陜西企業(yè)營(yíng)銷(xiāo)型網(wǎng)站建設(shè)市場(chǎng)調(diào)研方法有哪些
先講一下有這篇文章的背景吧,在使用安卓手機(jī)+fiddler抓包時(shí),即使信任了證書(shū),并且手機(jī)也安裝了證書(shū),但是還是無(wú)法捕獲https請(qǐng)求的問(wèn)題,最開(kāi)始不知道原因,后來(lái)慢慢了解到現(xiàn)在有的app為了防止抓包,把證書(shū)放在了app應(yīng)用里面(稱(chēng)為證書(shū)綁定(也稱(chēng)作SSL pinning)的技術(shù)),這樣就導(dǎo)致即使手機(jī)信任了fiddler的證書(shū),也會(huì)導(dǎo)致無(wú)法抓取到https請(qǐng)求。
在網(wǎng)上看到了帖子,說(shuō)可以先將手機(jī)root,然后將證書(shū)安裝到root之后的手機(jī)系統(tǒng)證書(shū)里面,所以就按照這個(gè)思路開(kāi)始了手機(jī)root之旅。
一、安卓手機(jī)root
我只有一個(gè)多年未用的redmi note手機(jī),所以就以這個(gè)說(shuō)明,借鑒了B站UP主Good_idea的視頻:
2021安卓手機(jī)root?不要到處找了,看這一個(gè)就夠了,刷面具 刷Magisk獲得root_嗶哩嗶哩_bilibili?
不要找了!B站最純凈的,小米root刷面具root教程科普視頻_嗶哩嗶哩_bilibili
感覺(jué)講的很詳細(xì),請(qǐng)大家自己觀看操作,刷機(jī)這里我也不是很懂。
二、root之后還是無(wú)法捕獲 https請(qǐng)求
手機(jī)root之后,按照把 charles,Fiddler 證書(shū)安裝到安卓根目錄,解決安卓微信 7.0 版本以后安裝證書(shū)也無(wú)法抓包問(wèn)題,需要 root - 寵你的鑫 - 博客園
這個(gè)貼的說(shuō)明來(lái)操作,但是執(zhí)行?
adb root
執(zhí)行這個(gè)命令之后,報(bào)錯(cuò)如下:
adbd cannot run as root in production builds
于是又在網(wǎng)上搜各種解決方法,有說(shuō)要下載超級(jí)adb.apk的(adbd-insecure.apk)帖子鏈接如下:
Android問(wèn)題adb cannot run as root in production builds解決_adbd cannot run as root in production builds-CSDN博客
但是這個(gè)方法對(duì)我無(wú)效果。也有說(shuō)通過(guò)adb shell切換root權(quán)限的
adb shell
su
但是這種方法獲取到root權(quán)限之后,還是不能重新掛載/system目錄,并且看到有帖子說(shuō)現(xiàn)在安卓12都是動(dòng)態(tài)分區(qū),修改/system掛載方式已經(jīng)行不通了。
然后網(wǎng)上看到這個(gè)貼子,有人說(shuō)可以,但是感覺(jué)帖子里面缺相關(guān)文件,所以也沒(méi)有去試過(guò):[Closed] Universal SystemRW / SuperRW feat. MakeRW / ro2rw (read-only-2-read/write super partition converter) | XDA Forums
?也就是說(shuō)想通過(guò)修改/system目錄掛載方式為讀寫(xiě)方式,估計(jì)很難實(shí)現(xiàn)了,這時(shí)候已經(jīng)弄了很久了,打算放棄了,但是又不甘心,后面又看到一個(gè)帖子說(shuō)可以通過(guò)magisk方式模擬之前直接修改/system目錄掛載方式的方法:
帖子鏈接:https://blog.chara.pub/2022/09/15/fiddler-android-cacert/
為防止以后帖子失效,將內(nèi)容復(fù)制一份出來(lái):
安卓7和以上,https抓包需要將ca證書(shū)安裝為系統(tǒng)證書(shū),即把pem格式的證書(shū)放到/system/etc/security/cacerts/<證書(shū)hash>.0
路徑。部分手機(jī)可能有限制,無(wú)法修改system分區(qū),可以用magisk模塊的方式不修改system分區(qū)安裝系統(tǒng)證書(shū)。
注意,安裝magisk一般需要手機(jī)可以解鎖bootloader。
-
如果證書(shū)是cer格式,轉(zhuǎn)換成pem格式
openssl x509 -inform DER -in FiddlerRoot.cer -out FiddlerRoot.pem
-
讀取證書(shū)hash,將證書(shū)文件名改為”<hash>.0”
$ openssl x509 -inform PEM -subject_hash_old -in FiddlerRoot.pem 0725b47c -----BEGIN CERTIFICATE----- MIIDyTCCArGgAwIBAgIQAItdUx/5OTFKbUpO3rGMnTANBgkqhkiG9w0BAQsFADB9 MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMSEw HwYDVQQKDBhQcm9ncmVzcyBUZWxlcmlrIEZpZGRsZXIxKzApBgNVBAMMIkZpZGRs ZXIgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjQxMTA0MTYwMDAwWhcN MzQxMTEyMTUyMzExWjB9MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cu ZmlkZGxlcjIuY29tMSEwHwYDVQQKDBhQcm9ncmVzcyBUZWxlcmlrIEZpZGRsZXIx
上面的輸出結(jié)果第一行是幾個(gè)數(shù)字,將原FiddlerRoot.pem文件重命名為0725b47c.0為名
$ cp FiddlerRoot.pem 0725b47c.0
FiddlerRoot.pem這個(gè)文件就是從fiddler中導(dǎo)出的文件,可能名字不一樣,根據(jù)自己的名字進(jìn)行修改:
-
下載這個(gè)magisk模塊模板。
echo 'UEsDBBQAAAAIAEg7LlVJNhk5yQQAAIUPAAAJAAAAY29uZmlnLnNozVdrb9MwFP2eX3EZSDxUtvGWKkAqbIhJjFZrQeJT5SY3jSGxg+20K4j/zrHj9DEQD4lKeN3mOL733HN9H+71vY0EP3Qu5tJ+wmS2Iqfrj7pQywaP+EwKaQkfQY6ruhSO6YusKdeGMl5wqWs21ivZ29irak/xTFlnmtRJrWy/Xbp3SKNSpEwr3RjKZclwgnKa7MrCD6BfZmzoVsYlwyOuYKr9/sKvtwK3oeb+Ib2SZQnRVlGls6bkm15XroPCuHRYG11D4MEhvdQql/PGtFotOyfV3EvgWdqgmm6luqq0OkrD3kNbeLCHAMOpiGwhVMoZ5Swc1NgeljKyBcMQLydU1pJpAVIjaxcpNspb3yr3nsCotXV3c3s3E04AqAeLzEKmjDk2PGox00KoOcwkT6MFDIT9RHq/ivIIRGUuOQt7ogGRRuvUzgf7PO996r5OJ5xLxXafIEB5O5yc9tu8rIVxVAhL8OWM4e2PDTyZ+cdcuvYI9FKRYs5s0mXz0ofkLMRXF8hKVBxP/6gKxaDbbAvdlBmJ0upOxvrNAPVzmW2CexPJ3oDaoDwoRz5GG4sYSM6HJ2cnz3KZZSWbFNliXDBqzM4LIAehL/fKgsF+jZWYlRzqU0rnulHOVyuEpEcDk2BbKT9B0LVOiCJZMng3GZ4P372dPPOKf4NTapHRdhiOLoajV2dvTp/lYP4r6Z0EidmUjIbjyavxyWAy+L28L6lT63CSXWp1Wt4MJqfjyeBiMj69eH/2Mtqy5xj2xVCUMAonRudsrZjzPhGjZ5aFcMEnS6G8n3zcLbHKimRrEcrLOs6SpDYoIFNMfeTeuk1fE6JGTsMyHdz59TjY2UwYsQPSeYhhmnStDuPg7zR/2/P5XHBoNAh66/aJBKg3gCB4njJpOHXaSLbbZxTXyxWZ1qi2SXFMJGh4scIlIRdN6aKD29pTsZlvt1asuiJIAmMu0S02Kk422IEzMqZgNEeEB+qL6XXVbGNMhTLht8UGl2qDJlhrla15rK4YCpgPoJVpddN1JQGcKr1oCx5fCsQDA6XUy55fskwLUTa8KabYa5ZGOoeIna3WpTfYvH2NUp225OJ09GaArD5IYgM8EnV9BENcM+P1GuJucde/GIfnd2c/eRPvCOs3uUFSLLX5lBx4bi91vODsWhX82EPhDBzWBHYoQ/raydC3nGtrh4BJKGBXPdZFATiusEnNe1SyWITSjHxyK/QMP4e40sst+gd7TpkRm0pa34L+39aMe9603tgZKxrCP6bP1rtedPsmQCts7RRMEeKNsRJv6AY67mgweU103H6ePHqEv48fPkyC8qFCulhdIRFqTqUo23SE5s+NNHE1l+k2uhcEQ+TbD5Z1lwXPd651hlasm3kRvitUvmenwrJtocdAXX+jWMdT4cNFadwqWPiW0FYZ3Q8yP6X4FDntW8BzujKewrlsntPTudFN/Txs3JiKZ091ZyHVKBuXzj6nW5Fbn5q+nn1EzZiafptbUy/Wt8e3vUW/dHqXjKWcRZOOd/7H41iPzcFs9FJr5i7B3zL9V6x+5DKTyhcpNEOd4mrw4P4Wm/vHx8dXWW0jfVnNNW46fMkpkP4AKOPL+xohEMZfAEW5P0TC8fhfZOuh1T8e1OZgviXfAVBLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAACQAAAE1FVEEtSU5GL1BLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAADQAAAE1FVEEtSU5GL2NvbS9QSwMECgAACAAAsq0oVAAAAAAAAAAAAAAAABQAAABNRVRBLUlORi9jb20vZ29vZ2xlL1BLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAAHAAAAE1FVEEtSU5GL2NvbS9nb29nbGUvYW5kcm9pZC9QSwMECgAACAgADQBrUzP3pRU9AQAAVAIAACkAAABNRVRBLUlORi9jb20vZ29vZ2xlL2FuZHJvaWQvdXBkYXRlLWJpbmFyeZWQTUsCURSG9+dXnMZB+kDvOLkLg0gNKTH6WhRxGZ1rXrxzp5y5FqTLILO2rQyCFm2i2kUL/00T/oxGJci0qLM8533fc84TmSJekUviVQAi3wsiGJzfBPft4PJ6whSUY3lVNEwT+sqL2163q3wuaFnJks9d6b29toPWFShOD2tc+tMzeIqsVHFR0xPaAjYBauxI8Rqjkh1TxzrgXrUvAsRPD2qzv5c2Isbe00vw2OrdnWF+EId104gn56ZQ+28oO+E+JqA5AcwXQO+dh6DzjKN/x0OcP5ugsL2VTad0E3Zz69ncWialzwM4rgoPI7blW2guEpvViVRCAOxhrDzsE8sukiElMrYQ97HRwHGeEP+DOVyi55dWcpurdCezQZcL6QzGhI+mkTSMMDkanZQMXHq+JQR1XFsJBgNiBnwAUEsDBAoAAAgIAA0Aa1N7C25iCgAAAAgAAAAqAAAATUVUQS1JTkYvY29tL2dvb2dsZS9hbmRyb2lkL3VwZGF0ZXItc2NyaXB0U/Z1dPcM9uYCAFBLAwQUAAAACAD4Oi5VMul08UgAAAB2AAAACwAAAG1vZHVsZS5wcm9wZYtBDoAwCATv/U0fwMmHNAQwkmgxgH2/Jqan3jazM8qwK/MpTkjiGaXjJZM1wvbTIR5qHUadczMWqAWfPMzXgCXI9c7PXM8XUEsDBAoAAAgAALKtKFQAAAAAAAAAAAAAAAAHAAAAc3lzdGVtL1BLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAACwAAAHN5c3RlbS9ldGMvUEsDBBQAAAAAAAU7LlUAAAAAAAAAAAAAAAAUAAAAc3lzdGVtL2V0Yy9zZWN1cml0eS9QSwMEFAAAAAAABzsuVQAAAAAAAAAAAAAAABwAAABzeXN0ZW0vZXRjL3NlY3VyaXR5L2NhY2VydHMvUEsBAj8AFAAAAAgASDsuVUk2GTnJBAAAhQ8AAAkAJAAAAAAAAAAgAAAAAAAAAGNvbmZpZy5zaAoAIAAAAAAAAQAYAMwmLTjIx9gBzCYtOMjH2AGMW7UgyMfYAVBLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAAAAPAEAABNRVRBLUlORi9QSwECCgAKAAAIAACyrShUAAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAAAXBQAATUVUQS1JTkYvY29tL1BLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAEIFAABNRVRBLUlORi9jb20vZ29vZ2xlL1BLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAAAHQFAABNRVRBLUlORi9jb20vZ29vZ2xlL2FuZHJvaWQvUEsBAgoACgAACAgADQBrUzP3pRU9AQAAVAIAACkAAAAAAAAAAAAAAAAArgUAAE1FVEEtSU5GL2NvbS9nb29nbGUvYW5kcm9pZC91cGRhdGUtYmluYXJ5UEsBAgoACgAACAgADQBrU3sLbmIKAAAACAAAACoAAAAAAAAAAAAAAAAAMgcAAE1FVEEtSU5GL2NvbS9nb29nbGUvYW5kcm9pZC91cGRhdGVyLXNjcmlwdFBLAQI/ABQAAAAIAPg6LlUy6XTxSAAAAHYAAAALACQAAAAAAAAAIAAAAIQHAABtb2R1bGUucHJvcAoAIAAAAAAAAQAYAJsvs9/Hx9gBmy+z38fH2AGvfVvSx8fYAVBLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAPUHAABzeXN0ZW0vUEsBAgoACgAACAAAsq0oVAAAAAAAAAAAAAAAAAsAAAAAAAAAAAAAAAAAGggAAHN5c3RlbS9ldGMvUEsBAj8AFAAAAAAABTsuVQAAAAAAAAAAAAAAABQAJAAAAAAAAAAQAAAAQwgAAHN5c3RlbS9ldGMvc2VjdXJpdHkvCgAgAAAAAAABABgAbVnE7MfH2AFtWcTsx8fYAW1ZxOzHx9gBUEsBAj8AFAAAAAAABzsuVQAAAAAAAAAAAAAAABwAJAAAAAAAAAAQAAAAdQgAAHN5c3RlbS9ldGMvc2VjdXJpdHkvY2FjZXJ0cy8KACAAAAAAAAEAGAA8T0vvx8fYATxPS+/Hx9gBPE9L78fH2AFQSwUGAAAAAAwADACnAwAArwgAAAAA' | base64 -d > fiddler_ca_cert_magisk.zip
上面的代碼會(huì)輸出一個(gè)壓縮文件包,里面的目錄如下:
-
將證書(shū)放到zip里的
/system/etc/security/cacerts/
下,可以使用7-zip直接拖進(jìn)去,不需要設(shè)置文件權(quán)限。最終看到的結(jié)構(gòu)信息要跟下面一樣:$ zipinfo fiddler_cacert.zip Archive: fiddler_cacert.zip ... -rw-a-- 6.3 fat 1342 bx defN 22-Sep-14 07:18 system/etc/security/cacerts/0725b47c.0
-
將zip包在magisk里作為magisk模塊刷入,重啟手機(jī)即可。?
?將上面整理的壓縮包放入到手機(jī)某個(gè)文件夾中,然后打開(kāi)magisk的模塊,點(diǎn)擊從本地安裝,找到剛剛的zip文件,安裝即可,然后手機(jī)設(shè)置代理,進(jìn)行訪問(wèn),就可以看到之前無(wú)法捕獲的https請(qǐng)求現(xiàn)在可以捕獲到了。