我一直在阅读很多关于嗅探WhatsApp流量的内容,而且我已经知道它已经过了ssl。 但是我需要知道是否有什么方法来解密这个ssl流量,一旦我不知道什么是whatsapp用于加密的私钥。
那么我怎么能发现哪个证书被使用或者是否存在另一种解密这些消息的方式?
我不想阅读任何人的聊天记录,我的意图是通过网络实现协议消息。 为了理解,进行反向工程并为个人工作目的制定简单的JAVA API。
我正在使用wireshark读取ssl流量。
I've been reading a lot of things about sniffing whatsapp traffic and I already know is over ssl. But I need to know if is there any way to decrypt this ssl traffic once I dont know what is the private key that whatsapp is using for encrypting.
So how could I discover which certificate is being used or whether exists another way to decrypt those messages?
I dont want to read anybody's chats, my intention is really se the protocols messages through the network. To understand, make a reverse engineering and elaborate a simple JAVA api to personal job purposes.
I'm using wireshark to read the ssl traffic.
最满意答案
您可以尝试使用代理软件进行Man-in-the-the-middle攻击,该代理软件可能会生成虚假的SSL证书,但它不会始终有效。 其中一些应用程序使用证书锁定来防止这种类型的攻击。
HTTP代理: http://fiddler2.com/get-fiddler 如果应用程序允许,该软件会生成一个明显的假证书,您可以接受该证书。
证书锁定: https://security.stackexchange.com/questions/29988/what-is-certificate-pinning
You can try a Man-in-the-middle attack using a proxy software that can generate a fake SSL cert, but it won't always work. Some of these apps using certificate pinning to prevent exactly this type of attack.
HTTP proxy: http://fiddler2.com/get-fiddler This software generates a obvious fake cert that you are able to accept if the app will allow.
Certificate Pinning: https://security.stackexchange.com/questions/29988/what-is-certificate-pinning
更多推荐
发布评论