raphaelts3
commented
1 month ago Not sure if it will help your case, but in my case where I just wanted to log ssl keys, I've just commented that line and moved on, it worked just fined 🙈
Open dreyes15 opened 2 months ago
raphaelts3
commented
1 month ago Not sure if it will help your case, but in my case where I just wanted to log ssl keys, I've just commented that line and moved on, it worked just fined 🙈
dreyes15
commented
1 month ago Yea I think I might do that, my initial goal was to use the -p flag just to sanity check the traffic that was being collected. The default might be to just return 0.0.0.0 if FriTap can’t get the ip?
raphaelts3
commented
1 month ago Hm, good question I didn't end-up using anything besides ssl key logs, to then import the keys to wireshark and get the whole dumps from there. Just to share a bit more of my setup, basically I'm using wireshark hooked into my cable ethernet and I'm sharing that same connection through wi-fi to my phones, that way all the traffic has to pass through wireshark and I can just see then with the keys I've exported using friTap.
dreyes15
commented
1 month ago Gotcha, if you are using tcpdump on the phone, are you getting only app traffic Or are you getting everything and filtering the traffic from the app?
raphaelts3
commented
1 month ago I'm getting everything, because I'm using wireshark directly on local network, so everything from my pc and phone are showing there, still on wireshark I then filter by hostname(from tls handshake) and from there IPs, that way I can mainly see what the app is sending. I guess this approach is more tricky if you're not trying to see http/tls and/or you don't know what the app is using, anyways that's mainly how I'm operating right now, I hope it helps!
monkeywave
commented
1 week ago Hi,
thx for reporting this issue. Currently we are working in order to solve this issue. Actually when friTap is unable to get the ip from a socket it won't capture its traffic.
For now you have either two possibilities. First is to ignore this and let friTap use default socket values:
fritap -m --enable_default_fd --spawn -p <pcap_name.pcap> <target package>
The recommend solution would be to run friTap in a full packet capture mode and extract the TLS keys doing it:
fritap -m -p log24.pcap --full_capture --spawn --keylog <keylog_name.log> <target package>
That way you keep the original socket information. You still need to filter this PCAP because it will capture any traffic from your target device and therefore will contain more information as your target app.
I am looking to analyze an application on Android v14 "UpsideDownCake" and consistently receiving an "Only supporting IPv4/6 error.”
The following screenshots show an example of the output and the commands I am running.
Any help will be appreciated