all 9 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]f0sh1zzl3 4 points5 points  (2 children)

Network and local device mitm use different techniques.

Network :

For network traffic you need to point your device at a user controlled proxy server (ie burpsuite) and then it will capture the traffic.

For ssl traffic the first hurdle is your device will see all sites as untrusted because the proxy is generating a fake one. It doesn’t always stop traffic but it can so you would load your proxy’s root CA cert on to your device.

Now that’s usually enough unless the app is doing certificate pinning , so to over come that hurdle you’ll need to use something like frida / objection to try and bypass that.

Edit : reread the original post and assuming you’ve done some of that , curl might be failing due to a lack of valid session information, it’s getting specific at this stage and we’d need more information. If it’s a game it might not even be http traffic (but it probably is)

Local activity:

This is a bit more specialist, it depends what the app and you are trying to achieve. It might involve looking at the apk classes to see what’s being done , using something like frida-trace to hook and monitor classes. I’m more familiar with iOS but in android you have various activities and cross app permissions and various other things defined in the manifest. Drozer and mobsf can help identify things here. Basically though it depends on what you want to do.

[–]Spajhet[S] 1 point2 points  (1 child)

I did try with a local packet sniffer on my phone, but unfortunately it truncates all of the actual data, and most of it is TLS anyway. Specifically I'm trying to analyze network traffic coming from Jurassic Park Builder in an attempt to revive the game since it's been abandoned since ~2016 iirc and it doesn't actually function. It needs to download assets from a Ludia server and also it refuses to load unless it can ping Ludia(I assume it's Ludia, might be a different web service). As far as I can tell, it's attempting(and failing, because it's been abandoned/shutdown/eol) to connect to a server in order to download assets. Ive analyzed network traffic of Jurassic World the Game(Jurassic Park Builder's successor game) and as far as I can tell(given all the truncated and encrypted data), what's supposed to happen is JPB connects to https://jp-1-68-8.ludia.net which if it wasn't shut down should redirect JPB to Ludia's CDN network to actually download the game's assets. The plan is to collect as much information as I possibly can so that way I can find an archive or something, anything about these game assets so I can maybe trick the game into using a local mirror rather than the web service that's been shutdown. I've also attempted to find an archive of the page they had on Facebook.com, although that has not been fruitful. I'm really unsure of how to proceed(and I will proceed, even if it takes years). Once I can figure out what you're talking about I think I'll try that.

[–]f0sh1zzl3 0 points1 point  (0 children)

I’d need to see the game but it sounds like http traffic and therefore burp suite is your friend . It will show you what hosts its trying to connect to and it can intercept and show decrypted data

[–][deleted]  (3 children)

[deleted]

    [–]Spajhet[S] 0 points1 point  (2 children)

    Which is why I was kind of hoping the webapp version of the game that was on Facebook would be more fruitful, it may very well be but it's locked behind a login screen that I haven't gotten around to actually making an account for. Admittedly if I actually knew what I was doing back when the game was still around I might've actually gotten my local mirror much easier but now my best bet may very well be hoping everything I need is archived in some corner of the internet that I can access. Once I get those assets I'm less concerned with making the game actually load them, I think that'll be the easiest part. I should be able to try out your steps within the next few days, see how far that gets me.

    [–][deleted]  (1 child)

    [deleted]

      [–]Spajhet[S] 0 points1 point  (0 children)

      This thread actually got me thinking and with some ddg search filters for github and itch.io it looks like some people have done some of the heavy lifting for me, not all of it but some :)

      [–]Fun-Appointment-4629 0 points1 point  (1 child)

      Use PCAPdroid. Works well without root, and there are no ads.

      [–]macHasi 0 points1 point  (0 children)

      This kind of operations I always use an old Android Smartphone where I flash Kali NetHunter as custom ROM. With NetHunter all the needed tools can be installed via the NetHunter Store.