IOS uses Charles to capture packets and tamper with the returned data,

IOS uses Charles to capture packets and tamper with the returned data,

I wrote this article mainly because I forgot to capture packets with blue and white porcelain some time ago. I did not find the complete tutorial I wrote after I checked it online for a long time, so after the problem is solved, I took the time to cut the figure and wrote it again and stored it in the blog garden for future reference.

Charles, also known as blue and white porcelain, plays an important role in iOS development. One of the three most useful aspects is to intercept requests sent by other people's software and back-end interfaces to practice development. Second, the response returned by the backend intercepts the modification and then receives it to test the critical data. Three write scripts repeatedly intercept and capture others' data. (Because it is not very moral, this article does not mention the third point)

1. Start preparations

First install the software

It is believed that many people should have installed it on their computers. If it is not installed, search for the cracked charles version. If you haven't installed the java environment, the first time you enter charles, you will be prompted to install the java package. You can directly link it to the official website of Apple. Just go to the next one-click installation.

After the installation is complete, open it first. perform the following operations.

Then go to the system preference settings of your computer-> network-> select the Connected Network (most people should be using WiFi) to find the IP address of your computer in the current wifi, for example, I am using 192.168.0.105. (It is recommended that you use a private network. If you use a company network, there may be restrictions that will not respond)

 

 

 

 

Then find your phone and connect to the wifi with the same name, and then select the blue I on the right.

Then go to the Advanced Settings page of the wireless LAN. Go to the bottom of the page and find the HTTP proxy. Select a manual proxy, enter the IP address found on your computer in the server, set the port to 8888, and click the upper left corner to return. After the return value is returned, the system automatically sets the proxy to reconnect.

At this time, your mobile phone will go through your computer. When you use a mobile phone to open a program connected to the Internet, a pop-up window will be displayed on your computer asking whether [allow] or [deny] cannot be rejected. Just click allow. The window is only displayed for the first time. If the figure is not captured, you will surely understand it. After you click agree, every request sent by your mobile phone will be intercepted.

 

2. Intercept the interface data of a software.

Take Netease news as an example. I used to practice this Netease news project. NetEase interfaces are all intercepted by charles. It intercepts what is sent when requests are sent to the Internet, and then directly obtains the link where data needs to be obtained in the exercise project.

Of course, there are many blocking operations above. If you have any development experience, you should be able to quickly see which interface on the right actually returns json data. You can also view the content one by one.

For example, select a url and right-click copy.

Put it in the browser address bar and click. See

This indicates that this interface is correct. Data can be obtained. Then you can give it a clear picture. Although many people use bash, I recommend a website http://www.w3cschool.cc/jsontool. After converting to JSON, it is very clear. After most software json files are compiled, all braces are opened by default, and all braces are closed by default for this website. I want to know which key-value pairs I want to open and how many key-value pairs I have in the dictionary, so it looks very clear.

This completes a complete process of pulling interfaces and obtaining data.

Here are two things I want to talk about:

① If the request sent by this App is encrypted or RSA or something, you cannot get the data even if the request is intercepted. Netease does not perform any encryption, so it can capture data. I tried to intercept Baidu's doctor before. It is set to get data within one minute, and the copied interface will not be able to get data after more than one minute. It is suspected that the HMAC method may be used for encryption, and the time judgment is added to it. The requests sent at 32 and 33 are encoded differently. The backend may be fault tolerant and you will be able to tell the requests at 32 and 31 points, if there is a match, it will let you pass, but after a whole minute, it will certainly not be able to get the data.

② It is a lot of large websites that generally open a developer platform. After registering a developer account, it will publish an interface document to you, so you don't have to block it. Such as Sina Weibo and public comments have a developer platform.

 

3. Change the returned data to test the critical condition.

This is the focus. This method allows an iOS front-end developer to complete the test independently without pulling a backend for joint debugging. In addition, you don't have to work hard to find any special dimensions or critical accounts. You can simply change them on blue and white porcelain to achieve the effect. For example, if the nil program is returned in this area, it will not crash. You can directly change the response. The following describes the specific operation scheme.

Go to the blue/white porcelain switch to structure page

Here we can see the breakpoint and debugging information

Find a page for our company. This page should have returned the following: for example, the right side

When you open this page normally, the blue and white porcelain will capture a lot of interfaces and domain name categories. It is not difficult to find the domain name category to which your page belongs. Click the breakpoint. Here, you must note that you need to set a breakpoint on the domain name rather than on a single request below.

When you use your mobile phone to access this page again, the data will be requested by the domain name you just clicked the breakpoint, and the data will be stopped by the breakpoint, as shown in.

The information on the right side is clear. You can edit the request at the beginning. If you click to execute in one step, you can edit the response when the response is returned.

There are several ways to view the data, but we recommend that you use JSON Text to view the data clearly. Now we modify the intercepted data. I have changed all these statistics to 999, as shown in figure

Then, click Execute at the bottom of the page to Execute the task. The changed data is displayed as the data is normally returned and displayed on the APP page.

This step shows that you have mastered the technology of using the blue/white porcelain tamper-resistant and return data test App.

 

The significance of doing so:

Here, we simply changed some numbers and displayed them more intuitively on the page. In practice, you can often change some values to critical conditions to see the App's response to these critical conditions, this is much lower than the test account cost for finding critical data. You can also find some fields that may not return the value, and directly Delete the values into nil to see if exceptions are reported.