NeuroAgent

Why Reqable Doesn't See File Uploads: Complete Guide

Learn why Reqable and other sniffers don't display file upload traffic. Complete guide to configuring SSL certificates and solving HTTPS traffic issues on mobile devices.

#https-traffic#mobile-sniffer#reqable#ssl-certificates#ssl-pinning

Why don’t Reqable and other phone sniffers display file download traffic?

When using Reqable and other network sniffers on a mobile device, I don’t see information about file downloads in the logs. For example, when downloading a file from the internet, it doesn’t appear in the logs, while other actions such as browsing web pages or entering search queries are successfully recorded. How can I configure or fix Reqable to properly track and display file download traffic?

NeuroAgent

Reqable and Other Sniffers Often Don’t Display File Download Traffic Due to HTTPS Connection Features and SSL Encryption

Files are typically downloaded over secure connections that require proper installation and trust of sniffer certificates, as well as correct proxy configuration.

Table of Contents

Main Reasons for Missing File Download Traffic

The absence of file download information in sniffer logs is usually related to several key reasons:

HTTPS Encryption. Most modern applications use HTTPS for file downloads, which requires special handling of SSL certificates. Without proper installation of the sniffer’s certificate, the traffic remains encrypted and unreadable.

SSL Pinning. Many applications use SSL pinning mechanisms that “pin” trust to specific certificates and reject connections through proxy servers, even if the certificate is installed.

Proxy Configuration. Incorrect proxy settings on the mobile device can cause applications to simply ignore the proxy server for certain types of traffic, especially for downloading large files.

Traffic Filtering. Some sniffers by default filter or don’t display certain types of requests, such as binary data or file transfer streams.

Setting Up SSL Certificates in Reqable

For Reqable to properly track file download traffic, SSL certificates must be configured correctly:

Step 1: Download the certificate

  1. Open the Reqable application on your mobile device
  2. Go to SettingsDownloaded Profile
  3. Select Reqable CA and download the certificate file

Step 2: Install the certificate

  1. On the device, open SettingsSecurityTrusted credentials
  2. Find and install the downloaded Reqable CA certificate
  3. Confirm installation if required

Step 3: Configure the proxy

  1. In Reqable settings, specify the IP address and proxy port
  2. On the mobile device, in Wi-Fi or mobile network settings, specify the proxy server
  3. Ensure that the proxy is configured for all applications or only for the required ones

Important: For Android versions 10 and above, additional configuration to trust the certificate may be required in SettingsGeneralAbout phoneCertificate trust settings.

Certificate Verification and Trust

After installing the certificate, you need to ensure that the system trusts it:

Installation Verification

  1. Open SettingsSecurityTrusted credentials
  2. Ensure that the Reqable CA certificate is present and marked as installed
  3. Verify that the certificate is in the User certificates section (not system certificates)

Additional Trust Settings

  1. For some Android devices, an additional step is required:
    • SettingsGeneralAbout phoneCertificate trust settings
    • Enable the toggle for the Reqable CA certificate

Functionality Testing

  1. Open a browser and navigate to any HTTPS website
  2. Ensure that Reqable intercepts the traffic
  3. If traffic is intercepted but files are not displayed, the issue may be in the filtering settings

Special Rules for SSL Decoding

Reqable allows configuring special rules for processing SSL traffic:

SSL Decoding Rule Configuration

  1. In Reqable, open the SSL section
  2. Add rules for specific domains that should be decoded
  3. For domains where decoding is not required, add rules to bypass SSL decoding

Example Rules:

  • For example.com enable SSL decoding
  • For secure-api.example.com disable SSL decoding (if the application uses SSL pinning)

Request Type Filtering

  1. In Reqable settings, configure filtering to display binary data
  2. Ensure that all traffic is captured, not just HTTP requests
  3. Check packet size and data type filtering settings

Troubleshooting with Specific Applications

Some applications have special mechanisms to protect against traffic interception:

Applications with SSL Pinning

  1. For applications with strict SSL pinning, you may need:
    • Using specialized tools (e.g., Frida for bypassing SSL pinning)
    • Manual modification of the APK file to trust user certificates
    • Using VirtualXposed for automatic modification of installed APKs

System Applications

  1. For system applications, you may need:
    • Obtaining root access
    • Moving the certificate to the system section using tools like MoveCerts
    • Using emulators with pre-installed certificates

Hybrid Applications (WebView)

  1. If the download occurs through a WebView component:
    • Ensure that WebView uses system proxy settings
    • Check WebView security settings
    • Try disabling WebView security in developer settings

Alternative Methods for Tracking Downloads

If standard settings don’t work, you can use alternative approaches:

Using Other Sniffers

  1. Try alternative tools:
    • Charles Proxy - requires installing its own certificate and configuring the proxy
    • Burp Suite - professional tool for web testing
    • HTTP Catcher - simplified alternative with good mobile device support

File System Monitoring

  1. Monitor changes in download folders:
    • Android: /storage/emulated/0/Download
    • iOS: ~/Documents
  2. Use file monitors to track the creation of new files

Network Analyzers

  1. Use tools for analyzing network traffic:
    • Wireshark - packet capture at the OS level
    • NetworkMiner - file extraction from captured traffic
  2. Configure capture of all network traffic without filtering

Sources

  1. Reqable SSL Documentation - Configure SSL decryption rules
  2. Reqable Certificate Installation Guide
  3. Flutter app traffic capture with Reqable
  4. Android emulator traffic analysis with Reqable
  5. SSL traffic decryption requirements
  6. Traffic sniffers overview on Habr
  7. Mobile app traffic capture guide

Conclusion

Key Takeaways:

  1. The main issue with Reqable is the lack of proper SSL certificate configuration for HTTPS traffic
  2. Files are typically downloaded over secure connections, which requires installation and trust of the sniffer’s certificate
  3. Many applications use SSL pinning, which prevents traffic interception through proxies
  4. For complex cases, additional SSL decoding rule configurations may be required

Practical Recommendations:

  1. Always first install and configure the Reqable SSL certificate
  2. Verify certificate trust in device security settings
  3. For complex cases, use a combination of tools or alternative monitoring methods
  4. Regularly update Reqable to the latest version to support new application protection mechanisms

For in-depth study of sniffer configuration, it is recommended to refer to the official documentation of the selected tool and specialized resources on mobile testing.

How to install and configure Reqable SSL certificate on Android devices?What is SSL pinning and how to bypass it for intercepting mobile app traffic?What alternative tools for analyzing mobile app traffic exist besides Reqable?Why do some applications ignore the proxy server even with proper configuration?How to track file uploads in applications with WebView components?How to configure Charles Proxy for analyzing HTTPS traffic on iOS devices?
Ask NeuroAgent