Intercepting HTTP traffic in Android Flutter Apps

Intercepting HTTP traffic in Flutter apps has attracted significant interest among security researchers. Tools like reflutter have simplified this process. However, these tools often rely on hard-coded HTTP ports, which can limit flexibility in some cases.

This guide outlines a straightforward approach for analyzing Android Flutter apps without the need to rely on specific, fixed ports.

Required Tools

To intercept HTTP traffic in Flutter apps, you will need the following tools:

• Frida: A dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
• Frida APK Patcher: A tool to patch APKs for Frida compatibility.
• ProxyMe: A proxy tool for easier traffic routing.
• Burp Suite: A powerful tool for web application security testing.

Steps to Intercept Traffic

1. Patch the APK with Frida APK Patcher

   • Use frida-apk-patcher to modify the APK, allowing Frida instrumentation.

2. Set Up Burp Suite Proxy

   • Configure Burp Suite to act as the proxy for HTTP and HTTPS traffic.

3. Install and Set Up ProxyMe

   • ProxyMe facilitates the routing of app traffic through Burp Suite.
   • Refer to the ProxyMe documentation for installation instructions.

4. Intercept Traffic

   • Use the frida script (https://github.com/NVISOsecurity/disable-flutter-tls-verification) to disable the TLS verification in the Flutter App.

frida -U Gadget -l disable-flutter-tls.js

• Launch BurpSuite and set up the proxy listener on the desired port.
• Open the app on the Android device and observe the HTTP traffic in Burp Suite.