本文分析的是银泰喵街的抓包。
拿到android app抓包,出现http包不走fiddler等代理的情况,通过jadx查看该app使用了mtop sdk,
mtop Android SDK接入手册网址https://help.aliyun.com/document_detail/69785.html,查看手册对应的hook位置在SwitchConfig.getInstance().setGlobalSpdySwitchOpen(false);
GlobalSpdySwitchOpen hook设置成false之后,我们就可以看到https://acs.m.taobao.com/gw/的包文了。
下面提供xposed/frida解决方法
1、xposed代码如下
public void hook(ClassLoader classLoader) {
Class SwitchConfig = findClassIfExists("mtopsdk.mtop.global.SwitchConfig", classLoader);
findAndHookMethod(SwitchConfig, "isGlobalSpdySwitchOpen", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
String isGlobalSpdySwitchOpen = (String) param.getResult();
log("SwitchConfig.isGlobalSpdySwitchOpen()=" + isGlobalSpdySwitchOpen);
param.setResult(false);
}
});
}
2、frida代码如下
function hook_spdy(){
var SwitchConfig = Java.use('mtopsdk.mtop.global.SwitchConfig');
SwitchConfig.isGlobalSpdySwitchOpen.overload().implementation = function(){
var ret = this.isGlobalSpdySwitchOpen.apply(this, arguments);
console.log("\nSwitchConfig.isGlobalSpdySwitchOpen()="+ret);
return false;
}
}
3、fiddler抓包成功截图
4、对应代码下载链接
xposed:https://download.csdn.net/download/weixin_33571137/11763987
frida:https://download.csdn.net/download/weixin_33571137/11763981
jadx(支持中文):https://download.csdn.net/download/weixin_33571137/11646486