learning-frida icon indicating copy to clipboard operation
learning-frida copied to clipboard
verified publisher icon nibarius

Comments for "Sniffing TLS traffic on Android"

Open nibarius opened this issue 3 years ago • 8 comments

Comments made here will be shown on the "Sniffing TLS traffic on Android" article.

https://nibarius.github.io/learning-frida/2022/05/21/sniffing-tls-traffic

nibarius avatar May 21 '22 13:05 nibarius

Great article! Very informative and simple approach - just makes sense. I was struggling to decrypt Android traffic for a while and when I read this I was like "Duh". Hahaha Thanks fro the article!

Rhynorater avatar Jul 30 '22 13:07 Rhynorater

So, I've always used and preferred fiddler, so on the information from your Android 11 guide, and the fact I am using a physical device, I tried to get that working. Fiddler would only see and decrypt traffic from Chrome and not other applications (although interestingly I could see the SSL CONNECTs being logged. Before I embark on using PolarProxy for the first time, I wonder if this is more a security feature of Android 13 and I'm not going to get any further. What do you think?

npendlington avatar Sep 06 '22 09:09 npendlington

I haven't started using Android 13 myself yet, but I'm not aware of any particular security features on Android 13 that should make things more difficult than they were on Android 11. So I'm hoping things will work the same.

nibarius avatar Sep 19 '22 17:09 nibarius

I have followed the article but can't get decrypted info on pcap file. One thing I don't clear is set up Access Point on Android to use our proxy. Do you guys know what is server IP and Port should I enter? Thank you!! asdf

tranxuanloc avatar Dec 03 '22 09:12 tranxuanloc

You should not use any proxy at all in the Access Point settings on Android. PolarProxy is a transparent proxy, so your Android phone doesn't know that it's talking to a proxy. It thinks it's making a normal request directly to the target server. It's the adb reverse and iptables rules that makes sure that the traffic is re-routed to the PolarProxy server on it's way to the remote server.

nibarius avatar Dec 03 '22 15:12 nibarius

Oh thank you! I have thought that the problem is APN because after set up proxy, Android 11 can not access to the internet, I have created a same virtual Android 11 without connect to proxy and it can access to internet. If traffic go through PolarProxy, Android say no connection to the internet. Do you face the internet problem on Android 11?

Some information captured into pcap file but do not decrypt. I don't know where my wrong. image

tranxuanloc avatar Dec 04 '22 09:12 tranxuanloc

I'm using Android 11 on my emulator and I don't have the same internet problem. The important thing when using PolarProxy is to not set up any proxy at all on the emulator. First time I was specifying a proxy in the APN settings, but that wasn't working. When I removed all proxy settings from my emulator and just relied on adb reverse + iptables I got it working.

nibarius avatar Dec 05 '22 20:12 nibarius

Unfortunately, I still can't get decrypted data. I have removed my custom APN. But still have default APN, so I use emulator setting and set it to No proxy.

Screen Shot 2022-12-06 at 22 07 37 Screen Shot 2022-12-06 at 22 08 12

tranxuanloc avatar Dec 06 '22 15:12 tranxuanloc