Some apps pin their certs, which may break them with Man-In-The-Middle proxy this tool uses.

Author: please consider adding a blurb about that on your page.

The situation on Android is particularly unfortunate. The Android folks have decided that user-added CAs are not exposed to apps unless they explicitly opt in, so nothing works out-of-the box. I personally don't see the threat model they are addressing, but of course there's the "nice" side effect that it stops a lot of privacy research.

This looks great! Very happy to see that kind of software built with mitmproxy. If there's anything we can do to make your downstream life easier, feel free to reach out anytime. :)

I already do this for myself with far fewer dependencies (see NCC's requirements.txt). I do not need to install Python. This makes it easier for me to set this up on computers with limited storage and memory. Plus haproxy and sslsplit are much faster than mitmproxy. The OS I prefer does not have Python in the base system.

Please share the details of your setup

yeah, that requirements.txt is a nightmare.

Could this be useful for doing dynamic exercising of apps in emulators to profile what kind of data they share?

I'm wondering if potentially it could be a way to close the loop on training a deep reinforcement learning model to exercise clicking on app UI's and using Solitude data over the network as the state/reward cycle.

Could you explain? I think I missed something but am interested in your comment. Are you saying to use Solutide data to train a model that hopefully approaches Solitude-like decisions? What could such a model detect that Solitude could not?

It's about whether you can use a DRL model to click at the random app interfaces in a more directed way, and then see its effects in the network traffic via Solitude. You could then download apps and their updates en masse and get automatic privacy profiles of how they actually behave instead of their bullshit policy statements and broad permissions.

App security companies likely do variations on this today, but Solitude in-effect instruments a network sandbox for dynamic analysis of app data handling. I'm saying blackboxing the app with more sophisticated tools like Solitude on the exercising and collection points could be more effective in determining its real behavior than trying to exercise these privacy related code paths directly.

I'm sure someone on this thread has a company that does this by now. The difference is the model clicking on the front end, and the sophistication of Solitude on the network output.

Gotcha, I understand now what you mean, train a model to click. That will be valuable for more than just Solitude on the back end. Thank you.

Sounds like you could already do that by proxying the emulator through burp or running adb logcat with a grep filter. Is there something more than that that you need?

If I’m understanding correctly, you will only be notified if there is a match to whatever the user added to the Yara rules.

Will the MySQL database still contain any/all network traffic and be viewable with a sql database browser?