#StackBounty: #tls #android #proxy #tools Nogotofail usage android pentesting

Bounty: 50

I was looking at the google tool: Nogotofail https://github.com/google/nogotofail

I used their examples to set it up and this works for the examples with proxychains.

But now I want to use it with my android device or android emulator (SDK or Genymotion). But this is where I just do not understand what I have to do.

I tried:
– Installing their “App” but this just crashes on my device or gives 2 options “SSL/TLS” and “HTTP” in an emulator and doesn’t do anything
– Just proxying all traffic to my machine on 8443, this gives a lot of bad handshake errors in nogotofail
– Proxying through Burp to nogotofail, which gives the same bad handshake errors.

From google’s documentation I understand that it should work on a router or VPN. But I don’t understand how to get that to work via my normal computer, and why it would not work by just proxying (like Burp works).

I think I am missing some base level understanding of this problem, but the documentation doesn’t help me with this.

Get this bounty!!!