Not working in emulator even with test app (M1 Mac / Android 10 / Google APIs / arm64 image)

[relm]

I'm trying to get this working in the Android emulator. Originally my test app was the Stadia APK which didn't work, but I tried the provided test app and HTTPS requests fail even in that.

Here is the Frida log from when launching the test app:

Spawning `eu.nviso.flutter_pinning`...
[+] Java environment detected
Spawned `eu.nviso.flutter_pinning`. Resuming main thread!
[Android Emulator 5554::eu.nviso.flutter_pinning ]-> [+] libflutter.so loaded
[+] Flutter library found
[!] ssl_verify_peer_cert not found. Please open an issue at https://github.com/NVISOsecurity/disable-flutter-tls-verification/issues
[+] ssl_verify_peer_cert found at offset: 0x3a251c

But when clicking HTTPS Request in the test app it says "ERROR". The request doesn't seem to hit my proxy at all either. HTTPS are intercepted fine in other regular apps and my cert is trusted within the emulator. The HTTP option in the app works fine, and clicking Pinned Request gives a "DIO: ERROR".

Any ideas? Have you tested this on any of the emulator images? I'm on an M1 Mac if that matters.

[TheDauntless]

@relm Note that Flutter ignores system proxy settings by default, which means you have to use proxydroid (or vpn / hotspot + iptables) to perform a MITM on them. Can you confirm that you are using ProxyDroid or a similar setup? Do you actually see the HTTP requests in your proxy?

This is noted on the main page, but maybe not clearly enough?

[relm]

@TheDauntless Thanks for the reply, I'm aware of that. The HTTP request I do see in my proxy so it seems like it is setup fine in that regard? Otherwise due to the way Flutter works, not even the HTTP request should be making it to my proxy, correct?

That said, I'm not using iptables or ProxyDroid. I could get neither working properly within the emulator. Could try the VPN method, saw it mentioned for iOS but didn't know if that was viable for Android.

I'm simply starting the emulator with the -http-proxy command line argument, like so: emulator -avd avd_name -writable-system -http-proxy 192.168.1.224:9090

There's a few additional steps as well:
Push the proxy cert file to /system/etc/security/cacerts so it is trusted
Under Mobile Network I add a new APN entry with the proxy address/port and switch to that APN (default is T-Mobile)
WiFi is off
Toggle airplane mode on/off (for whatever reason, it doesn't start capturing HTTPS requests until I do this)

This above setup proxies SSL traffic fine within the emulator for non-Flutter apps.

[TheDauntless]

@relm Looks like I forgot to push the version with x64 signatures. I've just updated the script, can you have another go at it? The only thing you need for an Android x64 avd is to add frida-server and use the -http-proxy setting. All the other steps are not needed for a Flutter app (at least not on my avd).

[relm]

@TheDauntless Yes, it works now! Awesome, thanks!