Fiddler安卓抓包

By youfang at: 2023-11-08

Fiddler安卓抓包

下载

官网地址

https://downloads.getfiddler.com/fiddler-classic/FiddlerSetup.5.0.20242.10753-latest.exe

http://qiniu.acyou.cn/dev/fiddler/ES%E6%96%87%E4%BB%B6%E6%B5%8F%E8%A7%88%E5%99%A8.apk

Fiddler Log中打印

1
2
3
4
5
6
7
8
10:14:01:4003 [Fiddler] No HTTPS request was received from (chrome:41292) new client socket, port 4995.
10:14:09:9566 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=*.yeshen.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
10:14:10:0034 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=*.yeshen.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
10:14:13:9911 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
10:14:42:8896 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=*.baidu.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
10:14:53:3631 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=*.yeshen.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
10:14:53:4027 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException 调用 SSPI 失败,请参见内部异常。 < 处理证书时,出现了一个未知错误。 for pipe (CN=*.yeshen.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
10:14:58:5512 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance

安卓7.0以后,安卓不信任用户安装的证书,所以抓https时无法解码请求,对于第三方应用,需要将证书添加为系统证书

解决办法

一、导出Fiddler的证书:FiddlerRoot.cer

二、在Linux上使用openssl转码证书

1
2
3
4
5
6
7
8
9
10
11
12
13
#1. 证书转换,已经是pem格式的证书不需要执行这一步
openssl x509 -inform DER -in FiddlerRoot.cer -out cacert.pem

#2. 进行MD5的hash显示
#openssl版本在1.0以上的版本的执行这一句
openssl x509 -inform PEM -subject_hash_old -in cacert.pem
#openssl版本在1.0以下的版本的执行这一句
openssl x509 -inform PEM -subject_hash -in cacert.pem


#3. 将pem证书重命名
#使用上面复制的值(类似于347bacb5)对pem证书进行重命名
mv cacert.pem 347bacb5.0

查看openssl版本的指令openssl version

操作实例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[root@dev-robot youfang]# openssl 
OpenSSL> version
OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL> ^C
[root@dev-robot youfang]# openssl x509 -inform DER -in FiddlerRoot.cer -out cacert.pem 
[root@dev-robot youfang]# openssl x509 -inform PEM -subject_hash_old -in cacert.pem 
269953fb
-----BEGIN CERTIFICATE-----
MIIDsjCCApqgAwIBAgIQZmMr3bVWEJxM947jj5o3mTANBgkqhkiG9w0BAQsFADBn
MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMRUw
EwYDVQQKDAxET19OT1RfVFJVU1QxITAfBgNVBAMMGERPX05PVF9UUlVTVF9GaWRk
bGVyUm9vdDAeFw0yMDEyMTQxMjI5MzRaFw0yNDAzMTQxMjI5MzRaMGcxKzApBgNV
BAsMIkNyZWF0ZWQgYnkgaHR0cDovL3d3dy5maWRkbGVyMi5jb20xFTATBgNVBAoM
DERPX05PVF9UUlVTVDEhMB8GA1UEAwwYRE9fTk9UX1RSVVNUX0ZpZGRsZXJSb290
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFLBB5NF0kS4oCUJY/AH
pTsKbV/ESvkyqzCJIRYctTVR9BS33ZaNGIN7v2/IT5bWohwYmu7r8SAGUB6DWCv2
mXvMi3+Ig+3OTJJ39M9gY66EXE97lPsPI9+EJ3D+LdBWj8LJicGaUpRhYPFUqoqj
/w7NeAH6YI5QUs4dU7b+J2YvasaztglCVr+UHWuTrIeW1+kMHXeQfz08qweoO0Op
tv6lJAzxD8lDsefJ4gpxchfAlXTVIwgrSuzIQ3mvQ9CH6yvCHclJvGaU4cUs5d5G
mgDzgyHBSDyUH1Okx3gIgwteXmeXpxAYo/+NxXcJUiWkzrmxzQ3RQJ7tFApCb55y
SQIDAQABo1owWDATBgNVHSUEDDAKBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBSbTb38qeFcqq8kUsyltWYgUpIbhjAOBgNVHQ8BAf8EBAMC
AQYwDQYJKoZIhvcNAQELBQADggEBAKfzDO8loiIjPio4b4NTPRtZ9O8VtrGZvRF0
MoaomwZ0M9FkG3Dk3yEBDeB8imSeoBnBA8+8HTTYVevV/S4k/+rZgCYwimXnA62d
kJ9/sK3ZTo6Q1fCW8KQVqaHbRkxQE4rC1TS8qrn4y3naqHWIdmrs4c+CYzC8YUAO
zMYTlObkPurtBNS3KzdrgrfqjqZwXiNhMCGTSfAXYkTGTcLhqMwHzsmk56A9Ekgw
E6SjwWUomJi90y0oqsvoSMMEjyHOnR7muzmZMdImO3hwmTfp8jvzTS+MVAl4QkeL
jeWWouRDJl/VVnWpKgh67epEPv57T406jlJaBoGcUTZn61yGGwo=
-----END CERTIFICATE-----
[root@dev-robot youfang]# ls
cacert.pem  FiddlerRoot.cer
[root@dev-robot youfang]# mv cacert.pem 269953fb.0
[root@dev-robot youfang]# ls
269953fb.0  FiddlerRoot.cer

三、将新证书放入手机系统证书目录

手机系统目录位置是: /system/etc/security/cacerts

需要拷贝至此目录必须拥有root权限

重启Android设备以生效

(拷贝证书至/system/etc/security/cacerts之后,重启手机就可以使证书生效了)

3.1 小米手机

  1. 刷入开发版本ROM自带ROOT
  2. 复制文件的时候由于system目录有锁会失败

安装System解锁工具:Syslock

安装操作即可

解锁完复制文件的时候,注意在ES中给文件修改RWE权限

四、操作完成

ES文件浏览器

可以下载ES文件浏览器

使用步骤:

打开“es文件浏览器”–“工具”–“Root工具箱”(如下图,蓝色为打开)–永久打开即可

备注

安卓证书格式:

1
2
3
4
证书路径:
/system/etc/security/cacerts
文件命名格式(如果计算出来的hash值已经存在则编号依次+1):
<证书Hash值>.编号

参考文档