Closed dev7machine closed 1 year ago
Hi,
thx for reporting this issue. Is it possible to share the target APK in order to reproduce the error in our dev environment?
@dev7machine which android version are you testing these apps on?
I have the same issue. I have Android 12 (MIUI 13.5) (arm64) Frida version 16.0.19 latest. My client is a debian 11. I'm testing telegram, I have the same issue on other apps.
./friTap.py -m -s --pcap test.pcap org.telegram.messenger
Start logging
spawning org.telegram.messenger
Press Ctrl+C to stop logging.
/home/user/friTap/friTap/_ssl_log.js
[*] Running Script on Android
[*] libssl.so found & will be hooked on Android!
[*] Android dynamic loader hooked.
Init watcher
INITIALIZED
/home/user/friTap
[*] Logging TLS plaintext as pcap to test.pcap
^C
Thx for using friTap
Have a nice day
ls -l test.pcap
-rw-r--r-- 1 user user 24 apr 29 08:39 test.pcap
pcap file is only 24 byte, is empty no packets
I tested on Android 9 x86 and works, I tested on Android 11 arm64 LineageOS 19.1 and doesn't work. Always the same version of frida and the same client.
I tried with Google Play Store on Android 11 (arm64 emulator) with similar results. tcpdump captures packets fine, and using this, for example, captures (some) keys:
frida -U --codeshare vadim-a-yegorov/universalkeylogger -f com.android.vending
Hi,
so I looked at the apps mentioned with friTap. One app has "anti-root" checks applied and therefore could not be started at all. Furthermore, both apps start their TLS communication via a forked process and therefore friTap has to be started with the parameter --enable_spawn_gating
.
Regarding LineageOS please make a new issue because the underlying TLS library could be something different. At least we never tested friTap on LineageOS.
Just to clarify:
--full_capture
means full packet capture with tcpdump therefore no plaintext pcap. To decrypt it the keys from -k <keylog>
can be used-p <pcap>
means we will only get a plaintext pcap with the plaintext data from the identified TLS traffic. -p <pcap>
feature won't work but you are still able to log the used keys with -k <keys>
which is using the same hooks as the universalkeylogger
-tool and much more.Depending on the app it still works on Android 13 although there are some apps where it doesn't work on Android.
So it actually depends on the used app and its used TLS library :-)
Because we were able to log the network traffic with the mentioned apps we will close this issue. If you still encounter the same problem feel free to reopen it.
Hi, I am trying to capture traffic and logs showing that tool is working fine but I am getting empty pcap file (24 bit size). I have tried 4-5 different mobile apps and none of them worked.
Tried latest friTap via pypi as well as cloned repo.
Tried two different frida-tool/server versions. Frida is working fine
pcap files