TLJacking Android devices for monitoring and tampering network requests - skepticfx/tlsjack GitHub Wiki

Problem and background:

Those familiar with the proxy situation in Android OS may know that, some apps uses network APIs which doesn't sends traffic through the system proxy. Though there are a few tools and techniques to accomplish this, it seems there is enough to do before completely intercepting and modifying network requests. TLSJack solves the problem in an elegant way.

Prerequisite

• Make sure you have the latest version of tljsack installed on your machine.

Install a custom DNS Server

• TLSJack runs its own DNS server on port 53 to hijack all DNS resolutions to your machine.
• You can also run your own DNS Server and serve custom DNS replies to the domains you are interested in monitoring to the tlsjack machine.
• You can prefer to leave this job to TLSJack itself, since it does it perfectly for you.

Setting up your Android device

• Connect your Android device to your WiFi Network.
• Change the DNS server on your Android device to point to your machine's IP Address or to a DNS server which hijacks all domain names to your tlsjack machine.
• Change DHCP to Static -> DNS Server 1 -> tlsjack IP Address
• Installing, TLSJack CA on your Android device. http://tlsjack.skepticfx.com/certs. Install procedure.