Solve the problem that mobile phone https cannot capture packets
When you test the App, you want to use Fiddler /Charles and other tools to capture packets and check the data of https requests. You find that most Apps prompt network exception/no data and other information.
How to solve it at this time?
Take the software testing interview question answering APP as an example:
The display on Fiddler is as follows: https packets cannot be decrypted:
You may start to look for certificate issues: is Fiddler's certificate not imported into the phone? I deleted the certificate and reinstalled it, configured it again and again, and then started comparing the https of the web browser and found that there was no problem.
So how to solve this problem? This article provides you with a very effective solution: VitualXposed framework + JustTrustMe module.
VitualXposed+JustTrustMe solves https packet capture problem
VitualXposed, simply put, can modify the behavior of the App without rooting the device. This app works similarly to the app clone feature, which installs the app into a virtual independent environment.
VitualXposed’s official website download address:
https://vxposed.com/, download the apk package and install it directly on your phone.
JustTrustMe is a module in xposed that disables SSL certificate verification.
Download address: https://github.com/Fuzion24/JustTrustMe. Also download the apk package and install it on your phone.
Step 1: Install both applications into your phone, then start VirtualXposed and click the button in the picture below:
Step 2: Enter the settings page and click Add Application:
It will display all the apps installed on this phone. Select the APP you want to capture packets and the JustTrustMe app to install it.
Step 3: Then return to the settings page, click Module Management, and check the JustTrustMe module:
After clicking in, check JustTrustMe:
Step 4: After returning to the main page, swipe up to open the application installed in VitualXposed. Click on the application you want to capture packets, such as "Lemon Class", you can start the APP in VitualXposed, then run and capture packets. .
Start the APP here, so that it can run normally, and at this time, the clear text content of the https message of this APP can be captured in the fiddler of the computer!
Finally, I would like to thank everyone who reads my article carefully. Reciprocity is always necessary. Although it is not a very valuable thing, if you can use it, you can take it directly:
This information should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can also help you!