Some corrections + additions:
We think we are wrong about the certificate pinning part, we can still see requests made by the app but they get blocked by the server if using an http inspector tool. Something else is going on.
Our rabbit reponses are currently REALLY slow, mine…
Guess who’s back on android phones? That’s right! Our little rabbit friend!
We have fought through:
⁃ “IMEI checks”
We discovered these literally don’t exist and you still can just use any string as IMEI
⁃ Other header checks
These are obfuscated across a few files and even…
65
188
2K
2
0
30
Replies
@MarcelD505
I've seen that on some other apps. It's because the proxy app uses a different certificate and the app can detect that.
2
0
2
@MarcelD505
I doubt they took the time to add cert pinning. Lemme see if I can sniff the traffic...
0
0
0