└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Intercept-Flutter-Apps
 2 | # Intercepting traffic on Android and iOS Flutter applications
 3 | 
 4 | 
 5 | ## Android:
 6 | 
 7 | 
 8 | **1. ProxyDroid:**
 9 | - First and easiest way is using the **ProxyDroid** application and set up the proxy settings on it. The application can be found on Play Store.
10 | - In Host: insert the local IP address of the machine that hosts Burpsuite (if a VM, set it in bridge and find the IP with `ifconfig` -> eth0).
11 | - Port: `8080` (or whatever port is set up on Burp listener)
12 | - Proxy Type: `HTTP`
13 | - Enable Global Proxy (this setting needs root permission).
14 | - From Burp: enable a listener on all interfaces on port 8080, and enable invisible proxy (Proxy settings -> edit listener -> Request handling -> flag Support invisible proxying)
15 | - Once you enable the proxy on the application, you can intercept HTTP requests of your Flutter app.
16 | 
17 | - ## iOS:
18 | 
19 | **1. OpenVPN :**
20 | 
21 | Intercepting HTTP connections on iOS is more complicated since you can't use iptables on the device. Instead, you can use OpenVPN and run a VPN server on your Kali machine, connecting the iOS device to the VPN.
22 | 
23 | 1. Run the following commands on Kali:
24 |     ```shell
25 |     wget https://git.io/vpn -O openvpn-install.sh
26 |     sed -i "$(($(grep -ni "debian is too old" openvpn-install.sh | cut  -d : -f 1)+1))d" ./openvpn-install.sh
27 |     chmod +x openvpn-install.sh 
28 |     sudo ./openvpn-install.sh
29 |     ```
30 |    - Options:
31 |      - Which IPv4 address should be used? [choose your local IP address]
32 |      - This server is behind NAT. What is the public IPv4 address or hostname? Public IPv4 address / hostname [still you local IP address]
33 |      - Which protocol should OpenVPN use? 1 [UDP]
34 |      - What port should OpenVPN listen to? Port [1194]: 1194
35 |      - Select a DNS server for the clients: 3 [I personally chose 1.1.1.1]
36 |      - Enter a name for the first client: [choose a name]
37 | 
38 | 
39 | 2. Confirm the setup by running `ifconfig` and observing the addition of a `tun0` interface.
40 | 
41 | 3. Start the OpenVPN service with `sudo service openvpn start`.
42 | 
43 | 4. To install the OpenVPN client on iPhone, start a Python HTTP server in the client folder (/root by default):
44 |     ```shell
45 |     sudo python3 -m http.server 8080 --directory /root/
46 |     ```
47 |    - Navigate to *kalilocalip*:8080 on your iPhone with a browser and download the `.ovpn` file.
48 | 
49 | 5. Open the file in the download folder with the OpenVPN app and add the configuration. Connect to the VPN.
50 | 
51 | 6. You can navigate, but to intercept requests, set rules with iptables on Kali:
52 |     ```shell
53 |     sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.131 <KalilocalIPaddress>
54 |     ```
55 |     
56 |    - Intercept requests with Burp on port 443 and enable invisible proxy from the proxy settings.
57 | 
58 | 


--------------------------------------------------------------------------------