Open lzl-hello opened 9 months ago
Hi,
thx for your interest in friTap. Unfortunately, I can't read your language. Please ask your question in English and I will try to answer it.
All the best
I think this project is very useful for analyzing traffic. I have initially reproduced the project on Ubuntu and captured the traffic of several Android applications. I have a few questions that I would like to ask:
thx!
Hi,
first of all thx for your interest in this project :)
Regarding your questions:
Well it always depends on the analyzed application. There might be several reasons for your results. In such cases it might be useful to do a full packet capture and for instance just try to decrypt the TLS streams inside this. Using the -k <keylog_file>
you are able to get the keys with friTap.
Without ever analyzing or working with the Hongmeng operating system we are not able answer that question. So it depends if they are still using the SSL libraries as a normal Android operating system or not.
Sure if you add more SSL/TLS libraries it is very likely that friTap is able to provide a decrypted PCAP where it wasn't able in the past. The secrect key extraction differs on each SSL library. Therefore it might be the SSL-read/write function or another one.
您好,我认为该项目帮助我们分析app流量非常有帮助,我简单上手测试了在ubuntu上抓取安卓手机中的app流量和密钥并成功解密 我有几个问题: 1.项目介绍中支持所有操作系统,但很不幸我在windows上利用测试该项目失败了,相同的步骤在ubuntu上成功了,请问是windows上有什么操作步骤不一样吗? 2.因为我目前只有安卓机可供测试,我想知道对于鸿蒙系统和苹果手机上的app,该项目能否成功解密 3.目前我的专业知识较少,对此解密的理解就是找到ssl调用的各种函数入口然后hook出密钥来,如果我想进一步改进该项目,我是不是可以添加更多的ssl函数以解密更多的流量包,我应该阅读并修改哪个源文件呢?
如果可以赐教,十分感激!