SSL Decryption - .rsa file

[Jishaxe]

Hello everyone!
I post here today to request a little help.
I am planning on writing a bot with Pascal. When I say bot I mean it's software that connects to a service and automates tasks that the user would usually carry out.

I am writing this bot to work with an app on the Android platform (I mean the service is accessed by the app on Android, the software I'm making will be on desktop)

Unfortunately, the service does not have a bot API, so I am trying to write the bot by recreating the traffic between the app and the server so the server thinks it's just the client interacting with it.

So a member of my team started sniffing the packets sent between his phone and the internet while certain tasks where being done on the app with Wireshark. We pinpointed the server for the app.

Then we ran into a problem that has stumped us. All the packets between the client and server were encrypted! Digicert SSL.
None of us have any experience and little knowledge about SSL, but we did some rooting around in the app's APK and found a CERT.RSA file. We are not completely sure what it is but we THINK that it might be either the public or private key for the SSL. It appears to be encrypted, it looked like binary, opening it up in a text viewer gave us loads of seemingly random characters.

So, I would like to gain access to (with Wireshark I guess) the plain, decrypted data that is being sent/recieved by the client/server so it can be recreated with my bot software, and also I would like to know how to do whatever I need to do with my networking framework (LNet) so the server still thinks it's the normal app exchanging data with it, I guess I would need to encrypt what the bot software sends out.

Is this possible? What do I need?
All I have right now is the CERT.RSA file, I hope that'll be enough. If I need anything else can you tell me where it could be located (if I can get it at all)

I'm all rusty with the SSL and some of the networking stuff, so please try to explain clearly

Thank you very much in advance!
I attach the CERT.RSA file, but I changed the extension to .txt so I could attach it C:

[felipemdc]

Nearly everyone that deals with encryption uses OpenSSL ... so I would recommend using it. There are bindings for OpenSSL in Free Pascal. Just check the functions.

I used it once, but don't remember anymore which functions one should use.

[Jishaxe]

Thank you for the reply.

I have OpenSLL, I just would like to know whether it is possible to decrypt the traffic with what I have right now, a binary .rsa file. And if not, where/if I can find whatever I need.

[BigChimp]

I don't think so. The android app probably encrypts the stuff before sending it over the wire.

You'd need a man in the middle, an SSL proxy. The app needs to connect to the proxy, the proxy decrypts, and re-encrypts and forwards it to the real address.
Then you can use the proxy to decrypt.

Might be mistaken though...

[Jishaxe]

But will the .rsa file suffice for decrypting the traffic?

[BigChimp]

No.

I'm sure I'm not the most knowledgeable about SSL, but IIRC, a session key is generated each time an SSL session is set up. You'd have to know the session key.

Better ask somebody who really knows this stuff though.

[Jishaxe]

Right. Okay. So how do you think the application knows this session key then? Does the algorithm (or whatever) is used to generate it match the servers? Is it hard coded? How do I get access to the key without asking the developer of the app? Is it possible to?

[BigChimp]

No.

Better ask somebody who really knows this stuff though.

I'd suggest finding out how SSL works yourself instead of repeating more or less the same question 

[Jishaxe]

Alright, thanks for the help.