Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save LeeBrotherston/5cca4b372277d7c6a049b26f87544351 to your computer and use it in GitHub Desktop.
Save LeeBrotherston/5cca4b372277d7c6a049b26f87544351 to your computer and use it in GitHub Desktop.
PokemonGo TLS Handshake
Having analysed a sample PCAP of Pokemon Go traffic with FingerPrinTLS, you can see that it does not have a unique TLS fingerprint for detection. However....
The TLS Fingerprints do show us which libraries are probably used by the application
{ "timestamp": "2016-07-12 07:15:31", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "54.183.13.245", "src_port": 45578, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "stats.unity3d.com" }
{ "timestamp": "2016-07-12 07:15:45", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "54.241.32.26", "src_port": 32962, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "appload.ingest.crittercism.com" }
{ "timestamp": "2016-07-12 07:15:46", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "54.241.32.16", "src_port": 47967, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "api.crittercism.com" }
{ "timestamp": "2016-07-12 07:15:49", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "130.211.188.132", "src_port": 35251, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "pgorelease.nianticlabs.com" }
{ "timestamp": "2016-07-12 07:15:49", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "216.58.213.238", "src_port": 33748, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Google API Access", "server_name": "android.clients.google.com" }
{ "timestamp": "2016-07-12 07:15:50", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "130.211.188.132", "src_port": 56266, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "pgorelease.nianticlabs.com" }
{ "timestamp": "2016-07-12 07:15:50", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "130.211.188.132", "src_port": 43694, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "pgorelease.nianticlabs.com" }
{ "timestamp": "2016-07-12 07:15:51", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "37.58.73.190", "src_port": 41233, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "bootstrap.upsight-api.com" }
{ "timestamp": "2016-07-12 07:15:55", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "216.58.213.234", "src_port": 44017, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "play.googleapis.com" }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment