Detailed explanation of Https packet capture steps - simulate man-in-the-middle attack

Mobile 2023-07-01 06:34:00 views: null

Talk about two parts: charles realize https packet capture; use charles to realize data tampering of request message and response message.
Into the title:

1. Charles configures the certificate to implement https capture

Configuration steps:
1. Ensure that the mobile phone and mac are connected to the same network, that is, just connect to the same wifi or 4G hotspot.
2. Configure https trust certificate. Install the charles certificate in the mac to the mobile phone, the operation steps are as follows:
click help, click the
insert image description here
following picture to enter the following picture: charles opens the mapping URL according to the following picture
insert image description here
3, the mobile phone shows the above picture, configure the proxy service address (enter settings, WLan Or on the network settings page, long press the connected wifi name to enter the advanced settings. Or directly Baidu: wifi configuration proxy), remember to save the screenshot above, and visit the browser to download the certificate after configuring the proxy.
4. Open the browser on the mobile phone to access the address: chls.pro/ssl (the built-in browser of the mobile phone may not support opening, please change the browser, such as UC browser), and click to install the certificate file after downloading.
5. Returning to charles at this time, the https message still cannot be displayed, and the request address url to be captured needs to be configured in the ssl detection list. The operation is as follows
. For example, after the configuration method greatly requests the address, you can see his message in plain text.
insert image description here
Just fill in 443 for the port.
6. At this point, restart charles, refresh the main page of Fada APP from the APP side, and you can already see the response message from charles (his request message is encrypted, so you can’t see the plaintext)
insert image description here

2. Realize breakpoint debugging and tamper with messages

Intercept requests, modify request parameters and re-trigger requests
Application scenarios:
intercept request messages, tamper with request messages, tamper with response messages, etc.
Refer to my blog post: https://blog.csdn.net/u011084603/article/details/96323396 Pro-test is effective

Guess you like

Origin blog.csdn.net/u011084603/article/details/96316572
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com