Breaking the Tunnel: Real-Time API Interception in MDM-Locked Mobile Apps with KnoxSpy

By Subho Halder on 10 Dec 2025 @ Blackhat : Arsenal
πŸ’» Source Code πŸ”— Link
#mobile-pentesting #vulnerability-assessment #android-security
Focus Areas: πŸ” Application Security , πŸ“± Mobile Security , 🎯 Penetration Testing , πŸ” Vulnerability Management
This tool demo covers following tools where the speaker has contributed or authored
KNOXSPY

Abstract

KnoxSpy enables real-time API interception in MDM-locked mobile applications, allowing security researchers and pentesters to inspect and analyze API traffic from managed devices where traditional interception is blocked. The tool helps assess the security of mobile apps in enterprise MDM environments.

Presented at Black Hat Europe 2025 Arsenal, December 8-11, London.