It's possible to use a non-jailbroken device if you can include Frida’s libraries in the app - either via debugging an app you own, or repackaging someone else’s app and injecting the dylib.Īs I want to decrypt Safari’s traffic I’m sticking with the Jailbroken phone. I’m testing with a Jailbroken iPhone 5S running iOS12.4.3, with Frida installed from Cydia.
WIRESHARK HTTPS MAC CODE
Extracting TLS Keys and Decrypting iOS Trafficįrida describes itself as a “dynamic instrumentation toolkit”, it injects a JavaScript VM into applications and we can write JS code that runs in that VM and can inspect memory and processes, intercept functions, create our own native functions etc. To decrypt the packets we need the matching TLS keys, Chrome and Firefox will provide these when the SSLKEYLOGFILE environment variable is set but unfortunately there seems to be no equivalent for Safari.įortunately thanks to tools like Frida, we have the ability to implement it ourselves. I’ve filtered the capture to just display the traffic to and from But as the traffic is encrypted using TLS 1.2 we can’t see the contents of the packets. You should see a screen something like this: