Traffic is not being captured about fritap HOT 7 CLOSED

Hi,

so I looked at the apps mentioned with friTap. One app has "anti-root" checks applied and therefore could not be started at all. Furthermore, both apps start their TLS communication via a forked process and therefore friTap has to be started with the parameter --enable_spawn_gating.

Regarding LineageOS please make a new issue because the underlying TLS library could be something different. At least we never tested friTap on LineageOS.

Just to clarify:

• --full_capture means full packet capture with tcpdump therefore no plaintext pcap. To decrypt it the keys from -k <keylog> can be used
• -p <pcap> means we will only get a plaintext pcap with the plaintext data from the identified TLS traffic.
• sometimes -p <pcap> feature won't work but you are still able to log the used keys with -k <keys> which is using the same hooks as the universalkeylogger-tool and much more.

Depending on the app it still works on Android 13 although there are some apps where it doesn't work on Android.

So it actually depends on the used app and its used TLS library :-)

Because we were able to log the network traffic with the mentioned apps we will close this issue. If you still encounter the same problem feel free to reopen it.

from fritap.

Hi,

thx for reporting this issue. Is it possible to share the target APK in order to reproduce the error in our dev environment?

from fritap.

I have tried 4-5 different apps and none of them worked. Here is the one com.telenor.pakistan.mytelenor
PlayStore link

2nd One
io.maqsad

from fritap.

@dev7machine which android version are you testing these apps on?

from fritap.

I have the same issue.
I have Android 12 (MIUI 13.5) (arm64)
Frida version 16.0.19 latest.
My client is a debian 11.
I'm testing telegram, I have the same issue on other apps.

./friTap.py -m -s --pcap test.pcap org.telegram.messenger
Start logging
spawning org.telegram.messenger
Press Ctrl+C to stop logging.
/home/user/friTap/friTap/_ssl_log.js
[*] Running Script on Android
[*] libssl.so found & will be hooked on Android!
[*] Android dynamic loader hooked.
Init watcher
INITIALIZED
/home/user/friTap
[*] Logging TLS plaintext as pcap to test.pcap
^C

Thx for using friTap
Have a nice day

ls -l test.pcap 
-rw-r--r-- 1 user user 24 apr 29 08:39 test.pcap

pcap file is only 24 byte, is empty no packets

from fritap.

I tested on Android 9 x86 and works, I tested on Android 11 arm64 LineageOS 19.1 and doesn't work.
Always the same version of frida and the same client.

from fritap.

I tried with Google Play Store on Android 11 (arm64 emulator) with similar results. tcpdump captures packets fine, and using this, for example, captures (some) keys:

frida -U --codeshare vadim-a-yegorov/universalkeylogger -f com.android.vending

from fritap.