|
|
|
|
|
|
by benmmurphy
2107 days ago
|
|
|
With IOS I’ve used the keylog strategy and it is very effective. IOS uses boringssl and the library calls a function to log the secret but this function never does anything normally. However, you can either trampoline this function to log the secret or modify the ssl context to add your own logger function. This is all public knowledge and you can find Frida scripts that will dump the TLS secrets. |
|
|