androidreverse-engineeringcharles-proxysslpinninghttp-toolkit

How can an Android app receive UI updates without HTTP requests?


I am trying to reverse engineer an API of an app. I have already done everything there is to decrypt traffic using Charles and HTTP Toolkit certificates on a rooted Android emulator. However, both Charles and HTTP Toolkit show a weirdly small amount of requests. All of them are decrypted and there is no unknown traffic shown, but the only requests i get are media requests (mostly video thumbnails), one AB config request, then some Facebook and Firebase integration requests and that is it. Seems like the app does not get UI data by making http requests to a server. It might use gRPC, but Charles supports HTTP/2, and even if it did not, i tried Mediator that is aimed at gRPC calls and got nothing. I am not an Android developer so i do not really know about UI rendering on Android, what could it be that there is no data incoming for the app?


Solution

  • It turns out the app is not using http but rather a raw socket connection with protobuf. Data is also encrypted, so the only way to reverse engineer the API is to disassemble the apk and read the smali. Thanks everyone for your suggestions!