Ask Your Question
0

Capturing HTTPS communication from Android emulator

asked 2020-10-23 10:48:10 +0000

FirePower gravatar image

Hello, I wonder, if it's possible to capture and reveal secured (TLS) taffic of an app running inside Android emulator, specifically MEMU. While I'm able to set SSLKEYLOGFILE environment entry and decrypt secured layer from my browser, the emulator seems to bypass the setting and not logging the certificates. I see the remote endpoints, but the packet details are only on level of TLS. So I'd appreciate a working method or if there's none, please suggest me a different software/emulator for it. Eventually I could install the APK to a physical device, but I'm not familiar with capturing TCP/IP on Android.

edit retag flag offensive close merge delete

Comments

Do you need packet capture or just to look inside the TLS traffic?
You might explore using a proxy (Charles, Fiddler, ZAP, Burp, ...).

Chuckc gravatar imageChuckc ( 2020-10-23 15:22:57 +0000 )edit

I need to look inside the requests so packet capture. I have evaluated Fiddler (with HTTPS enabled), but it even didn't trigger any relevant request.

I'm interested, if there's a different emulator (Android Studio) which could expose network traffic better.

FirePower gravatar imageFirePower ( 2020-10-23 16:09:48 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2020-10-26 23:44:43 +0000

André gravatar image

Setting the SSLKEYLOGFILE on the host has no effect. That needs to be activated at the end-point of the communication, thus on the app inside the emulator or at the server side.

Depending on your situation there are several possibilities.

If you can set up the SSLKEYLOGFILE inside the emulator, then you can still use the host to capture the traffic.

If you have access to the server then you may use the SSLKEYLOGFILE feature on the server side. Or downgrade to a RSA key and use that private key to decrypt the capture.

If the app who's traffic you want to capture supports a proxy then you can redirect the traffic via a proxy on the host. E.g. With Fiddler: enable “Decrypt HTTPS traffic”, activate "Allow remote computers to connect", export the CA and import the CA in in the emulator. In the emulator set Proxy to the local IP address of your computer and Port to 8888.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-10-23 10:48:10 +0000

Seen: 10,953 times

Last updated: Oct 26 '20

Related questions

How to get TLSv1.2 to decode

How to verify what protocol was used in an encrypted file transfer?

SSL/TLS Handshake Immediately Fails

Can't capture TLS certificate

How can I extract parameters from pcap

Does Wireshark support TLS 1.3?

How can I decode TLS that uses DH?

Can Wireshark decode a LDAPs conversation?

[TLS 1.3] I am getting an error while decrypting the SSL Handshake Traffic -

Decrypting Application Data with Private Key File