Capturing gRPC requests in Mobile Applications

What is gRPC?

Remote Procedure Call, developed by Google, is a framework that enables us to use a method on another service or a remote serer as if it were our own service, and provides easy and fast communication in the client-server relationship.

gRPC uses Http/2 protocol for transport/communication/data transmission. In order to understand the benefits of gRPC, it is necessary to understand the benefits of Http/2 first.

The main differences between gRPC and API are in the table below:

What are the gRPC Advantages?

• It uses Http/2 instead of Http/1. Thus, it can provide Http/2 stream support.
• It can provide TCP socket communication.
• It uses binary serialization thanks to http/2. Thus, it is quite fast compared to text-based messaging.
• As a result of the optimizations, it has been determined that it is 2.5 times faster than Restfull services using Http/1. You can check the demo at http2demo.io to see the speed difference between Http/1 and Http/2 more clearly.
• More than one parallel request support is provided over the same connection. In http/1, there is a response compared to a request.
• There is bidirectional communication between client and server.
• It is modern.
• Along with the above features, it has high performance due to many features.
• It can be used by many applications, regardless of language, using Protocol Buffers by default.

Requirements:

• Android Emulator (Android Studio or Genymotion)
• Frida
• Python3
• Pip
• Frida-Server
• Frida Tools
• Objection
• Mitmproxy
• Apk-mitm
• ADB

Preparation of Mobile Test Environment

Install Android studio. After installation, go to the “Device Manager” area and create an Android device with the “Android 9.0 Google APIs x86_64” features.

You can use the commands below for the installation of Frida, Frida-tools and objection tools.

pip install frida
pip install objection
pip install frida-tools

We need to use adb to access the created Android device.

You can download ADB directly from the address below.

MacOS: https://dl.google.com/android/repository/platform-tools-latest-darwin.zip

Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip

Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip

MacOS users can download ADB using the command below.

brew install andorid-platform-tools

After ADB installation, Frida-server installation needs to be done. For Frida-server installation, we need to learn the arch version of the device we installed. You can find out the Arch version with the command below.

adb Shell getprop ro.product.cpu.abi

When you run the command, a result like “x86_64” will be displayed.

You can download the appropriate Frida version from the address below.

https://github.com/frida/frida/releases/

Download the appropriate version and extract it from the archive.

adb push /download/frida-server-15.0.17-android-x86_64 /data/local/tmp
adb Shell chmod 777 /data/local/tmp/frida-server-15.0.17-android-x86_64

After installing Frida-server apk-mitm tool must be downloaded.

You can download the APK-MITM tool from the address below.

“https://github.com/shroudedcode/apk-mitm”

With the NPM package, you can download it with the command “npm install -g apk-mitm”.

Download the prepared APK file to the Android device.

The MITMProxy tool now needs to be installed.

Mac users can install it using the “brew install mitmproxy” command. You can find the details of the MITMProxy application and other download options here.

https://mitmproxy.org/

After installing MITMProxy, certificates must be installed. You can review the following site for installing MITMProxy certificates.

https://docs.mitmproxy.org/stable/concepts-certificates/

MacOS users can use the following command.

sudo security add-trusted-cert -d -p ssl -p basic -k /Library/Keychains/System.keychain ~/.mitmproxy/mitmproxy-ca-cert.pem

After this command, certificates will be created in the “~/.mitmproxy” directory. You can see the files as follows when you go to the directory.

We transfer the file with the extension “.cer” to the Android device. Upload the transferred certificate to the device.

Install the certificate on the device in the “Security & Location > Advanced > Encryption & Credentials > Install from SD Card” field.

After the certificate installation, we need to run our mitmproxy tool.

You can run it with the “mitmweb” command from the terminal.

It uses port 8081 for web interface and port 8080 for listener mode.

Activate Frida-server. You can use the following command for this.

adb Shell /data/local/tmp/frida-server-15.0.17-android-x86_64 &

After running Frida-server, we need to know the name of the apk package.

You can use the following command for this.

frida-ps -Uai

After you know the package name, start setting the proxy with objection.

You can use the following command for this.

objection -g <PACKAGE_NAME> explore -q

You can use the following command to use objection proxy.

android proxy set <MITMPROXY_MACHINE_IP> <MITMPROXY_LISTENIR_PORT>

After the application is running, you can view the gRPC requests.