This utility uses frida in order to sniff plain SSL traffic. It is taken from google's logger https://github.com/google/ssl_logger which is ment to run locally.
Motified by Guy Kaplan to sniff the traffic of an external usb device.
https://www.frida.re/docs/ios/#with-jailbreak
Start
Cydiaand add Frida’s repository by going toManage->Sources->Edit-> Add and enterhttps://build.frida.re. You should now be able to find and install theFridapackage which lets Frida inject JavaScript into apps running on your iOS device. This happens over USB, so you will need to have your USB cable handy, though there’s no need to plug it in just yet.
You have to install frida first.
pip3 install frida frida-toolsSearch for the process you want to inject frida onto
frida-ps -Urun the command with
python3 ssl_logger.py [pid]Make sure your iDevice is connected using USB first.
First, I changed the line where it was using frida.attach to connect to frida to get the device to attach using USB (can be changed to ssh).
Then, it appears that iOS does not use libssl, I discoverd that by using frida-trace -i "*SSL*" -U and saw that the symbools come from a library called libboringssl, so i changed the line where it said libssl to libboringssl, the library itself has a very similar API as libssl, but lacks the call to get FD, (it should be there somewhere, with some name, but it was irrelavant for my need as it was only being used to get IP addresses and ports which I already knew), so I removed the call to SSL_get_fd function.
Then the tweak was ready to run :)