pokemon-go-mitm-node

Pokemon Go MITM Proxy - Intercepts the traffic between your Pokemon Go App and their servers, decodes the protocol and gives you a handy tool to enrich your own game experience by altering the data on the fly.

Take a look at the examples to get started. Feel happily invited to contribute more!

How to use it?

Setting up the server

• Get nodejs

• Get protobuf >= 3

  • Linux: libprotobuf must be present (apt-get install libprotobuf-dev)
  • OSX: Use homebrew to install protobuf with brew install pkg-config and brew install --devel protobuf
  • Windows: hard to compile - follow advices

• Clone the code to experiment with the examples! (otherwise use it as a npm package)

  git clone https://github.com/rastapasta/pokemon-go-mitm-node.git && cd pokemon-go-mitm-node

  npm install

• Setup the CoffeeScript interpreter (optional if using npm scripts) npm install -g coffee-script

Setting up your device

Prepare your phone to accept the MITM certificate

• Android

  • on a rooted phone: install the Xposed module pokemon-go-xposed
  • otherwise: install a pre-patched version

• iPhone

  • you have to be jailbroken to use ilendemli's nice certificate pinning patch

Using Xposed on Android

If you are using pokemon-go-xposed, set the custom endpoint to your machines IP (default port it 8082). All done!

Using iOS or Android without Xposed

• Generate a CA MITM certificate

  • Run npm start (or coffee example.logTraffic.coffee) to generate a CA certificate
  • Download the generated certificate from the started server via http://host:8082/ca.crt (or copy the file .http-mitm-proxy/certs/ca.pem)
  • Add the certificate to the "trusted certificates" of your mobile (for "VPN and apps" on Android)

• Setup your mobile's connection to use your machine as a proxy (default proxy port is 8081)

• Done!

Troubleshooting

• Android N requires a different certificate format, make sure you download http://host:8082/ca.crt to your mobile

• To let an iPhone or iPad trust the certificate, you might have to save and email http://host:8082/ca.crt to yourself to open it in the Mail app

• On very few systems (Raspberry Pi) the CA certificate has to be generated manually:

  openssl genrsa -out .http-mitm-proxy/keys/ca.private.key 2048
  openssl rsa -in .http-mitm-proxy/keys/ca.private.key -pubout > .http-mitm-proxy/keys/ca.public.key
  openssl req -x509 -new -nodes -key .http-mitm-proxy/keys/ca.private.key -days 1024 -out .http-mitm-proxy/certs/ca.pem -subj "/C=US/ST=Utah/L=Provo/O=PokemonCA/CN=example.com"
  

• If you are unable to log in after installing the certificate on Android, you may have to reboot for apps to see the new CA (#208)

How to code it?

PokemonGoMITM = require 'pokemon-go-mitm'
server = new PokemonGoMITM port: 8081

# Replace all PokeStops with kittys!
server.addResponseHandler "FortDetails", (data) ->
	data.name = "Pokemon GO MitM PoC"
	data.description = "meow!"
	data.image_urls = ["http://thecatapi.com/api/images/get?format=src&type=png"]
	data

What's the status?

Thanks to the awesom work done around POGOProtos, all requests and responses can be intercepted and altered on the fly by now!

• AddFortModifier
• AttackGym
• CatchPokemon
• CheckAwardedBadges
• CheckCodenameAvailable
• ClaimCodename
• CollectDailyBonus
• CollectDailyDefenderBonus
• DiskEncounter
• DownloadItemTemplates
• DownloadRemoteConfigVersion
• DownloadSettings
• Echo
• Encounter
• EncounterTutorialComplete
• EquipBadge
• EvolvePokemon
• FortDeployPokemon
• FortDetails
• FortRecallPokemon
• FortSearch
• GetAssetDigest
• GetDownloadUrls
• GetGymDetails
• GetHatchedEggs
• GetIncensePokemon
• GetInventory
• GetMapObjects
• GetPlayer
• GetPlayerProfile
• GetSuggestedCodenames
• IncenseEncounter
• LevelUpRewards
• NicknamePokemon
• PlayerUpdate
• RecycleInventoryItem
• ReleasePokemon
• SetAvatar
• SetContactSettings
• SetFavoritePokemon
• SetPlayerTeam
• StartGymBattle
• UpgradePokemon
• UseIncense
• UseItemCapture
• UseItemEggIncubator
• UseItemGym
• UseItemPotion
• UseItemRevive
• UseItemXpBoost

Enjoy! And heaps of thanks to everyone who contributed here and on slack!