Hello, I have the following setup: An Android Emulator which uses mitmproxy on localhost:8080 and mitmproxy is intercepting the SSL traffic by providing a custom certificate. This works. That means I can follow and analyze the intercepted SSL traffic in the mitmproxy console. What I would like to do now is to sniff the traffic between the Emulator and mitmproxy (which uses the spoof certificate) and then uses this certificate to decrypt the captured traffic. The problem is that there are a couple of things I am uncertain of. For example how do I filter for that traffic? I tried The next question is: how do I have to configure the SSL Decrypt in Wireshark? (Edit / Preferences / Protocols / SSL / RSA keys list) I am absolutely unsure as to what ...
... to use. In the mitmproxy certificates folder the following files are available:
I hope the question is not too long and confusing. I'll happily clarify if anything is unclear and am greatful for hints. Thanks asked 10 Feb '16, 03:47  Raffael1984 edited 10 Feb '16, 03:47 |
One Answer:
What I would like to do now is to sniff the traffic between the Emulator and mitmproxy (which uses the spoof certificate) and then uses this certificate to decrypt the captured traffic.
You likely have to capture from the loopback interface. Capturing from
See https://wiki.wireshark.org/SSL#SSL_dissection_in_Wireshark. The IP, port and protocol fields are not that important. You could set for example According to the mitmproxy docs, It can be much easier though to configure SSL Key log files instead, see http://mitmproxy.org/doc/dev/sslkeylogfile.html for instructions. answered 10 Feb '16, 04:13  Lekensteyn |
The loopback interface is not working. If I visit f.x. http://m.heise.de then (definitely) directly related packets are captured - but all of them are of type DNS and TCP handshakes. Otherwise I should be able to find HTML content by searching for text I see on the web site in the emulator (given that the communication is unencrypted in this example).