关于系统 about fritap HOT 3 OPEN

Hi,

thx for your interest in friTap. Unfortunately, I can't read your language. Please ask your question in English and I will try to answer it.

All the best

from fritap.

I think this project is very useful for analyzing traffic. I have initially reproduced the project on Ubuntu and captured the traffic of several Android applications. I have a few questions that I would like to ask:

1. After importing the secret key, it is true that there is a lot of http traffic in the traffic, but for most Chinese application software that I have analyzed, I can't actually see many useful operations in the decrypted traffic, such as what operations the user has performed. The specific plain text of the response body; what I see more is the acquisition of various resources in the request body, as well as the various device parameters of the response body and other irrelevant data, and then some hexadecimal bytes; I I would like to ask if you have analyzed the decrypted traffic packets? Is it consistent with my analysis? How can I improve this?
2. I read the project introduction and said that it can analyze Android and iOS applications. I want to know whether it can also be decrypted normally for mobile phones with Hongmeng operating system. Because I don’t have a Hongmeng mobile phone at hand, I haven’t tried it yet; compared with the Chinese market, Hongmeng system It also occupies a large part of the market;
3. Regarding improvements: My understanding of this project is to hook up the secret key for the ssl-read-write function. Can I add more ssl functions? Will this decrypt more content? Of course, this is just my preliminary opinion. idea;

thx！

from fritap.

Hi,

first of all thx for your interest in this project :)

Regarding your questions:

1. Well it always depends on the analyzed application. There might be several reasons for your results. In such cases it might be useful to do a full packet capture and for instance just try to decrypt the TLS streams inside this. Using the -k <keylog_file> you are able to get the keys with friTap.

2. Without ever analyzing or working with the Hongmeng operating system we are not able answer that question. So it depends if they are still using the SSL libraries as a normal Android operating system or not.

3. Sure if you add more SSL/TLS libraries it is very likely that friTap is able to provide a decrypted PCAP where it wasn't able in the past. The secrect key extraction differs on each SSL library. Therefore it might be the SSL-read/write function or another one.

from fritap.