httptoolkit icon indicating copy to clipboard operation
httptoolkit copied to clipboard
verified publisher icon httptoolkit

[Bug]: Intercepting with Android Device via ADB does not work with Firefor and some other apps.

Open danielrzad opened this issue 1 year ago • 7 comments

Has this been reported before?

  • [X] I have checked for existing reports of this issue

Repro steps

  1. Launch Android emulator of your choice.
  2. Choose Intercepting with Android Device via ADB.
  3. Launch Firefox and try to visit any website
  4. You will see this: Screenshot 2024-09-04 131539

How often does this bug happen?

Every time

The desktop OS you're using

Windows 10

Details of other apps/devices

No response

Error screenshot

image

Any other info?

I've tried with Intercepting with this method with Android Studio, Bluestacks and Windows Subsystem for Android. None of these worked.

danielrzad avatar Sep 04 '24 11:09 danielrzad

Firefox is special unfortunately, and does it's own unique thing that ignores the rest of the system. It's still possible to do this though, you just need to manually install the certificate in Firefox. If you follow the instructions in the docs here do those work for you?

I haven't checked it in a while, so it's possible the UX has changed slightly but it should definitely be possible to install a CA cert manually in Firefox somehow.

pimterry avatar Sep 04 '24 11:09 pimterry

I installed the certificate and enabled user-installed certificate support in Firefox through the secret menu, but it didn’t help, and the problem persists.

To be honest, I don’t care about intercepting Firefox specifically, but about another application. However, that application behaves exactly the same way as Firefox. As soon as I start monitoring network traffic, the application blocks all traffic just like Firefox does.

image

danielrzad avatar Sep 04 '24 12:09 danielrzad

For Firefox, I'm not sure but last time I looked that toggle didn't work - you needed to actually install the CA into Firefox's certificate store. As long as you've installed that correctly this should work - if it doesn't, that's really a Firefox bug, that's intentional functionality that they've designed for this use case. I've never seen that myself though, so I'd be quite surprised.

What is the other app? That's likely a very different question to Firefox (which is a very unique case - they are the only app I'm aware of that ships their own totally independent certificate store and TLS implementation).

Do you have a user certificate installed, or a system certificate? This should be shown in the HTTP Toolkit android app while it's connected.

Are any other apps intercepted on your device correctly, or is it broken for all apps?

If you have a system certificate installed and an occasional rare app isn't trusting HTTP Toolkit for traffic, that generally means it's actively resisting intercepting using certificate pinning. You'll need to use Frida to disable this - either using the built-in interception option in HTTP Toolkit, or manually with https://httptoolkit.com/blog/frida-certificate-pinning/. In either case that's a best-effort approach, so you may need to do manual reverse engineering to handle some edge cases (see https://httptoolkit.com/blog/android-reverse-engineering/).

pimterry avatar Sep 04 '24 13:09 pimterry

The other app I'm truly interested in is MagisTV (https://magistv.la/).

Regarding certificates, I tried two methods:

  1. Installation via HTTP Toolkit, where the certificate is installed as a system certificate.
  2. Manual installation, where the certificate is installed as a user certificate. Both did not work.

Other apps work without any issues. I tested Chrome and another IPTV client.

When I try to use interception through Frida, I encounter a different error: image

danielrzad avatar Sep 04 '24 14:09 danielrzad

Ok, that error means that the proxy configuration is working, and the certificate is trusted (otherwise the hostname would not be visible at all) so your configuration is correct. The error here is just because the app is trying to make a request to a hostname that doesn't exist. What's the hostname that's failing?

To be honest, this is not super unusual, there's plenty of apps that do this for all sorts of reasons (bugs, weird configuration issues, network behaviour tests, all sorts of things). Alternatively though, it could a DNS problem. It's hard to be sure, but it's not likely to be a major concern.

If you're still having issues, that probably means there are some other problems. If you see any "Certificate rejected" or "Connection reset" rows for example, this normally means certificate pinning that isn't defeated automatically. In that case, you'll need to do your own reverse engineering to dig into this, I've written an article about that here: https://httptoolkit.com/blog/android-reverse-engineering/

pimterry avatar Sep 06 '24 15:09 pimterry

First of all, I want to thank you for your ongoing support.

To be honest, it seems to me that the app somehow detects that the network traffic is being traced and is cutting off Internet access or something similar. The hostnames that are failing are: www.fadfadadfadfadfadfafdaaddfd1.net and www.abbadfafdafdadfsadadfadfada2.net.

image

They should be responsible for authenticating the user.

These hostnames should be responsible for authenticating the user.

I've also tried to manually attach Frida and run the SSL unpinning script, but the app seems to detect Frida and closes itself automatically when I attempt to attach Frida.

If you have any other ideas or methods to try, please let me know. I would be really grateful.

danielrzad avatar Sep 06 '24 16:09 danielrzad

I don't have a solution, but I'm pretty sure those hostnames are not supposed to work - they definitely don't exist. If the app is normally making requests to them, I'm sure they're failing in the same way.

pimterry avatar Sep 09 '24 07:09 pimterry