├── .gitignore ├── modules ├── __init__.py ├── __pycache__ │ ├── __init__.cpython-310.pyc │ ├── banners.cpython-310.pyc │ ├── logging.cpython-310.pyc │ └── netgaze.cpython-310.pyc ├── logging.py ├── banners.py └── netgaze.py ├── main.py ├── requirements.txt ├── certificate ├── mitmproxy-ca.pem └── mitmproxy-ca-cert.cer.crt ├── README.md └── DOCS ├── SETUP.md └── FRIDA.md /.gitignore: -------------------------------------------------------------------------------- 1 | venv/ -------------------------------------------------------------------------------- /modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/__pycache__/__init__.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThatNotEasy/NetGaze/HEAD/modules/__pycache__/__init__.cpython-310.pyc -------------------------------------------------------------------------------- /modules/__pycache__/banners.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThatNotEasy/NetGaze/HEAD/modules/__pycache__/banners.cpython-310.pyc -------------------------------------------------------------------------------- /modules/__pycache__/logging.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThatNotEasy/NetGaze/HEAD/modules/__pycache__/logging.cpython-310.pyc -------------------------------------------------------------------------------- /modules/__pycache__/netgaze.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ThatNotEasy/NetGaze/HEAD/modules/__pycache__/netgaze.cpython-310.pyc -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | from modules.netgaze import NETGAZE 2 | from modules.banners import banners 3 | 4 | if __name__ == "__main__": 5 | banners() 6 | netgaze = NETGAZE() 7 | netgaze.check_device() 8 | netgaze.convert_cert() 9 | netgaze.setup_proxy() -------------------------------------------------------------------------------- /modules/logging.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from colorama import Fore, Style, init 3 | 4 | init() 5 | 6 | def setup_logging(): 7 | log = logging.getLogger(f"{Fore.YELLOW}[+] {Fore.RED}NetGaze {Fore.YELLOW}[+]{Style.RESET_ALL}") 8 | log.setLevel(logging.INFO) 9 | console_handler = logging.StreamHandler() 10 | console_handler.setLevel(logging.INFO) 11 | formatter = logging.Formatter( 12 | f"{Fore.GREEN}%(asctime)s{Style.RESET_ALL} - " 13 | f"{Fore.CYAN}%(levelname)s{Style.RESET_ALL} - " 14 | f"{Fore.WHITE}%(message)s{Style.RESET_ALL}" 15 | ) 16 | console_handler.setFormatter(formatter) 17 | log.addHandler(console_handler) 18 | return log -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | aioquic==1.2.0 2 | asgiref==3.8.1 3 | attrs==25.3.0 4 | blinker==1.9.0 5 | Brotli==1.1.0 6 | certifi==2025.1.31 7 | cffi==1.17.1 8 | click==8.1.8 9 | colorama==0.4.6 10 | cryptography==44.0.2 11 | Flask==3.1.0 12 | h11==0.14.0 13 | h2==4.1.0 14 | hpack==4.1.0 15 | hyperframe==6.0.1 16 | itsdangerous==2.2.0 17 | Jinja2==3.1.6 18 | kaitaistruct==0.10 19 | ldap3==2.9.1 20 | MarkupSafe==3.0.2 21 | mitmproxy==11.0.2 22 | mitmproxy-windows==0.10.7 23 | mitmproxy_rs==0.10.7 24 | msgpack==1.1.0 25 | passlib==1.7.4 26 | publicsuffix2==2.20191221 27 | pyasn1==0.6.1 28 | pyasn1_modules==0.4.1 29 | pycparser==2.22 30 | pydivert==2.1.0 31 | pylsqpack==0.3.19 32 | pyOpenSSL==24.3.0 33 | pyparsing==3.2.0 34 | pyperclip==1.9.0 35 | ruamel.yaml==0.18.6 36 | ruamel.yaml.clib==0.2.12 37 | service-identity==24.2.0 38 | sortedcontainers==2.4.0 39 | tornado==6.4.2 40 | typing_extensions==4.11.0 41 | urwid==2.6.16 42 | wcwidth==0.2.13 43 | Werkzeug==3.1.3 44 | wsproto==1.2.0 45 | zstandard==0.23.0 46 | -------------------------------------------------------------------------------- /certificate/mitmproxy-ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDNTCCAh2gAwIBAgIULRCg0SmfOpOM00rSJPCA3oGQuj8wDQYJKoZIhvcNAQEL 3 | BQAwKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAltaXRtcHJveHkwHhcN 4 | MjQxMTA2MDAzOTUzWhcNMzQxMTA2MDAzOTUzWjAoMRIwEAYDVQQDDAltaXRtcHJv 5 | eHkxEjAQBgNVBAoMCW1pdG1wcm94eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC 6 | AQoCggEBAL5wv7RVQaY1SYM+pZ0ug8S+HkN0HadVGQKey4uos7/HqDT3ZECmLTnp 7 | QeaJ+nGBXRDIwkdBh/gsQ3nyG7oLn+4HkoQjWbvCm+CFVbAijpgSTsoQMddjUEQc 8 | PIg0nBB6d6ckYW3gHFDENPCJJUq40TJJJXmG6exkEaMdrfuy6bTu1lkjiUohxqD5 9 | /lVV2PFi+IzhfaYqgvB5JOIUlRggIortZFN0S2BWVxumO4RtSjZGLi4b3Sa9bLe6 10 | 3Rr72T6QFi3QarLN9ZDds1OztcIklGwNXtTiGZVBIepZIPRzuco2B1ciDa/j84Sd 11 | v8M4916vwOnPGEkSxayO9eA84adWla0CAwEAAaNXMFUwDwYDVR0TAQH/BAUwAwEB 12 | /zATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE 13 | FN+PbsCppOXK9se+kbQKrbrr1pE7MA0GCSqGSIb3DQEBCwUAA4IBAQAoTN5sTyji 14 | 1G3jeg8h06KrQuBtd1wANCRmdZKxm3DUoZ7G6MPgYZjv8rKGWMb9538Y/BCgb1Xj 15 | yw6384oluNeCcMGVAL3lnRCPZxiRDZcqloIn0IPUPNYQZwfBr4bQ6pAeiKQ0TyUi 16 | nLbGjHshtR+9hcf4Ygbiwwrr8l6zxe8wbtmN9q7Mgodeqjdc+UY+CM0I5Y02Jx3/ 17 | h90/e7zWqNeawgH/8pRtxgytKPKo6qsvUliIUJubu4FxsCnKZ5V33z+Ee4jhP55d 18 | OEIrN61RHm0kFiU8d4TTurAfoCOs46TsgfWkyEPdHNHSw44hxhBwy+62BMDeIQkD 19 | NXY5+V5dkZMY 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /certificate/mitmproxy-ca-cert.cer.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDNTCCAh2gAwIBAgIULRCg0SmfOpOM00rSJPCA3oGQuj8wDQYJKoZIhvcNAQEL 3 | BQAwKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAltaXRtcHJveHkwHhcN 4 | MjQxMTA2MDAzOTUzWhcNMzQxMTA2MDAzOTUzWjAoMRIwEAYDVQQDDAltaXRtcHJv 5 | eHkxEjAQBgNVBAoMCW1pdG1wcm94eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC 6 | AQoCggEBAL5wv7RVQaY1SYM+pZ0ug8S+HkN0HadVGQKey4uos7/HqDT3ZECmLTnp 7 | QeaJ+nGBXRDIwkdBh/gsQ3nyG7oLn+4HkoQjWbvCm+CFVbAijpgSTsoQMddjUEQc 8 | PIg0nBB6d6ckYW3gHFDENPCJJUq40TJJJXmG6exkEaMdrfuy6bTu1lkjiUohxqD5 9 | /lVV2PFi+IzhfaYqgvB5JOIUlRggIortZFN0S2BWVxumO4RtSjZGLi4b3Sa9bLe6 10 | 3Rr72T6QFi3QarLN9ZDds1OztcIklGwNXtTiGZVBIepZIPRzuco2B1ciDa/j84Sd 11 | v8M4916vwOnPGEkSxayO9eA84adWla0CAwEAAaNXMFUwDwYDVR0TAQH/BAUwAwEB 12 | /zATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE 13 | FN+PbsCppOXK9se+kbQKrbrr1pE7MA0GCSqGSIb3DQEBCwUAA4IBAQAoTN5sTyji 14 | 1G3jeg8h06KrQuBtd1wANCRmdZKxm3DUoZ7G6MPgYZjv8rKGWMb9538Y/BCgb1Xj 15 | yw6384oluNeCcMGVAL3lnRCPZxiRDZcqloIn0IPUPNYQZwfBr4bQ6pAeiKQ0TyUi 16 | nLbGjHshtR+9hcf4Ygbiwwrr8l6zxe8wbtmN9q7Mgodeqjdc+UY+CM0I5Y02Jx3/ 17 | h90/e7zWqNeawgH/8pRtxgytKPKo6qsvUliIUJubu4FxsCnKZ5V33z+Ee4jhP55d 18 | OEIrN61RHm0kFiU8d4TTurAfoCOs46TsgfWkyEPdHNHSw44hxhBwy+62BMDeIQkD 19 | NXY5+V5dkZMY 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /modules/banners.py: -------------------------------------------------------------------------------- 1 | import os 2 | from sys import stdout 3 | from colorama import Fore, Style 4 | 5 | def clear_terminal(): 6 | os.system('cls' if os.name == 'nt' else 'clear') 7 | 8 | def banners(): 9 | clear_terminal() 10 | stdout.write(" \n") 11 | stdout.write(""+Fore.LIGHTRED_EX +"███╗ ██╗███████╗████████╗ ██████╗ █████╗ ███████╗███████╗ \n") 12 | stdout.write(""+Fore.LIGHTRED_EX +"████╗ ██║██╔════╝╚══██╔══╝██╔════╝ ██╔══██╗╚══███╔╝██╔════╝\n") 13 | stdout.write(""+Fore.LIGHTRED_EX +"██╔██╗ ██║█████╗ ██║ ██║ ███╗███████║ ███╔╝ █████╗\n") 14 | stdout.write(""+Fore.LIGHTRED_EX +"██║╚██╗██║██╔══╝ ██║ ██║ ██║██╔══██║ ███╔╝ ██╔══╝\n") 15 | stdout.write(""+Fore.LIGHTRED_EX +"██║ ╚████║███████╗ ██║ ╚██████╔╝██║ ██║███████╗███████╗\n") 16 | stdout.write(""+Fore.LIGHTRED_EX +"╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚══════╝\n") 17 | stdout.write(""+Fore.YELLOW +"═════════════╦═════════════════════════════════╦══════════════════════════════\n") 18 | stdout.write(""+Fore.YELLOW +"╔════════════╩═════════════════════════════════╩═════════════════════════════╗\n") 19 | stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"AUTHOR "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" PARI MALAM "+Fore.YELLOW+"║\n") 20 | stdout.write(""+Fore.YELLOW +"╔════════════════════════════════════════════════════════════════════════════╝\n") 21 | stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"GITHUB "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" GITHUB.COM/THATNOTEASY "+Fore.YELLOW+"║\n") 22 | stdout.write(""+Fore.YELLOW +"╚════════════════════════════════════════════════════════════════════════════╝\n") 23 | print(f"{Fore.YELLOW}[NetGaze] - {Fore.GREEN}Capturing non-root android devices with mitm - {Fore.RED}[V1.0] \n{Fore.RESET}") 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NetGaze 2 | 3 | **NetGaze** is a powerful yet lightweight tool designed to capture and analyze network traffic on Android devices without requiring root access. Built using **mitmproxy** and **ADB**, NetGaze provides a seamless way to monitor, log, and inspect HTTP/HTTPS traffic in real-time. 4 | 5 | --- 6 | 7 | ## Features 8 | 9 | - 🚀 **Non-Root Capture**: Capture network traffic on Android devices without the need for root privileges. 10 | - 🔒 **HTTPS Support**: Decrypt and inspect HTTPS traffic using **mitmproxy**. 11 | - 📊 **Real-Time Monitoring**: View live network traffic with detailed information about requests and responses. 12 | - 📂 **Traffic Logging**: Save captured traffic to a file for offline analysis. 13 | - 🛠️ **Developer-Friendly**: Easily debug and analyze network behavior of your Android apps. 14 | - 🌐 **Multi-Protocol Support**: Monitor HTTP, HTTPS, DNS, and other common protocols. 15 | - 📱 **Lightweight**: Minimal impact on device performance and battery life. 16 | 17 | --- 18 | 19 | ## Use Cases 20 | 21 | - **App Development**: Debug and optimize network requests in your Android apps. 22 | - **Security Auditing**: Inspect network traffic for potential vulnerabilities or data leaks. 23 | - **Privacy Monitoring**: Track which apps are sending data and where it's being sent. 24 | - **Educational Purposes**: Learn about network protocols and how data is transmitted over the internet. 25 | 26 | --- 27 | 28 | ## How It Works 29 | 30 | NetGaze uses **mitmproxy** as a man-in-the-middle (MITM) proxy to capture and analyze network traffic. The tool leverages **ADB** to configure the Android device to route traffic through the proxy without requiring root access. Here's a high-level overview: 31 | 32 | 1. **mitmproxy** acts as an intermediary between the Android device and the internet. 33 | 2. **ADB** is used to set up the device's network settings to route traffic through the proxy. 34 | 3. NetGaze provides a user-friendly interface to start/stop capturing, view live traffic, and export logs for further analysis. 35 | 36 | --- 37 | 38 | ## Screenshot 39 | - ![image](https://github.com/user-attachments/assets/29dc5836-6d4d-4df8-8da8-05e4206779bd) 40 | 41 | 42 | ## Getting Started 43 | 44 | ### Prerequisites 45 | 46 | - Android device running Android 5.0 (Lollipop) or higher. 47 | - Python 3.x installed on your computer. 48 | - **mitmproxy** installed (`pip install mitmproxy`). 49 | - **ADB** installed and configured on your computer. 50 | - Basic knowledge of Android development and networking. 51 | -------------------------------------------------------------------------------- /DOCS/SETUP.md: -------------------------------------------------------------------------------- 1 | # 📡 Capture Network Traffic on Android with mitmproxy 2 | 3 | This guide will help you capture network traffic on an **Android device** using **mitmproxy** without root access while bypassing **SSL encryption (HTTPS interception)**. 4 | 5 | --- 6 | 7 | ## 🛠️ Requirements 8 | Before getting started, ensure you have the following: 9 | 10 | - 📱 **Android device** (no root required) 11 | - 💻 **PC/Laptop** with **mitmproxy installed** 12 | - 🌐 **Same WiFi network** for both Android and PC 13 | - 🐍 **mitmproxy**, install it via: 14 | 15 | ```bash 16 | pip install mitmproxy 17 | ``` 18 | 19 | --- 20 | 21 | ## 🔁 Steps 22 | 23 | ### 1️⃣ Run mitmproxy on Your PC 24 | Open a terminal and run one of the following commands: 25 | 26 | Without GUI: 27 | ```bash 28 | mitmproxy --mode transparent --listen-port 8080 29 | ``` 30 | With GUI (optional): 31 | ```bash 32 | mitmweb --listen-port 8080 33 | ``` 34 | 35 | --- 36 | 37 | ### 2️⃣ Configure Android to Use Proxy 38 | 39 | 1. Connect your Android device to the **same WiFi network** as your PC. 40 | 2. Go to **WiFi Settings** > **Edit network** > **Advanced Options**. 41 | 3. Set up the proxy manually: 42 | - **Proxy hostname**: Enter your **PC's IP address** 43 | - **Proxy port**: `8080` 44 | 45 | --- 46 | 47 | ### 3️⃣ Install mitmproxy Certificate on Android 48 | 49 | 1. Open a browser on your Android device and visit: 50 | ``` 51 | http://mitm.it 52 | ``` 53 | 2. Select **Android** and download the certificate (`mitmproxy-ca-cert.pem`). 54 | 3. Rename the file to: 55 | ``` 56 | mitmproxy-ca-cert.crt 57 | ``` 58 | 4. Install the certificate: 59 | - **Go to Settings** > **Security** > **Encryption & credentials** 60 | - Select **Install a certificate** > **CA certificate** 61 | - Choose the file `mitmproxy-ca-cert.crt` 62 | 63 | > ⚠ **Note:** 64 | > Android will display a warning: **"Your network may be monitored"**. 65 | > This alone is **not enough to bypass SSL pinning**, only for apps that do not enforce SSL pinning. 66 | 67 | --- 68 | 69 | ## 🛑 Bypassing SSL Pinning (Without Root) 70 | 71 | Bypassing **SSL Pinning** cannot be done with **mitmproxy alone**. You need **Frida** or other tools. 72 | 73 | ### 🔹 Option A: Using Frida (No Root) 74 | 1. **Install Frida on your PC**: 75 | ```bash 76 | pip install frida-tools 77 | ``` 78 | 2. **Use Frida Gadget** (since root access is unavailable): 79 | - **Repack the target APK** 80 | - **Inject Frida Gadget** 81 | - **Run the modified app** 82 | - **Hook SSL pinning** 83 | 84 | 3. **Execute the bypass SSL Pinning script**: 85 | ```bash 86 | frida -U -n com.target.app -l bypass-ssl.js 87 | ``` 88 | You can find example `bypass-ssl.js` scripts on GitHub. 89 | 90 | --- 91 | 92 | ### 🔹 Option B: Repack APK and Remove SSL Pinning 93 | This method involves decompiling the APK, modifying the code, and re-signing the APK. 94 | 95 | **Required tools:** 96 | - 🛠️ **apktool** (for decompiling the APK) 97 | - ✍ **Smali/Java editor** (to remove SSL pinning) 98 | - 🔄 **Zipalign & apksigner** (to re-sign the APK) 99 | 100 | > ⚠ **Limitations:** 101 | > - Some apps use **strong certificate pinning**, causing them to crash if SSL pinning is removed. 102 | > - **Banking & streaming apps** are typically harder to bypass without root. 103 | 104 | --- 105 | 106 | ## ✅ Recommendations 107 | - Test this method on **apps that do not enforce SSL pinning** first. 108 | - For easier bypassing, use an **Android emulator (AVD, Genymotion) + Xposed + SSLUnpinning module** (though emulators are considered semi-rooted). 109 | 110 | --- 111 | 112 | ## ⚠ Disclaimer 113 | This guide is intended **for educational & debugging purposes only**. **Do not use it for illegal activities!** 🚨 114 | 115 | --- 116 | -------------------------------------------------------------------------------- /DOCS/FRIDA.md: -------------------------------------------------------------------------------- 1 | # 🔓 Bypass SSL Pinning via Frida Gadget (No Root) 2 | 3 | ### 📦 What is Frida Gadget? 4 | **Frida Gadget** is a version of **Frida** that can be embedded **directly into an APK**, allowing you to bypass SSL pinning without root or `adb shell` access. 5 | 6 | --- 7 | 8 | ## ✨ Steps to Bypass SSL Pinning with Frida Gadget 9 | 10 | ### ✅ 1. Prepare the Tools 11 | 12 | - Install Frida on your PC: 13 | 14 | ```bash 15 | pip install frida-tools 16 | ``` 17 | 18 | - Download Frida Gadget (`.so` file) from 👉 [Frida Releases](https://github.com/frida/frida/releases) 19 | - Choose the **Android ARM** version matching your target device (`frida-gadget-*.so.xz`). 20 | 21 | --- 22 | 23 | ### ✅ 2. Decompile the APK 24 | 25 | ```bash 26 | apktool d app.apk -o app_src 27 | ``` 28 | 29 | --- 30 | 31 | ### ✅ 3. Inject Frida Gadget 32 | 33 | - Extract `frida-gadget.so` and rename it: 34 | 35 | ```bash 36 | mv frida-gadget-*.so libfrida-gadget.so 37 | ``` 38 | 39 | - Create the following folder: 40 | 41 | ```bash 42 | mkdir -p app_src/lib/arm64-v8a/ 43 | ``` 44 | 45 | - Move `libfrida-gadget.so` into that folder: 46 | 47 | ```bash 48 | mv libfrida-gadget.so app_src/lib/arm64-v8a/ 49 | ``` 50 | 51 | --- 52 | 53 | ### ✅ 4. Modify `AndroidManifest.xml` 54 | 55 | Find the `` tag and add: 56 | 57 | ```xml 58 | 59 | ... 60 | 62 | ``` 63 | 64 | This ensures Android loads `libfrida-gadget.so` when launching the app. 65 | 66 | --- 67 | 68 | ### ✅ 5. Rebuild the APK 69 | 70 | ```bash 71 | apktool b app_src -o app_frida.apk 72 | ``` 73 | 74 | --- 75 | 76 | ### ✅ 6. Sign the APK 77 | 78 | Generate a keystore: 79 | 80 | ```bash 81 | keytool -genkey -v -keystore test.keystore -alias testkey -keyalg RSA -keysize 2048 -validity 10000 82 | ``` 83 | 84 | Sign the APK: 85 | 86 | ```bash 87 | jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore test.keystore app_frida.apk testkey 88 | ``` 89 | 90 | --- 91 | 92 | ### ✅ 7. Install the Modified APK 93 | 94 | ```bash 95 | adb install app_frida.apk 96 | ``` 97 | 98 | --- 99 | 100 | ### ✅ 8. Run the App and Hook 101 | 102 | Since Frida Gadget runs in the background, you can now hook into the app: 103 | 104 | ```bash 105 | frida -U -n com.target.app -l bypass-ssl.js 106 | ``` 107 | 108 | --- 109 | 110 | ### 🧠 Sample `bypass-ssl.js` Script 111 | 112 | ```javascript 113 | Java.perform(function () { 114 | var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); 115 | var SSLContext = Java.use('javax.net.ssl.SSLContext'); 116 | 117 | var TrustManager = Java.registerClass({ 118 | name: 'dev.asdf.TrustManager', 119 | implements: [X509TrustManager], 120 | methods: { 121 | checkClientTrusted: function (chain, authType) {}, 122 | checkServerTrusted: function (chain, authType) {}, 123 | getAcceptedIssuers: function () { return []; } 124 | } 125 | }); 126 | 127 | var TrustManagers = [TrustManager.$new()]; 128 | var SSLContextInit = SSLContext.init.overload('[Ljavax.net.ssl.KeyManager;', '[Ljavax.net.ssl.TrustManager;', 'java.security.SecureRandom'); 129 | SSLContextInit.implementation = function (keyManager, trustManager, secureRandom) { 130 | SSLContextInit.call(this, keyManager, TrustManagers, secureRandom); 131 | console.log('[+] SSL Pinning Bypassed'); 132 | }; 133 | }); 134 | ``` 135 | 136 | --- 137 | 138 | # 🛠️ 5. Alternative: Repack APK & Patch SSL Pinning Manually 139 | 140 | If you don’t want to use Frida, you can **manually patch SSL pinning** in the APK source code. 141 | 142 | --- 143 | 144 | ### ✅ Steps: 145 | 146 | #### 1️⃣ Decompile APK 147 | 148 | ```bash 149 | apktool d app.apk -o app_patch 150 | ``` 151 | 152 | #### 2️⃣ Find SSL Pinning Code 153 | 154 | Look for files containing: 155 | - `checkServerTrusted` 156 | - `checkClientTrusted` 157 | - `HostnameVerifier` 158 | - `TrustManager` 159 | 160 | --- 161 | 162 | #### ✅ Example Smali Patch 163 | 164 | Original `checkServerTrusted` function: 165 | 166 | ```smali 167 | .method public checkServerTrusted([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V 168 | .registers 3 169 | invoke... 170 | invoke... 171 | return-void 172 | .end method 173 | ``` 174 | 175 | Modify it to **an empty function**: 176 | 177 | ```smali 178 | .method public checkServerTrusted([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V 179 | .registers 3 180 | return-void 181 | .end method 182 | ``` 183 | 184 | --- 185 | 186 | #### ✅ Rebuild & Sign the APK 187 | 188 | ```bash 189 | apktool b app_patch -o app_nossl.apk 190 | jarsigner -keystore test.keystore app_nossl.apk testkey 191 | ``` 192 | 193 | #### ✅ Install & Run 194 | 195 | ```bash 196 | adb install app_nossl.apk 197 | ``` 198 | 199 | --- 200 | 201 | # 🎯 Conclusion 202 | 203 | | **Method** | **Pros** | **Cons** | 204 | |-----------------|---------------------------------|--------------------------------| 205 | | **Frida Gadget** | No root required, dynamic, powerful | Requires APK injection & resigning | 206 | | **Manual Patch** | No need for Frida, direct patching | Hard if code is obfuscated | 207 | 208 | --- 209 | 210 | ## ⚠ Disclaimer 211 | This guide is intended **for educational & debugging purposes only**. **Do not use it for illegal activities!** 🚨 212 | 213 | --- 214 | -------------------------------------------------------------------------------- /modules/netgaze.py: -------------------------------------------------------------------------------- 1 | from modules.logging import setup_logging 2 | from colorama import Fore, Style, init 3 | from pathlib import Path 4 | import subprocess 5 | 6 | init() 7 | 8 | class NETGAZE: 9 | def __init__(self): 10 | self.logging = setup_logging() 11 | self.host = "127.0.0.1" 12 | self.port = "8000" 13 | self.cert_file = "certificate/mitmproxy-ca-cert.cer.crt" 14 | self.output_file = "certificate/mitmproxy-ca.pem" 15 | 16 | def check_device(self): 17 | self.logging.info(f"{Fore.YELLOW}🔍 Checking connected devices...{Style.RESET_ALL}") 18 | 19 | try: 20 | result = subprocess.run( 21 | ["adb", "devices", "-l"], 22 | stdout=subprocess.PIPE, 23 | stderr=subprocess.PIPE, 24 | text=True 25 | ) 26 | if result.returncode == 0: 27 | device_list = result.stdout.strip().split("\n")[1:] 28 | if device_list: 29 | self.logging.info(f"{Fore.GREEN}📱 Connected devices:{Style.RESET_ALL}") 30 | self.logging.info(f"{Fore.YELLOW}───────────────────────────────────────────────{Fore.RESET}") 31 | for device in device_list: 32 | if device.strip(): 33 | device_info = device.strip().split() 34 | device_id = device_info[0] 35 | device_details = " ".join(device_info[2:]) 36 | self.logging.info(f"{Fore.CYAN}➤ Device : {Fore.WHITE}{device_id}{Style.RESET_ALL}") 37 | self.logging.info(f"{Fore.CYAN}➤ Details : {Fore.WHITE}{device_details}{Style.RESET_ALL}") 38 | self.logging.info(f"{Fore.YELLOW}───────────────────────────────────────────────{Fore.RESET}") 39 | else: 40 | self.logging.warning(f"{Fore.RED}⚠️ No devices found. Please connect an Android device.{Style.RESET_ALL}") 41 | else: 42 | self.logging.error(f"{Fore.RED}❌ ADB command failed: {result.stderr.strip()}{Style.RESET_ALL}") 43 | 44 | except FileNotFoundError: 45 | self.logging.error(f"{Fore.RED}❌ ADB not found. Please ensure ADB is installed and added to your PATH.{Style.RESET_ALL}") 46 | except Exception as e: 47 | self.logging.error(f"{Fore.RED}❌ An error occurred while checking devices: {e}{Style.RESET_ALL}") 48 | 49 | def reverse_proxy(self): 50 | self.logging.info(f"{Fore.YELLOW}🔧 Setting up reverse proxy on port {self.port}...{Style.RESET_ALL}") 51 | try: 52 | result = subprocess.run( 53 | ["adb", "reverse", f"tcp:{self.port}", f"tcp:{self.port}"], 54 | stdout=subprocess.PIPE, 55 | stderr=subprocess.PIPE, 56 | text=True 57 | ) 58 | if result.returncode == 0: 59 | self.logging.info(f"{Fore.GREEN}✅ Reverse proxy set up successfully on port {self.port}.{Style.RESET_ALL}") 60 | else: 61 | self.logging.error(f"{Fore.RED}❌ Failed to set up reverse proxy: {result.stderr.strip()}{Style.RESET_ALL}") 62 | except FileNotFoundError: 63 | self.logging.error(f"{Fore.RED}❌ ADB not found. Please ensure ADB is installed and added to your PATH.{Style.RESET_ALL}") 64 | except Exception as e: 65 | self.logging.error(f"{Fore.RED}❌ An error occurred while setting up reverse proxy: {e}{Style.RESET_ALL}") 66 | 67 | def set_proxy(self): 68 | self.logging.info(f"{Fore.YELLOW}🔧 Setting proxy to {self.host}:{self.port}...{Style.RESET_ALL}") 69 | try: 70 | result = subprocess.run( 71 | ["adb", "shell", "settings", "put", "global", "http_proxy", f"{self.host}:{self.port}"], 72 | stdout=subprocess.PIPE, 73 | stderr=subprocess.PIPE, 74 | text=True 75 | ) 76 | if result.returncode == 0: 77 | self.logging.info(f"{Fore.GREEN}✅ Proxy set successfully to {self.host}:{self.port}.{Style.RESET_ALL}") 78 | else: 79 | self.logging.error(f"{Fore.RED}❌ Failed to set proxy: {result.stderr.strip()}{Style.RESET_ALL}") 80 | except FileNotFoundError: 81 | self.logging.error(f"{Fore.RED}❌ ADB not found. Please ensure ADB is installed and added to your PATH.{Style.RESET_ALL}") 82 | except Exception as e: 83 | self.logging.error(f"{Fore.RED}❌ An error occurred while setting proxy: {e}{Style.RESET_ALL}") 84 | 85 | def clear_proxy(self): 86 | self.logging.info(f"{Fore.YELLOW}🔧 Clearing proxy...{Style.RESET_ALL}") 87 | try: 88 | result = subprocess.run( 89 | ["adb", "shell", "settings", "put", "global", "http_proxy", ":0"], 90 | stdout=subprocess.PIPE, 91 | stderr=subprocess.PIPE, 92 | text=True 93 | ) 94 | if result.returncode == 0: 95 | self.logging.info(f"{Fore.GREEN}✅ Proxy cleared successfully.{Style.RESET_ALL}") 96 | else: 97 | self.logging.error(f"{Fore.RED}❌ Failed to clear proxy: {result.stderr.strip()}{Style.RESET_ALL}") 98 | except FileNotFoundError: 99 | self.logging.error(f"{Fore.RED}❌ ADB not found. Please ensure ADB is installed and added to your PATH.{Style.RESET_ALL}") 100 | except Exception as e: 101 | self.logging.error(f"{Fore.RED}❌ An error occurred while clearing proxy: {e}{Style.RESET_ALL}") 102 | 103 | def convert_cert(self): 104 | try: 105 | if not Path(self.cert_file).exists(): 106 | self.logging.info(f"{Fore.RED}❌ Certificate file '{self.cert_file}' not found.{Style.RESET_ALL}") 107 | return 108 | 109 | subprocess.run( 110 | ["openssl", "x509", "-in", self.cert_file, "-out", self.output_file, "-outform", "PEM"], 111 | check=True 112 | ) 113 | self.logging.info(f"{Fore.GREEN}✅ Certificate converted successfully: {self.output_file}{Style.RESET_ALL}") 114 | 115 | except subprocess.CalledProcessError as e: 116 | self.logging.info(f"{Fore.RED}❌ Failed to convert certificate: {e}{Style.RESET_ALL}") 117 | except Exception as e: 118 | self.logging.info(f"{Fore.RED}❌ An error occurred: {e}{Style.RESET_ALL}") 119 | 120 | def setup_proxy(self): 121 | self.reverse_proxy() 122 | self.set_proxy() 123 | self.logging.info(f"{Fore.GREEN}All has been set, Start capturing now :P") 124 | self.logging.info(f"{Fore.YELLOW}───────────────────────────────────────────────{Fore.RESET}") 125 | 126 | try: 127 | process = subprocess.Popen( 128 | ["mitmweb", "--listen-port", "8000", "--mode", "regular", "--showhost"], 129 | stdout=subprocess.PIPE, 130 | stderr=subprocess.PIPE, 131 | text=True 132 | ) 133 | 134 | while True: 135 | output = process.stdout.readline() 136 | if output == '' and process.poll() is not None: 137 | break 138 | if output: 139 | self.logging.info(output.strip()) 140 | 141 | process.wait() 142 | 143 | except KeyboardInterrupt: 144 | self.logging.info(f"{Fore.YELLOW}🛑 mitmweb stopped by user.{Style.RESET_ALL}") 145 | 146 | except Exception as e: 147 | self.logging.error(f"{Fore.RED}❌ An error occurred while running mitmweb: {e}{Style.RESET_ALL}") 148 | 149 | finally: 150 | self.clear_proxy() 151 | self.logging.info(f"{Fore.GREEN}Proxy has been cleared.{Style.RESET_ALL}") --------------------------------------------------------------------------------