ELI5, Is there a way someone (me?) can snoop and see data being sent by an API to an app on my phone?
In: Technology
Yes, it’s called a MITM (man in the middle).
I wouldn’t use Wireshark, in my experience the majority of apps use HTTPS for this purpose and Wireshark will not be able to decrypt it. Instead, if you use Fiddler and its fake root CA option, you can see the majority of traffic sent by your phone’s apps, mostly in plain text. (some won’t work due to certificate pinning and use of other protocols but these are uncommon)
Latest Answers