25
Help me free my wages from my employer
(hexbear.net)
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
Rules:
I don't know how the encryption works on your phone, but I used mitmproxy to spoof GPS data sent by an app to a server. Need to be able to install and use your own CA though which is a hassle in android.
CA in this context is certificate authority? Sorry my tech knowledge has diminished over the years
Ah yes sorry should have clarified that. Need to be your own certificate authority to break encryption.
Will this and this lead me in the right direction you think?
Depends on how deep you want to go. Mitmproxy takes care of most of these steps for you. You simply have to install the CA yourself.
https://docs.mitmproxy.org/stable/concepts-certificates
Sorry for the second reply just wanted to make sure you got notified of this:
It would probably prudent to mitm the app-server connection regardless just to see what kind of data it collects especially if you're using it on your personal phone. Be aware that having a company app installed on your personal phone might entitle your company to look at your phone depending on the legal set up that you agreed to. Precisely in order to check on people who might be working around their "accountability apps".
Also depending on the situation they might in theory be able to ascertain where you are, or at least where you are not depending on the IP used to connect to their server, I don't know how advanced you think their anti-fraud measures are but just to keep in mind that any data sent could be used against you.
If you want to go the mitmproxy route definitely disable the mobile internet connection because if your wifi drops and you dont connect to the server via the proxy it would send the unaltered GPS data.