- Peter Peerdeman
While trying to reverse engineer some https calls being made from an android app I remembered a tool in the Kali security toolkit that setup a "man-in-the-middle" attack for https traffic using arpspoofing. Since we control the android phone in question, we don't have to perform any arpspoofing but we can just configure our workstation as a proxy, manually trust our own SSL certificate, decrypt the traffic and send it through to the original server using the original SSL certificate without the original server ever knowing about it.
setup Charles and get the home made SSL certificate
- Install the Charles proxy https://www.Charlesproxy.com
- Check your network ip address using
ifconfigor equivalent, and ensure your firewalls are turned off
- Start Charles, and go to proxy / ssl proxy settings
- add host
- Export the Charles root certificate through
help / SSL Proxying / Export Charles Root Certificate
trust the home made SSL certificate on android device
- go to the directory you exported the certificate to
- run a tool such as
http-serveron mac to host a file-server
- use android device to go to the webserver
- install and trust the certificate on android device
configure proxy on android device
- on the android device, go to wifi connection / modify network
- go to advanced options
- configure "proxy manual"
- fill hostname with workstation ip address
- fill port 8888
you can now start Charles and watch the decrypted SSL traffic to debug or reverse engineer your application!