Intercepting Firestore traffic

[emresin12]

Hey, I have been trying to decrypt the Firestore DB traffic for a while. One of the problems was the ssl-pinning set by Firestore. I successfully bypassed it, but I still wasn't able to see the traffic using mitmweb with the WireGuard mode.

Before bypassing the sslpinning there were no requests visible on the mitmweb, but after I bypassed the SSL pinning, I started to see such records:

It says 'content missing', and when I check on the Wireshark I see no data being transferred. Just settings frames or ping frames for HTTP2.

But the thing is, when I use my custom mitm-proxy written in go for this task, it works. My implementation is pretty basic and I did it for educational purposes only. But it worked. Then I could use Wireshark to see the traffic (my proxy was logging the keys).

I don't know if this helps but I had some problems when making my custom proxy work such as handling negotiated ALPN or for the case where the server doesn't explicitly set the protocols it supports, they were not negotiating protocols, etc.

Why can this be? I would like to investigate this further and solve it if possible.

Thanks!