do I configure android studio to load the many APK files onto my android. I can get it to install one APK file, but this doesn't work.

Edit1: Replace 'cert' with 'ca' for clarity.

Answer 1

Putting in your own cert won't work. The encrypted traffic will be encrypted with the public key of the server when going to the server, and the app wil make a random one for traffic coming back. Adding an SSL cert won't effect outgoing traffic, unless you're also going to man in the middle attack it.

Probably the easiest way to do this is the compile a custom AOSP that replaces the networking libraries with versions that also log to a file. Let the traffic go through as normal, but let the SSL lib decrypt it for us and read the results directly from that.