Contact person: Business Client

Phone:Show

Email:Show

Location: Lahore, Pakistan

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"I’m trying to inspect HTTPS API traffic from an Android application that aggressively protects itself with both SSL certificate pinning and a local-IP check. My goal is to see the decrypted requests and responses inside Burp Suite so I can debug and analyse the mobile APIs.

The core obstacle is the pinning layer: the app refuses any connection the moment it detects Burp’s certificate, even after the usual CA-store tricks. I therefore need hands-on help devising and implementing an effective bypass—whether through Frida hooks, smali rewrites, custom Magisk modules, or any method you know will work with the current Android security model. Once the pinning is neutralised, the traffic must flow through Burp’s proxy in real time so I can freely inspect, repeat, and modify those HTTPS API calls.

If you can:
• guide me step-by-step (screenshare, written procedure, or a patched APK) until Burp is cleanly intercepting the target app’s HTTPS API traffic
• demonstrate the successful capture of at least one authenticated API request
• provide a short set of commands or scripts I can reuse after re-installs

then the job is complete. Familiarity with Burp Suite Professional, Frida, Objection, Apktool, Magisk, or similar tooling is essential, but I’m open to whichever technique you find most reliable." (client-provided description)