Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what to do if APP can't catch the bag with python". In the daily operation, I believe many people have doubts about what to do when APP can't catch the bag with python. The editor consulted all kinds of materials and sorted out a simple and easy-to-use method of operation. I hope it will be helpful to answer the doubt that "APP can't catch the bag with python". Next, please follow the editor to study!

APP one-way authentication and two-way authentication of unidirectional authentication

In the case of one-way verification, the client verifies the certificate, and if there is a verification error, the two-way authentication cannot be accessed. When the client verifies the certificate, the server also verifies the certificate, and one end of the certificate verification fails to access the data. The disadvantage is that the pressure on the server is relatively high.

Treatment method

JustTrustMe is usually used.

The principle is that API is checked by Xpose Hook

APP does not leave the agent how to make sure that the APP does not use the agent?

Turn off the proxy server (fiddler and other proxy package grabbing tools) use mobile phone to access the browser web page failed, determine the failure of the agent to use APP access, normal access to determine that APP does not go to the proxy to access the network

Treatment method

Replace the package grabbing tool that is not based on the agent type (HTTP Analyzer V7 VPN-based HttpCanary- that cannot be used on real phones, HTTP Debug Pro, and mobile phones) hook-first decompiled to see which framework he used, and then targeted hook-Caiji dissuaded iptables from forcibly intercepting and forwarding

APP detected by the agent

APP access is normal before hanging up the agent, and APP cannot use to display network errors after hanging the agent.

Agent detection (method of hook agent detection) certificate detection (with JustTrustMe)

APP with two-way authentication

In the case of two-way authentication, when the client verifies the certificate, the server also has to verify the certificate, and one end of the certificate verification fails to access the data.

However, in order to achieve two-way verification in a two-way authentication APP, a server-side verification certificate is generally configured in APP, so we can find a server-side certificate in the client. As long as we configure this certificate in Fiddler, we can request it.

Ps: the certificate usually has a password, which needs to be decompiled to find the password, then imported into the system, then exported to .cer certificate format, and then configured in FiddlerScript.

At this point, the study on "what to do if APP can't catch the bag with python" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.