Replace outgoing and inbound traffic

[clash098]

It would be awesome if we could have a feature added to the app that you could set rules for certain urls that could redirect to an IP or a different URL. Please consider this as I'm sure many other people would like it!

[emanuele-f]

Please explain the use case

[clash098]

Okay. I'm trying to change some aspects of a game I play on android, it uses attestation token checking which blocks game files from being changed, since if the files are tampered with then the auth won't succeed and the game will crash. In this case I could change aspects of the game by changing the assets that are being sent to the server. There is one API that gets a list of all servers, in there is a config with images, I could redirect this to my own server which could replace the images. This is my reason for needing it but I'm sure there are more important reasons on why this should be added. But please consider it!!! (Love the app btw)

[emanuele-f]

Why not modifying the url returned by the api, to point it to your server, e.g. via Frida? Because if the redirection would be implemented at a network level, you would get a certificated trust error. E.g. if you redirect request from somedomain.com to your server, you have to create a self signed certificate on your server, but Android won't trust it unless you install it as a system certificate (requires root)

[clash098]

How could I implement that correctly? I've looked but not found much that could help me.

[emanuele-f]

I don't have much experience with Frida. For now let's say that you want to go with your first proposed approach, of modifying a network response and you make the app trust your own mitm certificate. In this case, you can create a mitmproxy script to change the URLs of the HTTPS replies, to make them point to your own assets. I suggest you to do the following steps:

1. Install mitmproxy on your PC and set up PCAPdroid to redirect your traffic to it (via the SOCKS5 proxy settings, see here for more details)
2. Make your phone trust the mitmproxy certificate (requires root, see here for more info, "Using a rooted Android device")
3. At this point you should be able to inspect the HTTPS traffic of the app on your pc
4. Now write a mitmproxy script to perform the manipulation that you need, e.g. replace the assets URLs. You can find info online for this
5. (optional) After this works, you can move the mitmproxy script that you wrote to your phone, so that everything runs on your phone. You can find here the info on how to do this
6. After everything works, you can share your mitmproxy script here and we can see how to integrate this function directly in PCAPdroid, as a generic feature

[clash098]

What do I do if I don't have a device that can be rooted?

[emanuele-f]

Without root you can't do much, Android won't trust the mitm certificate, leading to tls certificate errors. The only option without root is apk modding

[clash098]

Well I guess there are no options then because the app uses the meta sdk (Since its running on a virtual reality) which uses integrity checks to validate the apk hasn't been tampered with. Could I maybe do something with my router to route the traffic through somewhere else? Like particular urls get redirected?

[emanuele-f]

Redirecting traffic is not an issue, either via a router or PCAPdroid. The issue is making the app trust your tls certificate. Anyway, you can use a rooted Android emulator even if you don't have a rooted device

[clash098]

I can't do an emulator since it has integrity checks.