Mitmproxy – Open-source console-based proxy

I don't understand how this can be faster or more friendly than using Burp.

Would you mind sharing an example flow?

I'd say, it's not just a web based interface, it also is a console.

Even without certificate pinning, starting with Android 7, you must decompile the app to allow user provided certificates. Or use an xposed module if you have a rooted device.

See this mitmproxy bug: https://github.com/mitmproxy/mitmproxy/issues/2054

And this tool is nice to automate decompiling, adding the line in the manifest to be able to use user-installed certificates, and recompiling: https://github.com/levyitay/AddSecurityExceptionAndroid

Also, if the app uses Google signin, you have to be rooted, because play services uses the package manager to check the app signer before giving the app a token.

Same here, mitmproxy was always the goto tool, but many apps now use certificate pinning, which stops it cold.

I was recently wishing for a "Jailbroken Mobile Testing Tool", similar to Sauce Labs or BrowserStack but with jailbroken mobiles -- i.e. a cloud-based service allowing you to remotely control a mobile phone through a web interface. Would that be interesting to have?

This service would allow you to load an app from the App Store / Google Play, and then interact with it while logging all network connections (in tcpdump/wireshark/HAR/etc. format). The controlled mobiles would be jailbroken and have tools like SSL kill switch (as mentioned by @bitexploder in another comment) installed by default.

(Going further: the same tool would allow you to download the phone's storage as a zip archive for further analysis)

It's been a while, but when I have been reversing android apps with certificate pinning in the past, I had the most luck with decompiling the apk with apktool, removing the certificate pinning in the samli bytecode, then recompiling and signing the apk again.

For iOS, I know there are jailbreak cydia tweaks that try to disable certificate pinning, but I have no experience with this.

For iOS, you can try to install SSL Killswitch on a jailbroken iPhone (https://github.com/nabla-c0d3/ssl-kill-switch2)

A custom Xposed module should work for Android, and Cydia Substrate could work for iOS.

I'd also love to know if there's a solution for this problem!

what kind of problems?

Mitmproxy is nice, but I think dev tools have become alot better, I discovered that because my standard work horse Chrome+Wireshark is very fincky with SSL:

    SSLKEYLOGFILE=$HOME/ssl_crt_dbg google-chrome --user-data-dir=TEMPUSER

Then you configure wireshark SSL decoding with with pre master key file as "ssl_crt_dbg", it fails too often for me.

Now days I use remote-debugging and Python a lot:

  $ google-chrome --remote-debugging-port=9222

  import PyChromeDevTools
  chrome = PyChromeDevTools.ChromeInterface(host="localhost", port=9222)
  chrome.Network.enable()
  while True:
     print chrome.wait_message(timeout=0.1)

But the simplicity of a Mitmproxy is almost as great as wireshark.

Oh my gosh... don't get me started on NTLM. Chrome Network Tools doesn't expose it at all, so the proxy was a lifesaver in our case.

We've shifted to using https://github.com/joeferner/node-http-mitm-proxy as a part of WrapAPI Proxy (https://wrapapi.com/proxy), which is a zero-install proxy in the style of mitmproxy and Charles.

The node proxy is really great in that it's fully extensible, allows you to generate certificates, and filter/save the kinds of traffic you get to simple JSON structures. We've found it to be a huge boon in development, but it's clearly inspired by mitmproxy (which predates node), so credit where it's due.

Mitmproxy dev here - please feel free to file a bug on GitHub if you have a reproducible example where we fail. :)

how do disable certificate pinning on iOS?