Shulou(Shulou.com)06/03 Report--

present context

The company's new project requires capturing data from some popular apps currently on the market. After research, it is found that many App's network requests use https for data transmission, so the problem comes. http uses plaintext transmission to intercept all requests, while https requests cannot be intercepted.

So here we want to use Charles to grab https, but the author read a lot of articles on the Internet using iOS devices to grab https, after testing iOS 8/10/11 can not do normal crawling, even if the trust certificate does not work.

After constant attempts by the author, I finally successfully grabbed https on Android 5.0. After research, it was found that Charles Grab can be used normally under Android 7.0. Android 7.0 and above should block this method by default.

Charles installation here gives the link to download the official website If you need to crack the file Click here to install the cracking process You can view this article Charles configuration Configure the root certificate on the computer side

Open Charles, I'm using version 4.2.5 here:

install a root certificate

Mac needs to set up trust certificate

After installation, the keychain access interface will pop up, as shown in the figure:

Double-click the certificate to pop up the certificate details interface, click the "Trust" option, and then set all to Always Trust, as shown in the figure:

Configure root certificate on mobile

On the PC side, choose to install the certificate of the mobile side:

After selection, IP and port number will be displayed, which is used to set http proxy for mobile phone:

Set the mobile phone network to the http proxy of the computer:

At this time, it must be ensured that the mobile phone and the computer are on the same network, and the mobile phone can access the ip and port of the computer.

When accessing the network after setting is completed, the server will pop up a prompt, click Allow(agree to connect):

Mobile browser (I use Chrome) visit chls.pro/ssl, download certificate and install (certificate name arbitrary):

Configure the capture rules on the PC side Enter Charles SSL proxy settings:

2. Tick Start SSL Proxy and add a grab rule, such as a request to grab all https(port 443):

3. At this time, open the https request application on the mobile phone, and you should be able to see the https request data normally: as shown in the figure:

Frequently Asked Questions 1. Unable to open APP after configuration

When we grab, we encounter individual APP that cannot be opened after configuring the proxy. This is mainly because the APP has done anti-grab processing, such as verifying whether the https certificate is legal, etc. This solution can be solved by decompiling the APP and viewing the source code, which is more difficult.

2. The content captured is garbled.

In order to prevent grabbing, some apps do layer encryption on the returned content, so the content seen from Charles is garbled. In this case, you can only decompile the APP and study its encryption and decryption algorithm to decrypt it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.