Android app research

Hello there!

I have a few android apks that use https to relay data to an api endpoint. Is it possible to see what is being sent if you send it a spoofed DNS record for the domain and redirect it to your own server? The app is installed on an emulator where I can install my own spoofed root CA certs too so in theory I should be able see what is hidden by TLS. Am I missing something here or would this be feasable?

submitted by /u/HateSucksen
[link] [comments]

from hacking: security in practice https://ift.tt/D9py50S

Comments