Can't capture HTTPS traffic on iOS from app with SSL pinning

3 posts, 0 answers
  1. Andri
    Andri avatar
    1 posts
    Member since:
    Jan 2016

    Posted 27 Jan Link to this post

    I'm trying to capture traffic from iOS Facebook.app. Because it uses SSL pinning I have jailbroken iOS 7.1 with installed ssl-kill-swithch-2 https://github.com/nabla-c0d3/ssl-kill-switch2 v0.7 on my iPad 3. Everything works just fine with some other apps - I'm able to capture https traffic from itunes account login (which also has ssl pinning), ios system facebook account login (SSO) and event few initial requests from Facebook.app (login/config/SSO login). But later Fiddler stops decryption and I see such messages in fiddler and ios log console: 

    !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=graph.facebook.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).

    iPad Facebook[1050] <Notice>: MS:Notice: Injecting: com.facebook.Facebook [Facebook] (847.24)
    iPad Facebook[1050] <Notice>: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SSLKillSwitch2.dylib
    iPad Facebook[1050] <Warning>: === SSL Kill Switch 2: Preference set to 1.
    iPad Facebook[1050] <Warning>: === SSL Kill Switch 2: Subtrate hook enabled.
    iPad backboardd[676] <Error>: HID: The 'Passive' connection 'Facebook' access to protected services is denied.

    My current configuration for sert generation is (I was trying to use some default engine but with no success at all) -
    Certificate Engine: BCCertMaker.BCCertMaker
    Engine Version: 1.5.1.1

    ValidFrom: 7 days ago
    ValidFor: 2 years
    HashAlg: SHA256WITHRSA
    KeyLen: 2048
    RootKeyLen: 2048
    ReuseServerKeys: True

    That's successfull handshake when https decryption is off 

    A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.3 (TLS/1.2)
    Random: 63 1C 6F F3 F4 30 30 C6 C4 9F 4E 89 E2 3C FF 72 DD F2 B0 8F 5E 63 B3 9C 17 44 A5 36 C3 D7 63 48
    "Time": 6/3/2099 7:47:31 AM
    SessionID: empty
    Extensions: 
    server_name graph.facebook.com
    ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
    elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
    SessionTicket empty
    signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
    NextProtocolNego empty
    ALPN spdy/3.1-fb-0.5, spdy/3.1, spdy/3, http/1.1
    Ciphers: 
    [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [00A5] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [00A3] TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    [00A1] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    [006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    [0069] TLS_DH_RSA_WITH_AES_256_CBC_SHA256
    [0068] TLS_DH_DSS_WITH_AES_256_CBC_SHA256
    [0039] TLS_DHE_RSA_WITH_AES_256_SHA
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0037] TLS_DH_RSA_WITH_AES_256_SHA
    [0036] TLS_DH_DSS_WITH_AES_256_SHA
    [C032] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02E] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02A] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    [C026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    [C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    [C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    [009D] TLS_RSA_WITH_AES_256_GCM_SHA384
    [003D] TLS_RSA_WITH_AES_256_CBC_SHA256
    [0035] TLS_RSA_AES_256_SHA
    [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [00A4] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [00A2] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    [00A0] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    [0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    [003F] TLS_DH_RSA_WITH_AES_128_CBC_SHA256
    [003E] TLS_DH_DSS_WITH_AES_128_CBC_SHA256
    [0033] TLS_DHE_RSA_WITH_AES_128_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [0031] TLS_DH_RSA_WITH_AES_128_SHA
    [0030] TLS_DH_DSS_WITH_AES_128_SHA
    [C031] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02D] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
    [C025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
    [C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    [C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    [009C] TLS_RSA_WITH_AES_128_GCM_SHA256
    [003C] TLS_RSA_WITH_AES_128_CBC_SHA256
    [002F] TLS_RSA_AES_128_SHA
    [C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
    [C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    [C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
    [C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    [0005] SSL_RSA_WITH_RC4_128_SHA
    [0004] SSL_RSA_WITH_RC4_128_MD5
    [C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    [C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    [0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [0010] SSL_DH_RSA_WITH_3DES_EDE_SHA
    [000D] SSL_DH_DSS_WITH_3DES_EDE_SHA
    [C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    [C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA
    [0015] SSL_DHE_RSA_WITH_DES_SHA
    [0012] SSL_DHE_DSS_WITH_DES_SHA
    [000F] SSL_DH_RSA_WITH_DES_SHA
    [000C] SSL_DH_DSS_WITH_DES_SHA
    [0009] SSL_RSA_WITH_DES_SHA
    [00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

    Compression: 
    [00] NO_COMPRESSION


    HTTP/1.1 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 09:06:07.630
    Connection: close

    This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
    To view the encrypted sessions inside this tunnel, enable the Tools > Fiddler Options > HTTPS > Decrypt HTTPS traffic option.

    A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.3 (TLS/1.2)
    SessionID: empty
    Random: 02 36 8B 0A 1E C9 E6 9D E9 79 7A 9A AC 58 F4 07 B8 E8 0E 82 F1 30 99 07 E2 73 DE 65 8F 62 13 69
    Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [0xC02B]
    CompressionSuite: NO_COMPRESSION [0x00]
    Extensions:
    server_name empty
    renegotiation_info 00
    ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
    SessionTicket empty
    ALPN spdy/3.1-fb-0.5


    That's handshake when https description is on and nothing is working
    A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

    Version: 3.3 (TLS/1.2)
    Random: 2F 1E F8 40 97 85 8E 3D B2 B4 AE D2 94 2A C0 F3 D7 83 74 27 73 C5 2A 81 2C 79 CE C9 30 9F E0 8E
    "Time": 7/16/2004 9:27:59 PM
    SessionID: F5 62 B7 87 EB 10 5E F8 CB 94 A0 0F 1E 20 65 C5 1E F7 E2 56 D0 DC 2F CE 75 F5 EE 95 18 78 66 30
    Extensions: 
    server_name graph.facebook.com
    ec_point_formats uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2  [0x2]
    elliptic_curves secp256r1 [0x17], secp521r1 [0x19], unknown [0x1C), unknown [0x1B), secp384r1 [0x18], unknown [0x1A), secp256k1 [0x16], sect571r1 [0xE], sect571k1 [0xD], sect409k1 [0xB], sect409r1 [0xC], sect283k1 [0x9], sect283r1 [0xA]
    SessionTicket 95 4E 45 70 72 EA 25 5C 5D DA A5 42 D4 66 52 F7 96 E8 65 71 CB A1 71 49 8E 02 CD 4F E1 95 FF 99 16 68 E5 3E 6D 0B 30 BB 79 A2 E9 54 C1 0C F0 41 04 5E 30 9F 98 58 69 7B 9D 26 77 32 0E E3 7F 90 7F 1E 99 9E 45 52 10 90 30 F1 8F 4D D3 C3 DD 72 F4 60 E3 CC 61 50 4E 5C A8 49 6D 0C 75 24 C2 2A 5F 1B BC 32 DD C1 BE 61 71 75 06 C5 E2 A7 17 BD 70 75 19 72 6F 15 2D C5 CD D3 B4 36 9B EF 9B DE AF 61 AE 3C 60 B7 28 F5 92 4D 53 DD DB E6 90 DB 35 43 10 86 17 B3 69 CB CC 57 CF 58 17 11 58 AF 80 30 D4 CC 81 16 5F 0F 0F 42 01 63 68 84 54 3A 4F 59 61 E7 F4 63 C3 C4 10 D5 67 8D 34 C1 3E 23
    signature_algs sha512_rsa, sha512_dsa, sha512_ecdsa, sha384_rsa, sha384_dsa, sha384_ecdsa, sha256_rsa, sha256_dsa, sha256_ecdsa, sha224_rsa, sha224_dsa, sha224_ecdsa, sha1_rsa, sha1_dsa, sha1_ecdsa
    NextProtocolNego empty
    ALPN spdy/3.1-fb-0.5, spdy/3.1, spdy/3, http/1.1
    Ciphers: 
    [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    [C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
    [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    [00A5] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [00A3] TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    [00A1] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    [006B] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    [0069] TLS_DH_RSA_WITH_AES_256_CBC_SHA256
    [0068] TLS_DH_DSS_WITH_AES_256_CBC_SHA256
    [0039] TLS_DHE_RSA_WITH_AES_256_SHA
    [0038] TLS_DHE_DSS_WITH_AES_256_SHA
    [0037] TLS_DH_RSA_WITH_AES_256_SHA
    [0036] TLS_DH_DSS_WITH_AES_256_SHA
    [C032] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02E] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02A] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    [C026] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    [C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    [C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    [009D] TLS_RSA_WITH_AES_256_GCM_SHA384
    [003D] TLS_RSA_WITH_AES_256_CBC_SHA256
    [0035] TLS_RSA_AES_256_SHA
    [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
    [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    [00A4] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [00A2] TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    [00A0] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    [0067] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    [003F] TLS_DH_RSA_WITH_AES_128_CBC_SHA256
    [003E] TLS_DH_DSS_WITH_AES_128_CBC_SHA256
    [0033] TLS_DHE_RSA_WITH_AES_128_SHA
    [0032] TLS_DHE_DSS_WITH_AES_128_SHA
    [0031] TLS_DH_RSA_WITH_AES_128_SHA
    [0030] TLS_DH_DSS_WITH_AES_128_SHA
    [C031] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C02D] Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
    [C029] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
    [C025] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
    [C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    [C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    [009C] TLS_RSA_WITH_AES_128_GCM_SHA256
    [003C] TLS_RSA_WITH_AES_128_CBC_SHA256
    [002F] TLS_RSA_AES_128_SHA
    [C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
    [C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    [C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
    [C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    [0005] SSL_RSA_WITH_RC4_128_SHA
    [0004] SSL_RSA_WITH_RC4_128_MD5
    [C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    [C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    [0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
    [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
    [0010] SSL_DH_RSA_WITH_3DES_EDE_SHA
    [000D] SSL_DH_DSS_WITH_3DES_EDE_SHA
    [C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    [C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
    [000A] SSL_RSA_WITH_3DES_EDE_SHA
    [0015] SSL_DHE_RSA_WITH_DES_SHA
    [0012] SSL_DHE_DSS_WITH_DES_SHA
    [000F] SSL_DH_RSA_WITH_DES_SHA
    [000C] SSL_DH_DSS_WITH_DES_SHA
    [0009] SSL_RSA_WITH_DES_SHA
    [00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV

    Compression: 
    [00] NO_COMPRESSION


    HTTP/1.1 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 09:12:01.913
    Connection: close


    I'm wonderying how to solve this issue and where this problem come from?

  2. EricLaw
    EricLaw avatar
    67 posts
    Member since:
    Oct 2012

    Posted 30 Jan in reply to Andri Link to this post

    Unfortunately, it's not really possible to say where exactly the problem lies.

    This:

    !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=graph.facebook.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).

     

    ... indicates that when Fiddler returned its generated certificate to the client application, that client application returned a TLS Fatal Alert (code 0x30) complaining that the root certificate authority isn't trusted.

    As to why that would happen, it's hard to say; it's possible that this application is using multiple network stacks and only some of them have been intercepted by the SslKillSwitch tool.

    Beyond running the killswitch tool, have you installed the Fiddler root certificate on the device in question?

     

  3. Francis
    Francis avatar
    1 posts
    Member since:
    Apr 2016

    Posted 22 Apr Link to this post

    I have the same problem. I have installed Fiddler's certificate to the iOS device. I can see it under Profiles but I see the same error when I use the native iOS Facebook app or Apple's App Store app.
Back to Top