Open anythingg opened 7 years ago
Even you got the reversed data, you cant know what inside it except reverse the thrift. Why not try to tunnel all tcp to our proxy so we can monitor all activity(https can monitored but its got encrypted.). In case, hard to find the "decrypt" for the data
This is possible. (It's how I've been reversing the API). But it's not for the feint of heart or those who aren't familiar with doing this kind of work.
The short answer is that you have to get the key from your system. Wireshark allows for decrypting SSL traffic on the fly if you provide the key. I have a workaround that works for this API but I'd rather not share it publicly since it can be used for analyzing encrypted data.
As @anysz has mentioned, the only other option is to tunnel traffic through a proxy server. As it relays traffic, it can also capture the SSL request during the initial handshake. You'll need a virtual machine and a bit of Googling for this method. This is called a "Man In The Middle" attack. You might also encounter the terms "SSL Forward Proxy". The studious among you should have enough to get a Google degree with that.
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
real-life implementations include the following:
See also:
In detail, how do I get the ssl certificate or session key from LINE for decrypting the https traffic with wireshark? I want to decrypt the https traffic so I can reverse engineer some code.