• 手机抓包-fiddler

    如果app走的是http协议,不用root,只需要通过fiddler做代理,就可以抓到所有请求。

    1. fiddler+手机wifi设置

    安装fiddler,勾中 Fiddler Options -> https -> Decrypt Https trafficConnections -> Allow remote computers to connect 。重启之后,fiddler就在默认端口8888开始监听了。

    手机上的wifi设置里,选择 手动 代理,主机名为PC的IP地址比如 192.168.0.108, 端口为8888。确认后,手机browser里访问http://192.168.0.108:8888,点击"FiddlerRoot certificate"安装证书。Android会提示先设置锁屏码 或 PIN码之类的,按提示做就行。

    2. 抓包+分析

    打开你要分析的app,点击按钮(例如:登录、同步等),如果背后走的是http/https,就能在fiddler里抓到request/response。比如某健康app的同步请求:

    POST http://**health.com/japi/actionLst/uploadSportData HTTP/1.1
Content-Length: 2869
Content-Type: multipart/form-data; boundary=hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Host: **health.com
Connection: Keep-Alive
Expect: 100-continue
Cookie: PHPSESSID=dqb5h9nomu2fuuonnrleip6h71
Cookie2: $Version=1

--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Content-Disposition: form-data; name="member_id"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A1001
...

--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Content-Disposition: form-data; name="distance"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

0.08869565
--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Content-Disposition: form-data; name="seconds"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

73
--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Content-Disposition: form-data; name="calorie"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

5
--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Content-Disposition: form-data; name="step"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

120
--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII
Content-Disposition: form-data; name="action_sign"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

62ccc5709f192da3d4a8b68499e0bd68
--hZDrprkxC2osrCEx4XMWP2zehAAgxjpOgkbHUII--

    能看到,请求是http明文的,包括用户id、距离、秒数、卡路里、步数等基本信息,只有一个action_sign对数据做了签名,这是比较危险的。回复的结果如下:

    HTTP/1.1 200 OK
Server: nginx
Date: Sun, 10 Apr 2016 06:24:44 GMT
Content-Type: application/json;charset=UTF-8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: x-requested-with
Content-Length: 26

{"status":"OK","result":8}

    只要构造合适的boundary+actionSign,就能模拟请求伪造数据了。后面找时间再尝试一下tcpdumpWireShark,毕竟能抓所有协议,更强大一些。
  • 相关阅读:
    bzoj4753: [Jsoi2016]最佳团体(分数规划+树形依赖背包)
    bzoj2956: 模积和(数论)
    51nod 1766 树上的最远点对(线段树)
    bzoj2621: [Usaco2012 Mar]Cows in a Skyscraper(状压DP)
    Codeforces Round #441 Div. 2题解
    bzoj4569: [Scoi2016]萌萌哒(ST表+并查集)
    iOS和Android后台机制对比
    UIApplicationDelegate 各方法回调时机
    iOS OC和JS的交互 javaScriptCore方法封装
    iOS应用的执行原理
  • 原文地址:https://www.cnblogs.com/AlexanderYao/p/5375603.html
Copyright © 2020-2023  润新知