NetworkInspector is a dynamic analysis microservice that intercepts and analyzes network communications of mobile applications to detect security issues in transit.
- Traffic Interception: Captures HTTP/HTTPS/TLS traffic between the mobile app and its backend.
- Security Inspection: Analyzes traffic for cleartext data, weak TLS configurations, and certificate pinning issues.
- Dynamic Analysis: Monitors runtime network behavior in a controlled environment.
- Language: Python
- Key Tools:
- mitmproxy: An interactive HTTPS proxy for traffic inspection.
- Docker Sandbox: Provides an isolated environment for running emulators.
- AVD/iOS Simulator: Supports both Android Virtual Devices and iOS simulators (with physical device support as primary).
- TLS/SSL Validation: Checks for proper certificate validation and secure protocol usage.
- Sensitive Data Leakage: Identifies if sensitive information is being transmitted insecurely.
- Automated Traffic Capture: Can be scripted to capture traffic during automated app interactions.
For detailed installation and usage instructions, please visit the official repository.