search

fkie-cad / friTap

The goal of this project is to help researchers to analyze traffic encapsulated in SSL or TLS.
GNU General Public License v3.0
268 stars 28 forks source link

关于系统 #19

Open lzl-hello opened 9 months ago

lzl-hello commented 9 months ago

您好,我认为该项目帮助我们分析app流量非常有帮助,我简单上手测试了在ubuntu上抓取安卓手机中的app流量和密钥并成功解密 我有几个问题: 1.项目介绍中支持所有操作系统,但很不幸我在windows上利用测试该项目失败了,相同的步骤在ubuntu上成功了,请问是windows上有什么操作步骤不一样吗? 2.因为我目前只有安卓机可供测试,我想知道对于鸿蒙系统和苹果手机上的app,该项目能否成功解密 3.目前我的专业知识较少,对此解密的理解就是找到ssl调用的各种函数入口然后hook出密钥来,如果我想进一步改进该项目,我是不是可以添加更多的ssl函数以解密更多的流量包,我应该阅读并修改哪个源文件呢?

如果可以赐教,十分感激!

monkeywave commented 9 months ago

Hi,

thx for your interest in friTap. Unfortunately, I can't read your language. Please ask your question in English and I will try to answer it.

All the best

lzl-hello commented 9 months ago

I think this project is very useful for analyzing traffic. I have initially reproduced the project on Ubuntu and captured the traffic of several Android applications. I have a few questions that I would like to ask:

  1. After importing the secret key, it is true that there is a lot of http traffic in the traffic, but for most Chinese application software that I have analyzed, I can't actually see many useful operations in the decrypted traffic, such as what operations the user has performed. The specific plain text of the response body; what I see more is the acquisition of various resources in the request body, as well as the various device parameters of the response body and other irrelevant data, and then some hexadecimal bytes; I I would like to ask if you have analyzed the decrypted traffic packets? Is it consistent with my analysis? How can I improve this?
  2. I read the project introduction and said that it can analyze Android and iOS applications. I want to know whether it can also be decrypted normally for mobile phones with Hongmeng operating system. Because I don’t have a Hongmeng mobile phone at hand, I haven’t tried it yet; compared with the Chinese market, Hongmeng system It also occupies a large part of the market;
  3. Regarding improvements: My understanding of this project is to hook up the secret key for the ssl-read-write function. Can I add more ssl functions? Will this decrypt more content? Of course, this is just my preliminary opinion. idea;

thx!

monkeywave commented 8 months ago

Hi,

first of all thx for your interest in this project :)

Regarding your questions:

  1. Well it always depends on the analyzed application. There might be several reasons for your results. In such cases it might be useful to do a full packet capture and for instance just try to decrypt the TLS streams inside this. Using the -k <keylog_file> you are able to get the keys with friTap.

  2. Without ever analyzing or working with the Hongmeng operating system we are not able answer that question. So it depends if they are still using the SSL libraries as a normal Android operating system or not.

  3. Sure if you add more SSL/TLS libraries it is very likely that friTap is able to provide a decrypted PCAP where it wasn't able in the past. The secrect key extraction differs on each SSL library. Therefore it might be the SSL-read/write function or another one.