Pokemon Go MITM Proxy - Intercepts the traffic between your Pokemon Go App and their servers, decodes the protocol and gives you a handy tool to enrich your own game experience by altering the data on the fly.

Take a look at the examples to get started. Feel happily invited to contribute more!

How to use it?

Setting up the server

Get nodejs

Get protobuf >= 3 Linux: libprotobuf must be present ( apt-get install libprotobuf-dev ) OSX: Use homebrew to install protobuf with brew install pkg-config and brew install --devel protobuf Windows: hard to compile - follow advices

Clone the code to experiment with the examples! (otherwise use it as a npm package) git clone https://github.com/rastapasta/pokemon-go-mitm-node.git && cd pokemon-go-mitm-node npm install

Setup the CoffeeScript interpreter (optional if using npm scripts) npm install -g coffee-script

Setting up your device

Prepare your phone to accept the MITM certificate

Android on a rooted phone: install the Xposed module pokemon-go-xposed otherwise : install a pre-patched version

iPhone you have to be jailbroken to use ilendemli's nice certificate pinning patch



Using Xposed on Android

If you are using pokemon-go-xposed, set the custom endpoint to your machines IP (default port it 8082). All done!

Using iOS or Android without Xposed

Generate a CA MITM certificate Run npm start (or coffee example.logTraffic.coffee ) to generate a CA certificate Download the generated certificate from the started server via http://host:8082/ca.crt (or copy the file .http-mitm-proxy/certs/ca.pem ) Add the certificate to the "trusted certificates" of your mobile (for "VPN and apps" on Android)

Setup your mobile's connection to use your machine as a proxy (default proxy port is 8081 )

Done!

Troubleshooting

Android N requires a different certificate format, make sure you download http://host:8082/ca.crt to your mobile

To let an iPhone or iPad trust the certificate, you might have to save and email http://host:8082/ca.crt to yourself to open it in the Mail app

On very few systems (Raspberry Pi) the CA certificate has to be generated manually: openssl genrsa -out .http-mitm-proxy/keys/ca.private.key 2048 openssl rsa -in .http-mitm-proxy/keys/ca.private.key -pubout > .http-mitm-proxy/keys/ca.public.key openssl req -x509 -new -nodes -key .http-mitm-proxy/keys/ca.private.key -days 1024 -out .http-mitm-proxy/certs/ca.pem -subj "/C=US/ST=Utah/L=Provo/O=PokemonCA/CN=example.com"

If you are unable to log in after installing the certificate on Android, you may have to reboot for apps to see the new CA (#208)

How to code it?

PokemonGoMITM = require ' ./lib/pokemon-go-mitm ' server = new PokemonGoMITM port : 8081 server . addResponseHandler " FortDetails " , (data) -> data.name = " Pokemon GO MitM PoC " data.description = " meow! " data.image_urls = [ " http://thecatapi.com/api/images/get?format=src&type=png " ] data

What's the status?

Thanks to the awesom work done around POGOProtos, all requests and responses can be intercepted and altered on the fly by now!

AddFortModifier

AttackGym

CatchPokemon

CheckAwardedBadges

CheckCodenameAvailable

ClaimCodename

CollectDailyBonus

CollectDailyDefenderBonus

DiskEncounter

DownloadItemTemplates

DownloadRemoteConfigVersion

DownloadSettings

Echo

Encounter

EncounterTutorialComplete

EquipBadge

EvolvePokemon

FortDeployPokemon

FortDetails

FortRecallPokemon

FortSearch

GetAssetDigest

GetDownloadUrls

GetGymDetails

GetHatchedEggs

GetIncensePokemon

GetInventory

GetMapObjects

GetPlayer

GetPlayerProfile

GetSuggestedCodenames

IncenseEncounter

LevelUpRewards

NicknamePokemon

PlayerUpdate

RecycleInventoryItem

ReleasePokemon

SetAvatar

SetContactSettings

SetFavoritePokemon

SetPlayerTeam

StartGymBattle

UpgradePokemon

UseIncense

UseItemCapture

UseItemEggIncubator

UseItemGym

UseItemPotion

UseItemRevive

UseItemXpBoost

Enjoy! And heaps of thanks to everyone who contributed here and on slack!