Appknox, a leading provider of cutting-edge mobile app security solutions, today launched KnoxSpy, an innovative open-source tool designed to give security professionals visibility into mobile traffic locked behind Mobile Device Management (MDM) tunnels. Hosted on GitHub, KnoxSpy enables real-time interception, analysis and modification of API traffic within MDM-protected applications — a long-standing blind spot for security testing.
In many enterprises, MDM applications are the backbone of organizational control, ensuring devices are compliant, protected, and centrally managed. But for security teams, these same MDM policies create a roadblock. By forcing all network traffic through centrally managed VPNs, MDM platforms effectively break conventional interception proxies, leaving privileged apps untestable and high-risk vulnerabilities undetected.
To address this challenge, KnoxSpy uses dynamic instrumentation via Frida to hook into an application's network libraries at runtime. This approach allows KnoxSpy to:
- Capture requests and responses inside the MDM tunnel, enabling real-time visibility without disrupting the VPN flow.
- Analyze and modify API traffic on the fly, testing edge cases and validating application responses with full context.
- Reinject modified requests using the app’s own libraries, maintaining operational integrity while performing deep assessments.
"Security teams have been flying blind when it comes to MDM-managed applications," said Subho Halder, CEO of Appknox. “KnoxSpy changes that by letting researchers see and manipulate traffic where it actually lives — inside the app. We’re closing a major gap in enterprise mobile security testing, giving defenders the same advanced capabilities that attackers exploit to stay ahead.”
KnoxSpy has already been used to uncover critical vulnerabilities in prominent enterprise MDM deployments, helping organizations strengthen their mobile security posture without disabling the very controls that keep their environments safe.
KnoxSpy’s launch is a testament to Appknox’s commitment to advancing the field of mobile security, giving both enterprises and the security research community the tools they need to keep pace with increasingly sophisticated threats.
For more information, visit https://www.appknox.com/resources/ebooks/demystifying-network-libraries or access the project directly at github.com/appknox/knoxspy.
About Appknox
Appknox is a global leader in mobile application security, providing comprehensive solutions including SAST, DAST, API testing, and the newly launched Storeknox continuous monitoring platform. Trusted by Fortune 2000 companies and government organizations across 60+ countries, Appknox specializes in detecting AI vulnerabilities and seamlessly integrates with CI/CD pipelines. Our enterprise-grade solutions help financial services, healthcare, and retail organizations meet global compliance requirements while protecting their mobile ecosystems from emerging threats. Learn more at appknox.com.