Michael

Asked: 2011-07-31 16:33:39 +0800 CST2011-07-31 16:33:39 +0800 CST 2011-07-31 16:33:39 +0800 CST

TCPDUMP , SSL , Android, SSL dump

772

I run an application on Android phone.

The application connects to a webservice via internet and I want to intercept the traffic between the application and the webservice.

The connection is http/ssl

I don't own the webservice server.

If I use tcpdump I cannot see the ssl traffic . It looks broken/encrypted.

1 Answers

Voted

Best Answer

womble
2011-07-31T23:46:43+08:002011-07-31T23:46:43+08:00
Without the SSL private key, dumping the traffic at any point isn't going to be fruitful. All you can do is trace the execution of the application on the phone (for which you'll need a jailbroken phone) to see what it's doing. Even then, it's not just a matter of tracing the write calls, you need to trace the calls to the SSL encryption routines. It's not trivial.
1

Web Analytics Made Easy - Statcounter