Decrypting TLS traffic in WireShark on Android

asked 2022-07-05 15:56:14 +0000

cedricphillip gravatar image

I want to decrypt Traffic going into an Android mobile app using Wireshark. The app uses TLS and TCP Protocols. I am able to get the secret keys from the app using Frida. But when I set the pre-master log file name in Wireshark and inspect the TLSv1.2 packets, decrypted TLS/SSL doesn't show in the tab below.

image description

And my secret keys have the format: 

CLIENT_HANDSHAKE_TRAFFIC_SECRET ...

SERVER_HANDSHAKE_TRAFFIC_SECRET ...

CLIENT_TRAFFIC_SECRET_0 ...

SERVER_TRAFFIC_SECRET_0 ...

EXPORTER_SECRET ...
edit retag flag offensive close merge delete

Comments

i think it means decryption isn't happening because in the debug log file, there are no "decryption errors"

cedricphillip gravatar imagecedricphillip ( 2022-07-05 16:04:44 +0000 )edit

Sharing the TLS debug log file would be useful.

grahamb gravatar imagegrahamb ( 2022-07-05 16:36:12 +0000 )edit
add a comment