SSL extension for Android applications

Question

SSL extension for Android applications

I use an Android application for communication that sends an HTTPS request for certain functions, is it possible to read the “read-decrypted” packet that the application sends?

I tried setting up the proxy using Fiddler and ProxyDROID, but it only showed me the results of Web Broweser, not the application

Snark packets using Shark will be encrypted packets

Edit: I used Fiddler to control the packets, however, due to the fact that SSL is not valid, it does not trust it and does not make a connection. How can I get around certificate verification verification?

+4

android ssl https encryption

user1175643 Feb 02 '12 at 13:34

source share

2 answers

Manav · Answer 1 · 2012-05-02T05:55:25+0000

Use the technique given here - http://myhowto.org/java/81-intercepting-and-decrypting-ssl-communications-between-android-phone-and-3rd-party-server/

jglouie · Answer 2 · 2012-02-02T14:54:25+0000

You can decrypt some (when using RSA keys) SSL / TLS traffic with Wireshark if it is compiled in a certain way and you have a private key.

From http://wiki.wireshark.org/SSL :

If Wireshark is compiled with support for SSL decryption, there will be a new option in the SSL settings. This only works for the RSA key if RSA keys can be provided. If the key entry option is Missing, then check if your Wireshark is bound to the required GnuTLS Library. This can be done with wirehark -v. The output should include GnuTLS and GCrypt. If you see without GnuTLS, without Gcrypt, then you will need to reconfigure with --with-gnutls, recompile and reinstall ..

SSL extension for Android applications

More articles: