This utility uses frida in order to sniff plain SSL traffic. It is taken from google's logger https://github.com/google/ssl_logger which is ment to run locally.
Motified by Guy Kaplan to sniff the traffic of an external usb device.
https://www.frida.re/docs/ios/#with-jailbreak
Start
Cydia
and add Frida’s repository by going toManage
->Sources
->Edit
-> Add and enterhttps://build.frida.re
. You should now be able to find and install theFrida
package which lets Frida inject JavaScript into apps running on your iOS device. This happens over USB, so you will need to have your USB cable handy, though there’s no need to plug it in just yet.
You have to install frida first.
pip3 install frida frida-tools
Search for the process you want to inject frida onto
frida-ps -U
run the command with
python3 ssl_logger.py [pid]
Make sure your iDevice is connected using USB first.
First, I changed the line where it was using frida.attach
to connect to frida to get the device to attach using USB (can be changed to ssh).
Then, it appears that iOS does not use libssl
, I discoverd that by using frida-trace -i "*SSL*" -U
and saw that the symbools come from a library called libboringssl
, so i changed the line where it said libssl
to libboringssl
, the library itself has a very similar API as libssl
, but lacks the call to get FD, (it should be there somewhere, with some name, but it was irrelavant for my need as it was only being used to get IP addresses and ports which I already knew), so I removed the call to SSL_get_fd
function.
Then the tweak was ready to run :)