Environmental preparation
-
kali
-
windows
-
burpsuite
-
Yeshen simulator Android7.0 or above version V7.0.2.2000
-
Charles
-
poster
Tool introduction
Charles
download link:
https://www.charlesproxy.com/latest-release/download.do
Charles is a very powerful HTTP packet capture tool. By setting the software, it becomes the system network access server, that is, all network access must be completed through the software, so that it can easily obtain all HTTP and HTTPS information. Data packets monitor all traffic including all browsers and application processes, allowing developers to view all communications between the computer and the Internet.
After downloading Charles, you have 30 days of free use rights. After that, you can choose to re-download or purchase it. Unactivated Charles can only be opened for 30 minutes at a time and needs to be manually opened again.
Poster
Download address 1: https://soft.clbug.com/soft/postern/
Download address 2: https://www.malavida.com/en/soft/postern/android/
Postern download:
http://www.xsssql.com/wp-content/uploads/2022/12/2022122807462925.zip
Postern is a global proxy tool under Android.
Detailed configuration
Install Postern
After downloading the installation package, drag it directly into the emulator and the installation will begin.
Install Charles
The next step along the way is ok. First, you need to make sure there is no Charles in the computer.
Crack method
Online tools:
https://www.zzzmode.com/mytools/charles/
Enter a random string to generate a license key.
Just open charles-help and fill it in.
As shown in the picture:
Android imports Charles system-level certificate
Generate a .pem certificate, but the Android system-level certificate ends with .0, so it needs to be converted. We can calculate the file name through openssl in kali.
Reference article here: https://www.cnblogs.com/YenKoc/p/14376653.html
Copy the pem file charles.pem to the opt directory of the KALI system and use the command:
openssl x509 -subject_hash_old -in charles.pem`` ``mv charles.pem 3ce07b0d.0
# 3ce07b0d is the hash value in the previous step
Then transfer the file to the /system/etc/security/cacerts/ directory through adb shell
Connection command:
.\nox_adb.exe connect 127.0.0.1:62001``.\nox_adb.exe devices
Copy the certificate file to /data/local/tmp, and then connect to the shell
.\nox_adb.exe push Q:\3ce07b0d.0 /data/local/tmp``.\nox_adb.exe shell` `su
Execute the following command to copy the certificate to the system certificate directory:
mount -o rw,remount -t auto /system``cp /data/local/tmp/3ce07b0d.0 /system/etc/security/cacerts``chmod 777 /system/etc/security/cacerts/3ce07b0d.0
Then restart and enter reboot.
After restarting after a few seconds, you will find that the certificate of Charles is included in the credentials.
After restarting, click Settings > Security > Trusted Credentials > System >
Burp imports Charles' certificate
Open charles - help - ssl proxying
Enter the password and export the certificate
Get a .p12 file
Import into burp
Charles tool configuration
The first is proxy - proxy settings
Uncheck windows proxy because we don't need to capture windows packets.
Then there are proxy-ssl proxy settings
OK completed.
postern tool configuration
Open the horizontal bar in the upper left corner of the software to see a list of options.
Configure the proxy first
The name can be chosen casually, and the server address is your own PC local address.
The port type must be the same as that configured on Charles before, socks5 mode.
Then just scroll down and save the poster.
Then configure the rules, delete them all, and configure one.
Click save
This completes the match.
The bottom one is a switch. You can turn it on when you want to capture packets, and turn it off when you don't want to capture packets.
When you open it, there will be a key icon in the upper right corner.
At this time, we will visit Baidu to see if we can capture the data packet.
Caught successfully.
joint burp
Because Charles has a strong ability to capture packets but cannot perform operations such as modifying data packets, we will build another layer of proxy to burp to facilitate our penetration testers.
proxy - external proxy settings
Remember to configure 127.0.0.1:8080 for both options, because our burp listens to port 8080 by default. If it is not 8080, just change it to the port monitored on your own burp.
Test Results
If the data packet is successfully captured, other apps can test it themselves. It is said that more than 90% of the data packets of the app can be captured...
After the certificate is imported into BURP, BURP may use this certificate by default later, causing problems when capturing HTTPS packets on the physical machine. You can re-download and install it into the system. After downloading, use Notepad to open the certificate to see whether the certificate is built-in to BURP or imported chales as shown in the figure:
Finally, it is recommended to import the built-in certificate of burp into the Android system.
原文:https://www.xsssql.com/article/26.html
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Content summary: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.