Decrypting TLS traffic in WireShark on Android

asked 2022-07-05 15:56:14 +0000

I want to decrypt Traffic going into an Android mobile app using Wireshark. The app uses TLS and TCP Protocols. I am able to get the secret keys from the app using Frida. But when I set the pre-master log file name in Wireshark and inspect the TLSv1.2 packets, decrypted TLS/SSL doesn't show in the tab below.

image description

And my secret keys have the format:

CLIENT_HANDSHAKE_TRAFFIC_SECRET ...

SERVER_HANDSHAKE_TRAFFIC_SECRET ...

CLIENT_TRAFFIC_SECRET_0 ...

SERVER_TRAFFIC_SECRET_0 ...

EXPORTER_SECRET ...

edit retag flag offensive close merge delete

Comments

i think it means decryption isn't happening because in the debug log file, there are no "decryption errors"

cedricphillip ( 2022-07-05 16:04:44 +0000 )edit

Sharing the TLS debug log file would be useful.

grahamb ( 2022-07-05 16:36:12 +0000 )edit

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

Decrypting TLS traffic in WireShark on Android

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

Decrypting TLS traffic in WireShark on Android edit

Comments

Be the first one to answer this question!

Question Tools

Stats

Related questions

Decrypting TLS traffic in WireShark on Android