Intercepting Network Traffic of the Smart-ID Android Application
Date
2020
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
This thesis analyzes the technical means on how to monitor network communication between the Smart-ID Android application and the server. It gives an overview of the Smart-ID solution and then introduces the concept of man-in-the-middle attack used to intercept the traffic. To implement successful traffic interception attack, the certificate pinning mechanism had to be disabled in the Smart-ID application. This thesis provides step-by-step instructions on how to modify the Smart-ID application’s network security configuration and implement traffic interception using mitmproxy tool. Using the proposed methods network requests can be monitored to verify that no obvious personal data is being sent out from the user’s Android mobile device.
Description
Keywords
Smart-ID, network interception, man-in-the-middle attack