I have all kinds of things Set up my CA. I have it with root (magic) installed on the system So most apps use this by default. For MITM I have a file intermediate salad A setup (literally called “getting hacked” or something) so I don’t have to put the root key pair everywhere.
Then I set up a WiFi network on my laptop through which I send all HTTP(S) traffic metembroxi strength, but to make things easier, I also set up a proxy on the system so the apps can handle the setup in a more friendly way. In addition, I throw Wireshark Open to make sure no other traffic has leaked in the past.
For the latter applications that always refuse to support my CA (mostly because installation certificate, which I’m very happy with for safety’s sake) I use it Frida With a script to disable certificate validation in annoying apps (eg this But every now and then I have to pick some other script from the web because the apps work differently).
After this setup, just open all the apps one by one and tap around, and see if I see anything crazy going on. Then of course leave the phone for a while to see if something negative didn’t happen, even though I usually don’t go more than an hour.
It is not a perfect solution especially applications with original components that can sometimes cause problems, but you catch most of the trackers and spyware using them. Anyway, I see Xiaomi traffic.
Last time (a few months ago) I basically saw a lot of Google trackers, Facebook, Twitter and one or two Xiaomi domains that I haven’t blocked yet in Pihole. There’s an app here and there that, despite my permission being denied, still contains Crashlythics and the like, so I removed it after leaving a bad review. Then I also fixed the system update tool (there was an accidentally Xiaomi firmware update domain in the Pihole, oops!) but “luckily” there was no update available anyway.
[Reactie gewijzigd door GertMenkel op 27 december 2021 15:06]