In my workplace, we have got iOS and Android applications for pentesting and it runs only on a non-rooted device. It also uses a VPN to connect to the servers since it is an internal application.
For dynamic and static analysis, we are injecting frida. To scan for the API vulnerabilities, we have to intercept the traffic which we are facing difficulty. Client has informed us that they cannot give access to VPN on our desktops and it only works on mobile devices.
Can someone please let me know if there is a way to intercept the traffic in this scenario? It would be extremely helpful.