Topic
3 replies Latest Post - ‏2013-03-06T21:34:12Z by Mathias Mamsch
SystemAdmin
SystemAdmin
3180 Posts
ACCEPTED ANSWER

Pinned topic Any way to see TLS handshake messages between mobile client and server ?

‏2013-02-12T16:48:10Z |
Hi,
I would like to know is there a way we can see the TLS handshake messages exchanged between the client(android mobile client) and server?
I tried the client logging file, but it doesnt not log any handshake messages. Would wireshark help? Is there a way I can run wireshark on mobile client?
Thanks.
Updated on 2013-03-06T21:34:12Z at 2013-03-06T21:34:12Z by Mathias Mamsch
  • Mathias Mamsch
    Mathias Mamsch
    1911 Posts
    ACCEPTED ANSWER

    Re: Any way to see TLS handshake messages between mobile client and server ?

    ‏2013-02-18T10:52:37Z  in response to SystemAdmin
    Why are you interested in the handshake messages? You want to develop your own mobile client? ;-)

    You can always log traffic on your router. If you can setup a proxy for the mobile client, then you can probably also easily log traffic. You can also just let the mobile client connect to a port on some server, where you log and then forward the traffic to the real server. There is probably a lot of options to do this.

    Regards, Mathias

    Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS
  • SystemAdmin
    SystemAdmin
    3180 Posts
    ACCEPTED ANSWER

    Re: Any way to see TLS handshake messages between mobile client and server ?

    ‏2013-03-06T17:38:45Z  in response to SystemAdmin
    Hi Varun,

    This approach should work. You can dump local tcp/ip traffic on an Android using the shark app. https://play.google.com/store/apps/details?id=lv.n3o.shark&hl=en
    That probably will not provide all the detail you are looking for inside the TLS handshake. I would use a web proxy like the burp suite. http://portswigger.net/burp/ Use it as an SSL proxy and watch the clear text conversation inside the TLS tunnel.

    Thanks,
    Peter
    • Mathias Mamsch
      Mathias Mamsch
      1911 Posts
      ACCEPTED ANSWER

      Re: Any way to see TLS handshake messages between mobile client and server ?

      ‏2013-03-06T21:34:12Z  in response to SystemAdmin
      To see the clear text conversation of DOORS with the server you can also turn on logging. This way DOORS will even format the message nicely for you. I can't believe they did not change the client side authentication in DOORS 9.3, when they introduced that encryption. You still can see the Administrator password file inside the stream in case of a failed login... ts ts.

      This will not give you information about the handshake, but I still would like to know why somebody would need that ;-)

      Regards, Mathias

      Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS