lawtancool
commented
2 years ago Yes, you need to inject a MITM cert in order to decrypt TLS traffic.
Closed kdkavanagh closed 2 years ago
lawtancool
commented
2 years ago Yes, you need to inject a MITM cert in order to decrypt TLS traffic.
kdkavanagh
commented
2 years ago Presumably you're using the C4 jailbreak approach to load the cert and then using that same cert to decode in Wireshark or something?
Appreciate the guidance on this.
lawtancool
commented
2 years ago I'm not sure what C4 jailbreak you're referring to, but in general you just want to look into packet capture of the iOS/Android Control4 apps.
Since I don't know what device you're using, and this topic is more in the field of mobile app pentesting, I think it would be better to search for resources on mobile app packet capture for your specific platform. Jailbreaking the Control4 director itself should not be necessary.
I'm looking to contribute some more controls to this library, namely media controls. I'm curious what tools you're using to reverse engineer the REST API? From looking at pcaps from the director, it looks like all the traffic is TLS encrypted - Do I need to inject a MITM cert to decode the packets to understand the protocol?