Can't debug Vine and Twitter api through charles proxy, while facebook, flickr and any other API might be

Question

Can't debug Vine and Twitter api through charles proxy, while facebook, flickr and any other API might be

I am trying to debug a Vine API using Charles debug proxy. I have a Vine version of the app on my device and I have a wifi proxy installed.

I could debug API calls from all other applications by allowing ssl proxy. But SSL proxy doesn't work for Vine (api.vine.com). I tried twitter facebook and flickr apps. I could debug facebook and flickr apis and could see JSON response but for twitter it failed.

Since Vine is owned by Twitter, I doubt if Twitter has implemented some security in their APIs, or changed some of the protocols to ensure that the APIs cannot be debugged. If so, why didn't facebook implement the same? Their API can be easily debugged.

Confirm screenshots.

API Vine Vine API cannot be read by proxy. API succeeds and data is shown in app

Flickr API

Facebook API

Twitter API

UPDATE: Jul 22, 2015

It looks like Twitter is using SSL binding .

+3

debugging api ios proxy charles

arundevma May 15 '15 at 11:19

source to share

1 answer

arundevma · Accepted Answer · 2015-07-22T08:28:55+0000

I finally found the reason. Twitter uses SSL binding in its application to protect its APIs from human in a medium attack. This is stated in their API documentation

More information on pinning can be found here .

Can't debug Vine and Twitter api through charles proxy, while facebook, flickr and any other API might be

UPDATE: Jul 22, 2015

More articles: