Hi all! I need to make my own lightweight web client of that messenger Viber.
So I need somehow get the way of client-server communication(auth, send message, receive message).
I tried to decompile android apk with apktool but haven’t found anything useful.
Also tried to intercept packages with Wireshark and get encrypted TLS with some hardcoded cert (I think so).
Please, help me with ideas I can try!
1 Like
If you can defeat the cert pinning, you could use something like Burp or Caido to intercept the traffic and go from there.
1 Like
Thank you. it’s a good start. Should I try to replace cert? Maybe you have some articles about that kind of exploits?
So the cert pinning will prevent you from putting your own certificate into the mix, but if you can defeat the cert pinning, you can use the Burp Suite certs to start intercepting traffic. It’s not a guarantee, but a good place to start. If the protocol is something entirely unrelated to HTTP, you may have to take a different approach.
Give this a read and go from there: Installing Burp's CA certificate - PortSwigger
1 Like
1 Like
Thank you! I will try it