I need to decrypt requests which sends by HTTPS protocol from an app. As I understand I need to do smth like MITM attack. I've used Charles and Fiddler for this, but for decrypting HTTPS request from browsers e.g. Firefox i need to make trusted certificates of Charles in it. But how to do this with app where I can`t make my certificates trusted? Is any way to do this for OS globally?
Asked
Active
Viewed 217 times
1 Answers
0
The client generates the 48-byte premaster secret by concatenating the protocol version (2 bytes) and some bytes that the client generates randomly (46 bytes). The client is supposed to get these 46 bytes from the PRNG offered by the operating system (/dev/urandom, CryptGenRandom()...).
Essentially after the hellos and deciding the cipher, say they agree on RSA key agreement.
The client then encrypts the 48-byte premaster secret with the server's RSA public key (that the server sent previously to the client, in the Certificate message). The encrypted result is what the client sends to the server as the ClientKeyExchange message.
The server uses its secret key to decrypt the message and obtain the premaster secret.
Given you control the server and have the cert/private key - It looks to me like Charles Proxy does not support this. But mitmproxy supports providing a fixed certificate for specific domains.
Otherwize as mentioned some apps ( most don't ) use cert pinning that you'll need patch ( or hack ) the app code to disable it here's an answer for that: Charles Proxy for Mobile apps that use SSL Pinning.
some libraries log the generated PSK ( premaster secret key ) to a file that is defined in an environment variable ex. ( export SSLKEYLOGFILE=~/.ssl-key.log ), but I'm not sure thats the case for Android.
Bottom line; there is no general way to do this and it depends on alot of things.
SaleemKhair
- 499
- 3
- 12