ssl_encryption_issue

Question

I captured the FaceTime application (from iPAD) traffic and which is in SSL format. I need to get into TLSV1 format to read and understand this format. so I could I get the TLSV1 format from the SSL format. please help me in decrypting the same.

please find the some SSL format packets as shown below.

23  20.393657   115.111.14.7    17.154.239.13   TCP 82  49358 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=16
32  20.903460   17.154.239.13   115.111.14.7    TCP 66  https > 49358 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460 WS=16
33  21.139873   115.111.14.7    17.154.239.13   TCP 64  49358 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0
38  22.571228   115.111.14.7    17.154.239.13   SSL 489 Continuation Data
39  22.571275   115.111.14.7    17.154.239.13   SSL 287 Continuation Data
44  23.013933   17.154.239.13   115.111.14.7    SSL 1499    Continuation Data

Answer 1

please help me in decrypting the same.

17.154.239.13 is an IP address of an apple server. As you (most certainly) don't have access to the the private key of that server, you cannot decrypt the traffic.

However, you could intercept the SSL traffic with Fiddler or similar tools. See a similar question a few days ago.

http://ask.wireshark.org/questions/24985/google-analytics-in-native-apps-ipad

and the link how to use Fiddler with an iWhatever (tm) device.

http://fiddler2.com/documentation/Configure-Fiddler/Tasks/ConfigureForiOS

Regards
Kurt