How did you reverse?

[MsLolita]

Hi, reversing the web version is of course no problem, but how to reverse the Threads application, I can't figure out. I used httptoolkit, which could not decode the https traffic. I also used fiddler, which did not show the requests normally. So I would be very grateful if you could explain how you were able to sniff the traffic, or maybe link to the tutorial you did.

[sooluh]

as far as i know, you can use android emulator, burp suite, frida and objection

[zakaryan2004]

Instagram uses SSL Pinning. You need to get past that. You can write a small frida script or find countless of them online.

[billy-the-ape]

I have nearly gotten this working but seems like there is still something missing with the ssl pinning on this app.

I've gotten the burp certificate added as a trusted ca on the device, and can browse and view requests with the emulator's browser in clear text within burp.

I've tried several frida scripts as well as objection to prevent the ssl pinning on the threads app but I'm still getting a bad_certificate with the graph calls specifically. Interestingly I did get some clear text results from another facebook call but nothing useful for this RE.

The specific error I'm seeing in the burp event log is The client failed to negotiate a TLS connection to i.instagram.com:443: Received fata alert: bad_certificate as well as a seperate error: Tag mismatch. This occurs when clicking the Log in with Instagram button on the Threads app.

I know this stuff gets super wonky but any help is greatly appreciated 🙏