top | item 29198671

Capturing and Decrypting HTTPS Traffic from iOS Apps Using Frida (2019)

36 points| codetrotter | 4 years ago |andydavies.me | reply

7 comments

[+] thenthenthen|4 years ago|reply

What is the advantage to for example Burpsuite Proxy (+burp ca certificate)? Is it possible to decrypt packets found in the air (aka open wireless network you control)?

[+] benmmurphy|4 years ago|reply

a lot of iOS apps will use certificate pinning so this avoids having to bypass that. the disadvantage is you can't easily modify requests. i actually have an extension to mitproxy that pulls the secrets from keylog file and then performs an MITM attack on the connection based on that. this way you can modify requests without trusting an evil root certificate. but you do need the key material either via keylog file or via an attack on TLS key sharing (like solving DLP on EC). also i've only implemented this for TLS1.2.

[+] c7DJTLrn|4 years ago|reply

Why do this over installing a root CA and using mitmproxy as a proxy server?

[+] inickt|4 years ago|reply

As mentioned below, lots of iOS apps will use certificate pinning to verify they aren’t being MITM’ed.

[+] youngtaff|4 years ago|reply

In addition to the cert pinning issue, I found it handy when I wanted to look at the Safari's HTTP/2 implementation and proxies can get in the way

I believe this method can also be used to decrypt traffic going over the cellular interface too

[+] m0rbz|4 years ago|reply

[deleted]