[Less detours] Personal experience on Android packet capture

Enterprise 2023-08-06 15:39:45 views: null

image-20220816131842634

[Less detours] Personal experience on Android packet capture

A few days ago, I posted an article about Android packet capture. At that time, I remembered it and posted it casually. This time, I will talk about some personal experience about Android packet capture (may be repeated with that article). Usually When we test the app, we will capture packets through the simulator. In fact, it is best to get a second-hand physical machine, but after all, there is no mine at home. Then here I have summarized a lot of experience and relatively simple solutions when building a penetration environment.

WeChat public account: Xiaoxi infiltrates, welcome to communicate and progress together

1. Simulator

The choice of simulator is usually the following (I use Thunderbolt and MuMu):

  1. Lightning Simulator
  2. Night Simulator
  3. MuMu simulator
  4. MEmu Emulator

​ Here, the Thunderbolt simulator can set the network as a bridge, but other things seem to be impossible, but when the Thunderbolt is Xposed, it always fails (the solution will be written later); then I am really convinced by the Yeshen simulator, I don’t know if it is My computer encountered a very painful bug, that is, the virtual keyboard can’t be tuned out, which is very annoying, but it has an advantage that Xposed in the software store can be installed with one click; It feels much faster than others; I haven't used MEmu Simulator much, so check it yourself.

Since it is an emulator, it has a snapshot function. When we test, we often adjust the network or set the proxy, so I recommend creating snapshots frequently. I thought that the emulator was broken after I adjusted the proxy several times before, and then stuck. 94%, tried various solutions to no avail, had to delete and recreate.

2. Agency Problems

​ Because some applications will detect whether to use a proxy, so I do not recommend setting the proxy directly in the system when testing. My approach is to use Proxifier to direct the emulator traffic to Burp. The following is the configuration tutorial I wrote before, you can refer to it

I use the Thunderbolt simulator, Burp configuration is as follows:

image-20220512140826184

Proxifier configuration is as follows:

set proxy server

image-20220512141020904 image-20220512141122268

3. Android 7.0 does not trust users to import certificates

​ After Android 7.0, the system does not trust the certificates imported by users. We want to use Burp to capture packets without importing certificates. Move the certificate from the user certificate directory to the system certificate directory with MT Manager

mt manager mobile certificate : /data/misc/user/0/cacerts-added/The files under this path are copied to /system/etc/security/cacerts

4. Xposed plug-in installation problem

It is best to have the Xposed framework during the infiltration process, but there are various problems in installation, and the online tutorials are also varied and complicated. I also recommend a method that I feel is the easiest.

Normal Raiden is the 32-bit version of Android 7 by default, just download the Xposed framework app from Raiden Game Center and install it

After the app is installed, there is no framework for entering it. Clicking the installation in the app is not easy to use (in the final analysis, it is a network problem). There are many installation methods here, and there are also various online tutorials. I recommend a super simple method here. Next Mavericks Accelerator (Of course there are other accelerators that can be used), then start the service, and then go to the xposed app to install the framework.

After testing Android 64-bit installation Mavericks will flash back

image-20220512144152662

If it still doesn't work, recommend a manual installation tutorial: https://www.bilibili.com/video/BV1fq4y1G7Rt

I recommend two more plugins here, which may be useful:

  1. inspeckage: Go Baidu Bar is a very powerful plug-in
  2. JustTrustMe: an xposed module to disable SSL certificate checking

5. Decompilation analysis

In addition to regular packet capture, you can decompile and then look at the code. I recommend decompilation, just 漏了个大洞reply in the background 0001. In addition to regular decompilation, this tool will extract some content such as: url, hash, ip, key, etc.

Put the apk file in the apps folder of the software directory, and then click the apkAnalyser.exe main program (wait, the time may be a little longer)

image-20220512152630430

After the extraction is successful, the result is placed in result

image-20220512171126744

Guess you like

Origin blog.csdn.net/u010277543/article/details/126479050
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com