Decrypt TLS traffic from mobile application

Question

Application IOS/Android has hidden API, so i want to decrypt his traffic to understand which https requests are sending.

I was trying capture packets from android emulator which i connected to mitmproxy, but "No connection" in the app. I guess certificates problems. I found Server Hello TLSv1.2 packet where from open certificates going, but i'm not sure what i can do with them.

Also i connected my iPhone to vpn and decrypted ESP traffic, but application's traffic still encrypted and i didn't see sending needed data from server to my phone...

This TLS connection using: tls_ecdhe_rsa_with_aes_256_cbc_sha

Question: Is it even possible to decrypt TLS 1.2 from Android or IOS anyways? Or maybe decrypt only https requests..?

Could provide any extra needed information

Answer 1

Decrypting the payload encrypted with TLS 1.2 is only possible if you get a hold of the private key of that API. Other possible approaches would be using MITM attack with proxies like Charles, the way it works by generating new CA root certificate that you manually install on your devices and then it proxy the connection by providing another certificate to the application pretending to be the API (this certificate is self signed with the CA root certificate you have to install manually)

Please note that the application might be using certificate pinning where the above approach would not work without reverse engineering the application and remove the certificate pinning code.