Table of contents
1) fiddler installation configuration
1. Download and install fiddler, not explained here, Baidu download, configure after installation
2. Install the simulator (Yeshen, mumu) and configure the proxy
3. Crack the limit of app capture
foreword
Recently, the company is working on an app project, and the test environment app package does not have a debugging mode, which makes it impossible to view the request interface and request parameters during the test, so it is necessary to capture the package through the package capture tool
1) fiddler installation configuration
1. Download and install fiddler, not explained here, Baidu download, configure after installation
①Configure fiddler to allow listening to https
Tools => Options => HTTPS
② Configure fiddler to allow remote connections
Tools => Options => Connections
③Restart Fiddler (after the configuration is complete, it needs to be restarted to take effect)
2. Install the simulator (Yeshen, mumu) and configure the proxy
① Turn on the emulator wifi and modify the network proxy
②Open the built-in browser and enter the port number set by the computer intranet ip+fiddler (default 8888), and download the fiddler certificate
③ Install after the download is complete
④After the installation is complete, the browser will always pop up a problem with the certificate
Solution
Browser [Settings] - [Privacy and Security] - [Display Security Warning], just uncheck it
The above are all the steps. After the installation is complete, you can capture the package. If the app prompts that the network cannot be connected, refer to the following methods
There is a problem:
The above steps can only capture the packets of some apps, and some apps cannot capture packets. After setting the proxy, the app will prompt that it cannot connect to the network.
problem causes:
If fiddler is enabled to capture packets, some apps can decrypt HTTPS normally, but some apps can’t (typically app stores, Taobao, Zhihu, etc.) The reason is that the apps enable SSL Pinning (SSL certificate binding)
The basic principle is that the APP has a built-in certificate verification. As a result, although you have installed and trusted the certificate of your packet capture tool, if Pinning is enabled in the APP, your certificate will still be regarded as an invalid certificate, causing HTTPS establishment to fail.
3. Crack the limit of app capture
Use Xposed+JustTrustMe to turn off SSL certificate verification
Note: Rooting is required to install the Xposed framework on an Android phone, which may cause the phone to be bricked. It is recommended to use an emulator.
①Search for sposed in the Yeghen Simulator and download it directly
Note: When installing the Xposed framework on the emulator, first turn off the previously set WIFI proxy, otherwise the following error will occur, causing the framework to fail to install.
The normal opening is as follows, click Version 89 to update
Successful installation
②Install the JustTrustMe module
JustTrustMe: An xposed module that disables SSL certificate checking.
Just download and install, github download address: https://github.com/Fuzion24/JustTrustMe/releases
After the installation is complete, check the module in Xposed Installer and restart the device.
After the above settings, you can reset the network proxy to capture packets
Notice:
It is recommended to use the emulator to capture packets.
When downloading the software, first turn off the set WIFI proxy, and then manually set the proxy when capturing packets.
After normal configuration, the app data packet cannot be captured. It is recommended to use the Xposed+JustTrustMe solution.
at last
Finally, I would like to thank everyone who has read my article carefully. Looking at the fans’ growth and attention all the way, there is always a need for reciprocity. Although it is not a very valuable thing, you can take it away if you need it:
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can help you too!
In my QQ technology exchange group (technical exchange and resource sharing, no advertising)