Capture Taobao APP HTTPS request 2022 latest multiple methods

Mobile 2023-04-10 04:49:51 views: null

Grab the HTTPS request of Taobao App. Very bumpy so far.

When I was catching the Xiaohongshu App before, I also tossed about similar things. Solved several issues:

  • Packet capture tool: MITMProxy
  • Forced proxy on mobile: ProxyDroid's global mode. Because some apps will detect whether there is a proxy, it is necessary to force iptables traffic. So can Droni.
  • SSLPinning: use SSLUnpinning + Taichi.

Using the above method, I happily grabbed a lot of information, which is relatively stable.

But today I used the same method to catch the Taobao App, but I couldn't get it right. Not to mention capturing packets, you can't even go through the proxy, and you can't even connect. Write down the problems encountered and the solutions. The questions, in order, are:

  1. If you want to capture the Taobao App, you must first solve the problem of Ali's private agreement. According to various articles, Ali uses the private protocol Spdy. So use a hook to change whether to use spdy to false. (reference 1)
  2. To achieve this method, you need to use the method of xposed or frida.
    1. Xposed has been used before. Checked it out, someone already gave the code. (Reference 2) Code link (https://github.com/zhaoboy9692/me-tools). However, it does not work after downloading and installing it to Taichi. Taichi shows that the module cannot be run.
      1. In the middle, I also spent some time studying the xposed tutorial and trying to write it myself. It turns out that xposed is basically an app written in java, and I don't understand the basic concepts, which is beyond my ability. never mind.
    2. Turn to understand frida.
      1. This is the first time I heard about frida, and after a simple understanding, frida is not only available on Android, but can also run on various systems. It is basically an online hook tool. The difference with xposed is that the xposed module can be taken away once and for all, while frida needs to be used online. But flexible enough. Divided into the control terminal (usually a PC) and the controlled terminal (usually a mobile phone). The control terminal supports Python/Java. The controlled end is a server end that accepts instructions. (Reference 3, 4)
      2. There are quite a few articles that study the Ali department and mention Frida. I mostly followed reference 5.
      3. After understanding Frida, I encountered several problems when I used it: port forwarding problems and permission problems.
    3. After solving Frida, Taobao still cannot connect to the data, and it always shows a network failure. I thought it was a proxy server problem. After studying MITMProxy, I finally confirmed that ProxyDroid and Droni are all right. Because Xiaohongshu is very good.
    4. Continue to research and found this article is very good: Reference 10 summarizes many problems and solutions of packet capture. To put it simply, there are several possibilities for not being caught:
      1. App itself does not go through the proxy, even if you set up a proxy. This can only force the agent away.
      2. App itself does not trust user certificates, only system certificates
      3. App itself does not even trust the system certificate, only trusts specific certificates. Problems with SSL pinning.
    5. I think it's a problem with SSLPinning. First used UNPinningSSL, does not solve the problem. So I want to put the certificate under the system level.
      1. Try renaming yourself, adb push, etc. As a result, I encountered a permission problem again and got stuck here. Android 10 and above cannot modify /system, even root. Even adb disable-verity can't be executed.
      2. These articles discuss the permission issue better: refer to 21/22. The only possibility seen is to do it with Magisk Module. Park here first, and then research.

Fantastic, updated!

I just finished writing the above, and saw an article 5 minutes later, which mentioned the Magisk Modules of Move Certificates, which can move user certificates to system certificates. Tried it out and it worked! We can successfully capture the bag

appendix

import frida
rdev = frida.get_remote_device()
processes = rdev.enumerate_processes()
for process in processes:
print process

reference

  1. Solve the problem that Taobao, Xianyu and other Taobao apps cannot capture packets – iamSummi – Programmer ITS500 ( https://www.its500.com/article?url=Summi/p/14491808.html )
  2. Taobao package capture hook module ( Taobao package capture hook module_Harry Haqi's blog-CSDN blog_frida spdy )
  3. An article takes you to understand the essence of Frida (based on Android 8.1) ( frida-all-in-one/READMD.md at master hookmaster/frida-all-in-one GitHub )
  4. FRIDA Practice ( FRIDA Practice - Short Book )
  5. Capture package: Taobao, Alipay ( Catch package: Taobao, Alipay | Xiaowei's blog )
  6. Taobao package capture hook module (https://blog.csdn.net/zhangmiaoping23/article/details/105827285?spm=1001.2101.3001.6661.1&utm_medium=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7ECTRLIST%7ETopBlog -1.topblog&depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7ECTRLIST%7ETopBlog-1.topblog&utm_relevant_index=1)
  7. XPosed+Charles capture package Taobao App (https://www.jianshu.com/p/7df2d305f0c1)
  8. Error reporting when using frida hook ( Error reporting when using frida hook - short book )
  9. Android hook artifact frida (2) ( Android hook artifact frida (2) - bamb00 - Blog Garden )
  10. Can't catch the package with large apps? The app can't capture the comments (https://www.lanbu.net/d/244)
  11. Some apps cannot capture packets (https://blog.csdn.net/qq_40157234/article/details/103760612)
  12. mtopsdk (sdk used by Taobao android app) forces requests to capture packets through a proxy
  13. Summary of Android 7.0 Https packet capture one-way and two-way verification solutions
  14. Android Packet Capture Attack and Defense Technology( Android Packet Capture Attack and Defense Technology-Prophet Community )
  15. Reasons why some applications cannot capture packets ( reasons and solutions for some APPs that cannot proxy packet capture (flutter capture) - lulianqi15 - 博客园)
  16. App bypasses the SSL Pinning mechanism to capture Https requests (https://www.cnblogs.com/yyoba/p/12370510.html)
  17. Introduction to https SSL pinning and bypass methods in Android applications (https://zhuanlan.zhihu.com/p/127847550)
  18. adb install CA certificate (https://www.cnblogs.com/yumoblogs/p/14773298.html)
  19. How to make a certificate ( adb shell install certificate/modify certificate to system level/ - 小君~ - 博客园)
  20. Install the charles and Fiddler certificates to the Android root directory to solve the problem that the certificate cannot be captured after the Android WeChat version 7.0, and root is required Package issue, requires root · TesterHome )
  21. How to disable dm-verity on Android with “user” build type ROM?(https://android.stackexchange.com/questions/215800/how-to-disable-dm-verity-on-android-with-user-build-type-rom)
  22. https://gist.github.com/pwlin/8a0d01e6428b7a96e2eb

Guess you like

Origin blog.csdn.net/feelsyt/article/details/128228517
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com