monkeywave
commented
1 year ago Hi,
thx for reporting this issue. Is it possible to share the target APK in order to reproduce the error in our dev environment?
Closed dev7machine closed 1 year ago
monkeywave
commented
1 year ago Hi,
thx for reporting this issue. Is it possible to share the target APK in order to reproduce the error in our dev environment?
dev7machine
commented
1 year ago 
Aniketh01
commented
1 year ago @dev7machine which android version are you testing these apps on?
mywalkb
commented
1 year ago I have the same issue. I have Android 12 (MIUI 13.5) (arm64) Frida version 16.0.19 latest. My client is a debian 11. I'm testing telegram, I have the same issue on other apps.
./friTap.py -m -s --pcap test.pcap org.telegram.messenger
Start logging
spawning org.telegram.messenger
Press Ctrl+C to stop logging.
/home/user/friTap/friTap/_ssl_log.js
[*] Running Script on Android
[*] libssl.so found & will be hooked on Android!
[*] Android dynamic loader hooked.
Init watcher
INITIALIZED
/home/user/friTap
[*] Logging TLS plaintext as pcap to test.pcap
^C
Thx for using friTap
Have a nice dayls -l test.pcap
-rw-r--r-- 1 user user 24 apr 29 08:39 test.pcappcap file is only 24 byte, is empty no packets
mywalkb
commented
1 year ago I tested on Android 9 x86 and works, I tested on Android 11 arm64 LineageOS 19.1 and doesn't work. Always the same version of frida and the same client.
konsumer
commented
1 year ago I tried with Google Play Store on Android 11 (arm64 emulator) with similar results. tcpdump captures packets fine, and using this, for example, captures (some) keys:
frida -U --codeshare vadim-a-yegorov/universalkeylogger -f com.android.vendingHi,
so I looked at the apps mentioned with friTap. One app has "anti-root" checks applied and therefore could not be started at all. Furthermore, both apps start their TLS communication via a forked process and therefore friTap has to be started with the parameter --enable_spawn_gating.
Regarding LineageOS please make a new issue because the underlying TLS library could be something different. At least we never tested friTap on LineageOS.
Just to clarify:
--full_capture means full packet capture with tcpdump therefore no plaintext pcap. To decrypt it the keys from -k <keylog> can be used-p <pcap> means we will only get a plaintext pcap with the plaintext data from the identified TLS traffic. -p <pcap> feature won't work but you are still able to log the used keys with -k <keys> which is using the same hooks as the universalkeylogger-tool and much more.Depending on the app it still works on Android 13 although there are some apps where it doesn't work on Android.
So it actually depends on the used app and its used TLS library :-)
Because we were able to log the network traffic with the mentioned apps we will close this issue. If you still encounter the same problem feel free to reopen it.
Hi, I am trying to capture traffic and logs showing that tool is working fine but I am getting empty pcap file (24 bit size). I have tried 4-5 different mobile apps and none of them worked.
Tried latest friTap via pypi as well as cloned repo.
Tried two different frida-tool/server versions. Frida is working fine
pcap files