1 Introduction
In the era of big data and the Internet era, personal information security is particularly important. With the recent ferment of many telecom fraud incidents, the country, enterprises, and individuals have paid more attention to Internet security. In the past, many websites transmitted by http protocol leaked website information, and personal information was exposed in the pool of big data. When we encounter an unfamiliar website, we will pay special attention to its security. It is much safer to visit the website with the HTTPS encryption protocol through the certified SSL certificate than the HTTP protocol without encryption. In recent years, major websites have paid more and more attention to security and have changed to the https protocol, unlike the http protocol that ran naked on the Internet more than ten years ago. There are also friends or children’s shoes who have configured according to the configuration of Brother Hong in the previous article. They want to show off their skills and grab Baidu’s package, but they were dumbfounded when they tried it. They didn’t even catch it. Brother did it. No, today Brother Hong will strike while the iron is hot and explain how to capture https protocol sessions.
2.HTTP
HTTP: It is the most widely used network protocol on the Internet. It is a client-side and server-side request and response standard (TCP). It is used to transmit hypertext from the WWW server to the local browser. It enables browsing The server is more efficient and the network transmission is reduced.
3.HTTPS
HTTPS: It is an HTTP channel with the goal of security. Simply put, it is a secure version of HTTP, that is, an SSL layer is added under HTTP. The security basis of HTTPS is SSL, so the detailed content of encryption requires SSL.
The main functions of the HTTPS protocol can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.
4. The difference between HTTP and HTTPS
Http is a hypertext transfer protocol, information is transmitted in plain text, and https is a secure ssl encrypted transfer protocol.
http and https use completely different connection methods and different ports. The former is 80 and the latter is 443.
The http connection is very simple and stateless; the HTTPS protocol is a network protocol constructed by the SSL+HTTP protocol that can perform encrypted transmission and identity authentication, which is safer than the http protocol.
The https protocol needs to go to CA to apply for a certificate. Generally, there are few free certificates, so a certain fee is required.
5.Charles captures HTTP packets
If no certificate is installed in charles, the package information of http-type URLs can be captured by default. This part of Brother Hong was mentioned in the previous article. As shown below:
If you want to learn interface automation testing, here I recommend a set of videos for you. This video can be said to be the number one interface automation testing tutorial on the entire network at station B. At the same time, the number of online users has reached 1,000, and there are notes to collect and use. Technical exchanges of various masters: 798478386
https://www.bilibili.com/video/BV17p4y1B77x/?spm_id_from=333.337&vd_source=488d25e59e6c5b111f7a1a1a16ecbe9a6. The principle of Charles grabbing HTTPS
The main working principle of Charles is: masquerading as a server to the client and masquerading as a client to the server.
1. The client initiates an HTTPS request to the server
2. Charles intercepts the client's request and pretends to be the client to make a request to the server
3. The server returns the server's CA certificate to the "client" (actually Charles)
4.Charles intercepts the server's response, obtains the public key of the server certificate, then makes a certificate himself, replaces the server certificate and sends it to the client.
5. After the client receives the "server" (actually Charles) certificate, it generates a symmetric key, encrypts it with Charles' public key, and sends it to the "server" (Charles)
6. Charles intercepts the client's response, decrypts the symmetric key with his own private key (Charles got the pair key), then encrypts it with the server certificate public key, and sends it to the server.
7. The server decrypts the symmetric key with its own private key and sends a response to the "client" (Charles)
8.Charles intercepts the server's response, replaces it with its own certificate and sends it to the client
At this point, the connection is established, and Charles has obtained the public key of the server certificate and the symmetric key negotiated between the client and the server, and then can decrypt or modify the encrypted message.
7. Charles captures HTTPS packets
After Hongge installed Charles, he did not configure it. Now he can capture the http package, and then Hongge visited Baidu and tried to capture Baidu’s https package to see what would happen.
1. Browser situation: I cannot access Baidu normally, and a prompt similar to a certificate error appears, as shown in the following figure:
2.Charles situation: Baidu's https package cannot be captured, and an unknown error occurs, as shown in the following figure:
7.1 Install certificate
From the above error, we can see that it is a certificate problem, then we need to install the certificate on the computer, the specific operation steps are as follows:
1. Open charles, click help-->SSL Proxying-->Install Charles root Certificate to install the certificate, as shown in the figure below:
2. After clicking "Install Charles root Certificate", then click "Install Certificate", as shown in the figure below:
3. After clicking "Install Certificate", select the storage location "Local Computer", and click "Next", as shown in the following figure:
4. For the certificate storage location, select 'Put all certificates into the following storage', then click "Browse" after the certificate storage, select "Trusted Root Certification Authorities" for the certificate storage, and click "OK", as shown in the figure below :
5. Click "Next", as shown in the figure below:
6. Click "Finish", prompting that the import is successful. As shown below:
7.2 Configure SSL Proxy
After the certificate is installed, we also need to configure Charles's SSL Proxy Settings. The specific operation steps are as follows:
1. Open Charles, click proxy>SSL Proxying Settings to open the following pop-up box, check the ssl proxy switch, the left include is the proxy that needs to be captured, and the right is the proxy that needs to be excluded, as shown in the following figure:
2. Excluded on the right side, click add to add, host is the domain name, port is the port number, we want to capture https, in the include, click add, fill in the host that needs to capture https, fill in 443 in the port Yes, you can also use * instead. Brother Hong, in the pop-up tab, check [Enable SSL Proxying] and click [add], enter [*] in Host to indicate receiving any host, enter [443] in Prot, and finally click [ok] to save. As shown below:
3. After completing the above steps, it is basically over. At this time, we open the browser and enter www.baidu.com to grab it.
(1) Browser status: Can access Baidu normally, as shown in the figure below:
(2) Charles situation: Baidu's https package can be captured, as shown in the following figure:
8. Summary
In fact, from beginning to end, it feels similar to Fiddler's steps to capture Https. First, install the certificate, then configure the packet capture tool itself, and finally you can successfully capture the Https package.
Q: Why is HTTPS safe?
A: Because HTTPS guarantees transmission security, prevents the transmission process from being monitored, prevents data from being stolen, and can confirm the authenticity of the website.
Q: What is the transmission process of HTTPS?
A: The client initiates an HTTPS request, the server returns the certificate, and the client verifies the certificate. After the verification is passed, the random number used to transform the symmetric encryption algorithm is locally generated, and the random number is encrypted and transmitted to the server through the public key in the certificate. , the server receives the random number by decrypting it with the private key, and the subsequent data interaction is encrypted and decrypted by the symmetric encryption algorithm.
Q: Why do you need a certificate?
A: Prevent "man-in-the-middle" attacks, and at the same time provide identity proof for the website.
Q: Will I be captured if I use HTTPS?
A: Packets will be captured. HTTPS only prevents users from being monitored without their knowledge. If the user actively grants credit, it is possible to build a "middleman" network, and the proxy software can decrypt the transmission content.