Any way to see TLS handshake messages between mobile client and server ?

Hi,
I would like to know is there a way we can see the TLS handshake messages exchanged between the client(android mobile client) and server?
I tried the client logging file, but it doesnt not log any handshake messages. Would wireshark help? Is there a way I can run wireshark on mobile client?
Thanks.
SystemAdmin - Tue Feb 12 11:48:10 EST 2013

Re: Any way to see TLS handshake messages between mobile client and server ?
Mathias Mamsch - Mon Feb 18 05:52:37 EST 2013

Why are you interested in the handshake messages? You want to develop your own mobile client? ;-)

You can always log traffic on your router. If you can setup a proxy for the mobile client, then you can probably also easily log traffic. You can also just let the mobile client connect to a port on some server, where you log and then forward the traffic to the real server. There is probably a lot of options to do this.

Regards, Mathias
Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS

Re: Any way to see TLS handshake messages between mobile client and server ?
SystemAdmin - Wed Mar 06 12:38:45 EST 2013

Hi Varun,

This approach should work. You can dump local tcp/ip traffic on an Android using the shark app. https://play.google.com/store/apps/details?id=lv.n3o.shark&hl=en
That probably will not provide all the detail you are looking for inside the TLS handshake. I would use a web proxy like the burp suite. http://portswigger.net/burp/ Use it as an SSL proxy and watch the clear text conversation inside the TLS tunnel.

Thanks,
Peter

Re: Any way to see TLS handshake messages between mobile client and server ?
Mathias Mamsch - Wed Mar 06 16:34:12 EST 2013

SystemAdmin - Wed Mar 06 12:38:45 EST 2013
Hi Varun,

This approach should work. You can dump local tcp/ip traffic on an Android using the shark app. https://play.google.com/store/apps/details?id=lv.n3o.shark&hl=en
That probably will not provide all the detail you are looking for inside the TLS handshake. I would use a web proxy like the burp suite. http://portswigger.net/burp/ Use it as an SSL proxy and watch the clear text conversation inside the TLS tunnel.

Thanks,
Peter

To see the clear text conversation of DOORS with the server you can also turn on logging. This way DOORS will even format the message nicely for you. I can't believe they did not change the client side authentication in DOORS 9.3, when they introduced that encryption. You still can see the Administrator password file inside the stream in case of a failed login... ts ts.

This will not give you information about the handshake, but I still would like to know why somebody would need that ;-)

Regards, Mathias
Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS