I have done exactly the same thing for Desktop/Android apps using Frida (modified from https://github.com/google/ssl_logger). There are modules out there that dump SSLKEYLOG too (that can be used in Wireshark)
With IOS I’ve used the keylog strategy and it is very effective. IOS uses boringssl and the library calls a function to log the secret but this function never does anything normally. However, you can either trampoline this function to log the secret or modify the ssl context to add your own logger function. This is all public knowledge and you can find Frida scripts that will dump the TLS secrets.
benmmurphy|5 years ago
heyoni|5 years ago