Thread replies: 19
Thread images: 5
Thread images: 5
File: wallpaper-318791.jpg (190KB, 1920x1080px) Image search:
[Google]
190KB, 1920x1080px
I hava started capturing packets to check traffic in my Galaxy 4 phone but some data going to google servers is encrypted with TLSv1. Is there some way to check whats inside?
Also do you have any knowledge what android phones usually send to google? I have noticed some packets sent to port 5228 to some "mtalk" servers. I have found that
>Port 5228 is used by the Google Playstore (Android market). Google talk also uses ports 443, 5222 and 5228. Google Chrome user settings sync (facorites, history, passwords) uses port 5228.
So it's either playstore or chrome but I want to know more. What's exactly inside?
There is also some traffic going to Samsung servers - my phone downloaded
http://svc-cf.spd.samsungdm.com/GT-I9515/XEO/version.xml
http://countries.epg.samsung.peel.com/countries/all
and sent POST messages to
devices.peel.com (only thing inside is some long userid)
pl-odc.samsungapps.com/ods.as (xml with some data about my phone)
What's this all about? Are there some sites/communites dedicated to keeping track of data sent/received from our machines to corporate servers?
>>
>Is there some way to check whats inside?
Get a cluster of super computers and crack the encryption
>Also do you have any knowledge what android phones usually send to google?
Everything
>>
>>59571930
>Get a cluster of super computers and crack the encryption
I was thinking more about some app to install to phone and perform some man in the middle attack or something.
>>
File: 1486283958224.jpg (935KB, 1351x2000px) Image search:
[Google]
935KB, 1351x2000px
bump
>>
>>59571976
Is the encryption is performed by some library, you could replace it with a library that does the same job but also dumps out the keys to some place so you can use then later.
Don't know if anyone bothered to write one though.
>>
File: ipv4header1.png (86KB, 756x375px) Image search:
[Google]
86KB, 756x375px
I thought that with /g/ obsession over privacy and botnets this thread would be a little more popular.
>>
>>59572576
Hm... maybe pulling symmetric key from Android Keystore (if possible) would help.
>>
File: 1488546210576.jpg (71KB, 550x550px) Image search:
[Google]
71KB, 550x550px
This thread is interesting. I don't know much about packet sniffing and doing MITM attacks though.
Bump
>>
>>59571930
I don't know anything about encryption, but if you do manage to crack the key (I assume it's impossible before the heat death of the universe so I'm just interested in knowing) then how much data would you be able to decrypt? Would every packet have a new key? Or is there some standard rotation like every month or every year there's a new key you'd need to decrypt?
>>
Op here
>>59573525
Thanks. As for packet sniffing all you need is wireshark. If you also want to capture all packets from WLAN and not only those coming in and out from local machine you also have to to switch you network card to promiscuous monitor mode.
>>59573600
I think this key is generated for every TCP session. So as long as TCP session is established all packets have the same key. And if you have two tabs in browser with google webpages they will be encrypted with different keys because every tab is separate socket. I'm not 100% sure though.
>>
>>59571878
fuck you are dumb
>>
>>59573731
I've never used wireshark, but I'll try doing it with some of my own devices some time. Thanks OP
>>
File: 1478675511609.jpg (54KB, 634x499px) Image search:
[Google]
54KB, 634x499px
>>59571878
Can't stop the botnet, kiddo.
next time don't use an OS made by an ADVERTISING COMPANY.
>>
fiddler with root certificate installed on device and proxy enabled and turned on
>>
>>59573898
Interesting, thanks. Although I fiddler license is freeware. From the open source alternatives I found https://mitmproxy.org/ looks good. I will try it.
>>
>>59571878
>touchwizz
>>
>>59572984
Everyone here willingly uses smartphones and other consumer technology without a second thought. They couldn't care less.
>>
>>59571878
Search Packet Capture by Grey Shirts - this does a MITM on-device.
>>
>>59574982
Awesome! That is exactly what I was hoping for.
Thread posts: 19
Thread images: 5
Thread images: 5