-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS keys and decrypted QUIC|HTTP/3 packets extraction with Cronet library #24
Comments
Hi, thx for this detailed issue. This helps in order to solve this :-) Currently we are working on other issues related to Android. It might that they have the same origin but for now we aren't sure about that. As soon as we fixed it or have further information about this issue we will note it here. |
Hi @monkeywave, sorry for the late reply. Thank you! We'll wait for you. Hopefully you find something soon. If you want me to try experimental versions or other apps don't hesitate to write me. |
Hi again @monkeywave, any news on this front? :D |
Hi, thx for reporting this issue - I started looking into it and it might that I discovered a solution for that. Is it possible for you to share your test Android application in order to test the working approach against it? Thx for your help :-) All the best Daniel |
Hey Daniel! Sure thing. I have uploaded just now the app and its source code here: https://github.com/STRAST-UPM/HTTP3URLGetter (just tested the apk on my personal phone; works as expected apart from the security warning). Just remember, I'm not an app developer, so structure and the code itself is very simple and not up to a proper standard :'D. Anything else you need, just tell me |
Hi again @monkeywave, just wanted to know how is it going. Have the app been helpful? Did the solution worked? Cheers, |
Hi Jose, thank you for your App—it has been instrumental in helping us identify the root cause of the issue. Our current challenge is identifying the relevant functions for hooking, especially without symbols. When working with QUIC, we need to hook into the OpenSSL library, which is statically linked against Cronet. This requires us to pinpoint and hook the appropriate functions. So right now we don't have a working solution :-/ We appreciate your patience as we work through this, and we will update this thread with any progress as soon as possible. All the best Daniel |
at least on Android it should be possible right now to hook even cronet. All the best Daniel |
Hi friTap devs. I'm analyzing QUIC traffic in Android apps for an university project. To do so, I developed a simple app that makes HTTP requests to an URL in order to have a controlled environment, and to do so I need to get the keys to decrypt to those packets, and I found this tool for that purpose, so I tried it.
The app uses the Cronet library (since it is the only one in Android that supports QUIC | HTTP/3) for the full HTTP client (I tried using OkHttp with a Cronet interceptor, but didn´t manage to get QUIC packets), using the latest version available (119.6045.31) as well as the GMS Play services for Cronet (version 18.0.1).
I was wondering if you know if the script has support of those protocols and library (underneath I think it uses OpenSSL or BoringSSL), or you know it's a bit problematic to get the keys.
This is the console traces when using it:
My testing device is this one:
Make: Xiaomi
Model: Redmi 8
OS version: MIUI 12 (Android 10)
To give you further info, I have tested it with Chrome and Cromite (a Chrome fork) with no luck too, BUT with the Ebay app i had luck:
Looking at the captured traffic I've seen that my app, Chrome and Cromite trades QUIC traffic (with TLS1.3), while Ebay seems to use TLS1.2, so that could be a reason (and, as you can see the script detects the same library in my app and in Ebay's).
Do you need any other info you may need?
Thanks in advance!
The text was updated successfully, but these errors were encountered: