「postern」:https://github.com/postern-overwal/postern-stuff
「charles」:https://www.charlesproxy.com/download/
「charles激活码」: https://www.zzzmode.com/mytools/charles/ (用于计算Charles激活码的go代码)
无法正常抓包,接下来需要分析代理检测与vpn相关检测
「第一步:看看有没有加壳」
「第二步:vpn或代理检测排查」
「易检测」
- System.getProperty("http.proxyHost")
-
- System.getProperty("http.proxyPort")
-
「no_proxy」
- new OkHttpClient().newBuilder().proxy(Proxy.NO_PROXY).build();
-
启动手机frida环境 12.8.0
- cd /data/local/tmp
- ./frida_12.8.0 &
-
启动hook 检测脚本
- frida -UF -l DroidSSLUnpinning.js
-
脚本链接我传到阿里云盘
- 「DroidSSLUnpinning.js」,「阿里云盘」APP
- 链接:https://www.aliyundrive.com/s/AKMDxUHsnPQ
-
- import requests
- import json
-
-
- headers = {
- "User-Agent": "X-Car-APP-Android-1.1.1.300SP05",
- "xid": "",
- "Content-Type": "application/json; charset=utf-8",
- "Host": "omp.uopes.cn"
- }
- url = "https://omp.uopes.cn/xcar/omp/xbs/cc/home"
- data = {
- "pageBanner": {
- "pageNum": 1,
- "pageSize": 10,
- "totalCount": 0
- },
- "pagePost": {
- "pageNum": 1,
- "pageSize": 20,
- "totalCount": 0
- },
- "pageTopic": {
- "pageNum": 1,
- "pageSize": 5,
- "totalCount": 0
- }
- }
- data = json.dumps(data)
- response = requests.post(url, headers=headers, data=data)
-
- print(response.text)
- print(response)
-
收工!
湘公网安备 43102202000103号
