![](https://pic4.zhimg.com/v2-4c7872bc32777e31616662c3728ab8eb_b.jpg)
小程序|App抓包(二)电脑端
----------Charles+Burp组合---------
一、Charles+Burp组合
电脑上微信打开小程序:(win/mac都可以)
![](https://pic2.zhimg.com/v2-48728698f8a866765e7d5890c9fe50bd_b.jpg)
任意打开一个小程序:
![](https://pic3.zhimg.com/v2-e35854254e09e7b4e49a674794cf7352_b.jpg)
使用Charles抓包:
安装和简介参考:
https://mp.weixin.qq.com/s/Xy4rt1ammK8aPgT4W6obig
简单相关配置:
![](https://pic1.zhimg.com/v2-91914b3e8c3b802a3992262d9543e2ec_b.jpg)
安装系统证书:
![](https://pic4.zhimg.com/v2-e27708d73ecbe184a7a17ce0bf395c03_b.jpg)
设置ssl
![](https://pic4.zhimg.com/v2-0cdffe3b90f6ca475c7a8edcee939d0b_b.jpg)
允许ssl代理https包:
![](https://pic4.zhimg.com/v2-d3e179c8a7dbbcd5960c1cfb148aaf97_b.jpg)
可以抓到系统数据包:
![](https://pic2.zhimg.com/v2-7063f60f5cdab6bdf36afcdc6f7988cd_b.jpg)
charles的重放发包机制不是太好,操作不是很方便:
也可以在charles里面进行测试和数据包的修改:
(功能介绍)https://www.jianshu.com/p/4b103721a133
![](https://pic2.zhimg.com/v2-5f95761bff3b8adc782e553cf4013df5_b.jpg)
![](https://pic2.zhimg.com/v2-5e91a3c8571c7a15ec4f8801755027cd_b.jpg)
可进行复制重放
![](https://pic4.zhimg.com/v2-a047b395864064bcd34d083d219a648b_b.jpg)
建议代理到burp:
代理到burp:
![](https://pic4.zhimg.com/v2-559a63ab336c4a0227405c848d0995ff_b.jpg)
burp设置:
![](https://pic3.zhimg.com/v2-84e8c17ac6f621c91eef34011cc12b8e_b.jpg)
burp接受到charles转发的数据包
![](https://pic1.zhimg.com/v2-c42a7f33322ed4073f4b0c4ebf02b6fc_b.jpg)
----------Fiddler+Burp组合---------
二、Fiddler+Burp组合
电脑上微信打开小程序:(win/mac都可以)
![](https://pic2.zhimg.com/v2-48728698f8a866765e7d5890c9fe50bd_b.jpg)
任意打开一个小程序:
![](https://pic3.zhimg.com/v2-e35854254e09e7b4e49a674794cf7352_b.jpg)
使用Fiddler抓包:
安装和简介参考:
https://mp.weixin.qq.com/s/Xy4rt1ammK8aPgT4W6obig
代理设置:
![](https://pic4.zhimg.com/v2-d48fd8f97cd55ca62f85002e0ee01f57_b.jpg)
开启抓包同时开启小程序
![](https://pic3.zhimg.com/v2-03851491b2a6411dccab18d19673fe3e_b.jpg)
代理转发设置:
![](https://pic2.zhimg.com/v2-7b391a07a1742c845d48beed34b4dc89_b.jpg)
burp设置:
![](https://pic3.zhimg.com/v2-84e8c17ac6f621c91eef34011cc12b8e_b.jpg)
burp接受到charles转发的数据包
![](https://pic1.zhimg.com/v2-c42a7f33322ed4073f4b0c4ebf02b6fc_b.jpg)
参考:
https://www.jianshu.com/p/4b103721a133
注意:⚠️
免责声明:本站提供安全工具、程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
如果本文内容侵权或者对贵公司业务或者其他有影响,请联系作者删除。
转载声明:著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
订阅查看更多复现文章、学习笔记
thelostworld
安全路上,与你并肩前行!!!!
个人知乎:https://www.zhihu.com/people/fu-wei-43-69/columns
个人简书:https://www.jianshu.com/u/bf0e38a8d400
个人CSDN:https://blog.csdn.net/qq_37602797/category_10169006.html
个人博客园:https://www.cnblogs.com/thelostworld/
FREEBUF主页:https://www.freebuf.com/author/thelostworld?type=article
语雀博客主页:https://www.yuque.com/thelostworld
![](https://pic1.zhimg.com/v2-4b029825345899d23992b40ada6b2840_b.jpg)
欢迎添加本公众号作者微信交流,添加时备注一下“公众号”
![](https://pic3.zhimg.com/v2-0d302ca3ab5381e8c1ab1065bf16271a_b.jpg)