Advance declaration
There are some questions about android app traffic
How to capture app traffic on Android
But them aims are capture not capture and decrypt
I want to decrypt Android app(called seat) TLS traffic
I have Windows 10 Pro, Android 8.0(rooted with full iptables supported)
seat use TLS connections with 202.194.76.30:8443, I don't know which application layer protocol it used.
Maybe it uses HTTP (I used httpie cli to test API, http --verify no https://seat.ujn.edu.cn:8443/auth/signIn, response is http)
But i'm very sure it uses TLS
My solution is:
- force seat uses http proxy, I use ProxyDroid to do this, it convert any tcp connections to http proxy(http CONNECT)
- ProxtDroid redirects app traffic to my PC(192.168.137.1) where mitmproxy listen on 9090
- mitmproxy dump out all TLS
master keytomitsslog.logusingMITMPROXY_SSLKEYLOGFILEenv variable - I use wireshark to decrypt TLS, read TLS master key from
mitsslog.log
But problem is seat don't use proxy
I use tcpdump on android to capture all traffic to 202.194.76.30, as you can see, seat app don't use my proxy!
I can capture android app traffic, but cannot decrypt it.
Here are android nat tables
My ProxyDroid configuration
I have searched three days, I have read all docs on mitmproxy.
None of them works. The only way left is ask for stackoverflow-ers helps.
mitmproxy tell me you can use transparent, but Windows 10 don't support netsh routing function. so I cannot use NAT
I tried use virtualbox, but I'm using hyper-v because of Docker for Windows. I cannot use another virtual technology
I come here to ask for your help. I will try give you more detail if you could help me
:)
