0

I run an application on Android phone.

The application connects to a webservice via internet and I want to intercept the traffic between the application and the webservice.

The connection is http/ssl

I don't own the webservice server.

If I use tcpdump I cannot see the ssl traffic . It looks broken/encrypted.
Community
  • 1
Michael
  • 137
  • 1
  • 8
  • 2
    I have absolutely no idea what you're asking. Of course tcpdump "supports" SSL; it's L7-agnostic, and of course you can get "SSL TCP" packets on Android, HTTPS works just fine. Please rewrite your question to be clear and answerable, preferably with a description of the problem you're trying to solve, rather than just starting to type part-way through your problem-solving thought processes. Also, your vote and accept rates could do with some work (*nudge*) – womble Jul 31 '11 at 01:46
  • ok. I just edited the question – Michael Jul 31 '11 at 07:31
  • Now *that's* a question that can be answered. – womble Jul 31 '11 at 07:43

1 Answers1

1

Without the SSL private key, dumping the traffic at any point isn't going to be fruitful. All you can do is trace the execution of the application on the phone (for which you'll need a jailbroken phone) to see what it's doing. Even then, it's not just a matter of tracing the write calls, you need to trace the calls to the SSL encryption routines. It's not trivial.

womble
  • 96,255
  • 29
  • 175
  • 230