Open josemariafr-upm opened 4 months ago
Hi,
thx for this detailed issue. This helps in order to solve this :-)
Currently we are working on other issues related to Android. It might that they have the same origin but for now we aren't sure about that. As soon as we fixed it or have further information about this issue we will note it here.
Hi,
thx for this detailed issue. This helps in order to solve this :-)
Currently we are working on other issues related to Android. It might that they have the same origin but for now we aren't sure about that. As soon as we fixed it or have further information about this issue we will note it here.
Hi @monkeywave, sorry for the late reply.
Thank you! We'll wait for you. Hopefully you find something soon. If you want me to try experimental versions or other apps don't hesitate to write me.
Hi again @monkeywave, any news on this front? :D
Hi,
thx for reporting this issue - I started looking into it and it might that I discovered a solution for that. Is it possible for you to share your test Android application in order to test the working approach against it?
Thx for your help :-)
All the best
Daniel
Hi,
thx for reporting this issue - I started looking into it and it might that I discovered a solution for that. Is it possible for you to share your test Android application in order to test the working approach against it?
Thx for your help :-)
All the best
Daniel
Hey Daniel! Sure thing. I have uploaded just now the app and its source code here: https://github.com/STRAST-UPM/HTTP3URLGetter (just tested the apk on my personal phone; works as expected apart from the security warning).
Just remember, I'm not an app developer, so structure and the code itself is very simple and not up to a proper standard :'D.
Anything else you need, just tell me
Hi friTap devs. I'm analyzing QUIC traffic in Android apps for an university project. To do so, I developed a simple app that makes HTTP requests to an URL in order to have a controlled environment, and to do so I need to get the keys to decrypt to those packets, and I found this tool for that purpose, so I tried it. The app uses the Cronet library (since it is the only one in Android that supports QUIC | HTTP/3) for the full HTTP client (I tried using OkHttp with a Cronet interceptor, but didn´t manage to get QUIC packets), using the latest version available (119.6045.31) as well as the GMS Play services for Cronet (version 18.0.1). I was wondering if you know if the script has support of those protocols and library (underneath I think it uses OpenSSL or BoringSSL), or you know it's a bit problematic to get the keys.
This is the console traces when using it:
My testing device is this one: Make: Xiaomi Model: Redmi 8 OS version: MIUI 12 (Android 10)
To give you further info, I have tested it with Chrome and Cromite (a Chrome fork) with no luck too, BUT with the Ebay app i had luck:
Looking at the captured traffic I've seen that my app, Chrome and Cromite trades QUIC traffic (with TLS1.3), while Ebay seems to use TLS1.2, so that could be a reason (and, as you can see the script detects the same library in my app and in Ebay's).
Do you need any other info you may need?
Thanks in advance!