「postern」:https://github.com/postern-overwal/postern-stuff
「charles」:https://www.charlesproxy.com/download/
「charles激活码」: https://www.zzzmode.com/mytools/charles/ (用于计算Charles激活码的go代码)
无法正常抓包,接下来需要分析代理检测与vpn相关检测
「第一步:看看有没有加壳」
「第二步:vpn或代理检测排查」
「易检测」
System.getProperty("http.proxyHost")
System.getProperty("http.proxyPort")
「no_proxy」
new OkHttpClient().newBuilder().proxy(Proxy.NO_PROXY).build();
启动手机frida环境 12.8.0
cd /data/local/tmp
./frida_12.8.0 &
启动hook 检测脚本
frida -UF -l DroidSSLUnpinning.js
脚本链接我传到阿里云盘
「DroidSSLUnpinning.js」,「阿里云盘」APP
链接:https://www.aliyundrive.com/s/AKMDxUHsnPQ
import requests
import json
headers = {
"User-Agent": "X-Car-APP-Android-1.1.1.300SP05",
"xid": "",
"Content-Type": "application/json; charset=utf-8",
"Host": "omp.uopes.cn"
}
url = "https://omp.uopes.cn/xcar/omp/xbs/cc/home"
data = {
"pageBanner": {
"pageNum": 1,
"pageSize": 10,
"totalCount": 0
},
"pagePost": {
"pageNum": 1,
"pageSize": 20,
"totalCount": 0
},
"pageTopic": {
"pageNum": 1,
"pageSize": 5,
"totalCount": 0
}
}
data = json.dumps(data)
response = requests.post(url, headers=headers, data=data)
print(response.text)
print(response)
收工!