How to intercept and decrypt TLSv1.2?

J

Julia Kovalenko2016-12-22 17:22:06

Digital certificates

Julia Kovalenko, 2016-12-22 17:22:06

It is necessary to intercept the encrypted traffic of the mobile application using the TLSv1.2 protocol and decrypt it.
In the wireshark application, to decrypt traffic, the private key of the server is needed, which I do not have.
There is a way to log symmetric keys and use them in wireshark, but this only works in browsers.
Cool Fiddler application, but it does not catch TLS, only http, https.

Please suggest some way to solve this problem.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

Z

zano3adev, 2016-12-22
@kovalenko_jul_s

Recently there was a task to analyze and replace traffic (TLS) windows applications.
1. Compiled a list of domains (used wireshark) to which requests are sent via TLS.
2. Added domains to hosts with local ip.
3. Created self-signed certificates for each domain.
4. Added certificates to trusted root certificates.
5. Raised a web server (nginx) with certificates as a proxy and logged all requests.
6. Changed some data returned by the webserver.
Related : sslstrip , sslsniff

R

Rou1997, 2016-12-22
@Rou1997

There is a radically different way - in addition to the sniffer, use a disassembler, decompiler and debugger (executable code), which ones - depends on the OS and what the application is written on.
In this way, any encryption of "requests" and "responses" can be bypassed.
Because it works at the HTTP level, and therefore only with HTTP, you also need it at the TCP level.