Ssl – TCPDUMP , SSL , Android, SSL dump

androidssltcpdump

I run an application on Android phone.

The application connects to a webservice via internet and I want to intercept the traffic between the application and the webservice.

The connection is http/ssl

I don't own the webservice server.

If I use tcpdump I cannot see the ssl traffic . It looks broken/encrypted.

Best Answer

Without the SSL private key, dumping the traffic at any point isn't going to be fruitful. All you can do is trace the execution of the application on the phone (for which you'll need a jailbroken phone) to see what it's doing. Even then, it's not just a matter of tracing the write calls, you need to trace the calls to the SSL encryption routines. It's not trivial.

Related Solutions

How to i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative

ngrep is very useful for this. Something as simple as

ngrep -W byline port 80

would work, but you can filter on the content of the requests too (hence the grep part of the name), and it prints out the packet payload:

ngrep -W byline some_string port 80

Openvpn – VPN connection between Endian firewall and Android phones

I have my Android connected to a SonicWall appliance using IPSec. I have not been asked for user name and password when connecting, but I have to enter a password to protect the PSK. Did you happen to enable the L2TP password on the phone? This option should be left unchecked if you do not have an L2TP enabled firewall.

EDIT
I had a look at the setup on the firewall, and I could see that XAuth was configured for logging in. Not sure if this is supported by edian, but you should check.