移动端抓包总结
总结一些移动端抓包的方法
Android替换系统内置证书
脚本
脚本测试环境是MacOS,通过挂载系统证书目录方式添加系统内置信任证书,实现流量转发劫持。注意:重启Android设备后需要重新执行。
set -x
#抓包进程uid
uid=$1
#Burpsuite ***透明*** 代理地址
bp=$2
#Burpsuite的cacert.der证书
cert=$3
su="su -c"
# su="su 0"
if [ -z "$uid" -o -z "$bp" ]; then
echo "./$0 uid bp_addr"
exit
fi
quit() {
echo "ERROR"
exit
}
install_cert() {
#格式化证书为手机格式
openssl x509 -in ${cert} -inform DER -out burp.crt || quit
file=`openssl x509 -inform PEM -subject_hash_old -in burp.crt | head -1` || quit
file=$file".0"
mv burp.crt $file
#将系统证书目录mount到内存,变成可写状态,将burpsuite证书安装到系统证书目录
adb shell ${su} "mkdir -p -m 700 /data/local/tmp/certs" || quit
adb shell ${su} "cp /system/etc/security/cacerts/* /data/local/tmp/certs" || quit
adb push $file /data/local/tmp/certs || quit
adb shell ${su} "mount -t tmpfs tmpfs /system/etc/security/cacerts" || quit
adb shell ${su} "cp /data/local/tmp/certs/* /system/etc/security/cacerts/" || quit
adb shell ${su} "chown root:root /system/etc/security/cacerts/*" || quit
adb shell ${su} "chmod 644 /system/etc/security/cacerts/*" || quit
adb shell ${su} "chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*" || quit
}
if [ ! -z $cert ]; then
echo "install cert"
install_cert
fi
#转发流量
#1、注意burpsuite要设置为透明模式)
#2、注意uid 可以通过 ps -ef | grep com.your.app"获取
adb shell ${su} "iptables -t nat -F OUTPUT"
adb shell ${su} "iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner $uid -j DNAT --to-destination $bp" || quit
echo "success"
小程序或非原生APP的vConsole强制开启思路
<!-- 通过bp回包插入vconsole js, 此后在需要的地方插入console.log打印日志即可 !-->
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<!--适配手机屏幕-->
<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no" />
<title>dome</title>
<!-- *** 插入:VConsole调用JS *** -->
//https://unpkg.com/vconsole@latest/dist/vconsole.min.js
<script src="http://wechatfe.github.io/vconsole/lib/vconsole.min.js?v=3.2.0"></script>
</head>
<body>
<script>
// *** 插入:VConsole调用 ***
var vConsole = new VConsole();
console.log('Hello world');
</script>
</body>
</html>