iOS uses Charles (blue and white porcelain) to grab a packet and tamper with the returned data graphic

The opportunity to write this article is mainly in the previous period of time with a blue-and-white porcelain grab bag has a step to forget, in the online search for a half-day also did not find the complete tutorial, so to solve the problem after taking the time to cut the map, write it again in the blog Park in order to consult at any time later.

Charles, also known as blue and white porcelain, plays an important role in the capture of iOS development. The biggest three points of use, one is to intercept other people's software sent requests and backend interface, practice development. Second, the back end of their own response interception modified and then received to achieve the role of testing critical data. Three-write scripts repeatedly intercept data fetching others. (because it is not very ethical, this article does not mention the 3rd)

If you do not see this article in the Dong Yuan Blog Park, please click to view the original text.

1. Preparatory work before the start

First install this software

This is believed that a lot of people should be installed on the computer, not installed search Charles cracked version can also be easily searched. If the Java environment is not installed, the first entry to Charles will prompt you to install Java package, directly to your link is the Apple official website, go to the Next button to install the line.

When the installation is complete, open it and do the following.

Then go to your computer system Preferences-"network-" Select the network now attached (most people should be WiFi bar) can find their own computer in the current WiFi IP address, For example, I now this is 192.168.0.105 (the best advice to use a private network, with the company's network, there may be restrictions will be unresponsive problems)

Then find your phone also attached to the same name WiFi, and then select the right blue I.

Then go to the Advanced Settings page for this wireless LAN. Go inside and pull to the bottom to find the HTTP proxy word. Then check the manual agent, and fill the server with the IP address found by the computer, then the port 8888, and finally click on the upper left corner to return. The system automatically sets the agent reconnect after the return value.

This is when your mobile phone is going to go through your computer in the process of surfing the Internet. Just use a mobile phone to open a network of programs, your computer should show a pop-up window asked you "Allow" or "deny" must not be refused ah, let's go. This is only the first time to play the window, the picture is not cut, you will see the time must be able to understand. Every request made by your mobile phone will be intercepted when you agree to it.

2. Intercepting the interface data of a software

Take NetEase News example, previously practiced this has written NetEase news project, which NetEase interface is all with Charles Intercept. To intercept the NetEase when the request was sent, and then in the practice project need to obtain data in the place also put this link directly to use.

Of course, this is more than the above, if you have developed experience, you should be able to quickly see which is the interface that really returns JSON data. Or a single point of view of the content is ok ah.

For example, select a URL and then right-click Copy.

Put it in the browser's address bar and hit it. Can see

This means that the interface is right. Can get to the data. Then you can convert it and see it more clearly. Although a lot of people use bash to see, but I still recommend a URL http://www.w3cschool.cc/jsontool. The JSON looks very clear after the transfer. Most of the software JSON is sorted by default to open the curly braces, and only this site is the default all for you to close the curly braces. Think about which point you want to open, and how many key-value pairs are in the dictionary, so look very clear.

This completes a complete, pull interface, and data acquisition.

Here are two points I would like to say:

① is if the app sent a request encrypted or RSA or something, this even intercepted you can not get the data. NetEase is not doing any encryption, so it can crawl to the data. Previously tried to intercept Baidu doctor can not. He set a minute to get the data, more than 1 minutes this copy of the interface will not get data. Suspicion may be that the HMAC method is encrypted, and the time judgment is added to it. 32 points and 33 points issued by the request after the code is not the same, the background may do a fault-tolerant, will be 32 points and 31 points and you judge, as long as there is a right to let you, but more than a full minute after it is certainly not access to data.

② is a lot of large-scale web site, generally open a developer platform, the registration of the developer account will be exposed to you a interface document, you do not have to bother to intercept. There are developer platforms like Sina Weibo and popular reviews.

3. Change the return data to test the critical condition.

This is the point. Because this approach allows an iOS front-end developer to test independently without pulling a back end together. and a variety of special dimensions, or the critical account is not to be hard to find, just their own in the blue and white porcelain to change to be able to achieve the effect. For example this place if return to nil program will not collapse, directly change response on the line. The following are the specific operating scenarios.

Open blue and white porcelain switch into structure page

Breakpoints and debugging information can be seen here

Then find a page of our company. This page should have been returned as follows: on the right

You start the normal open this page to play a few, this blue and white porcelain will crawl a lot of interfaces and domain name classification. It should be easy to find the domain name category you belong to on this page. Then hit the breakpoint. It is important to note that you break points on a domain name rather than on a single request below.

Use your phone again to enter this page, will be through the domain you just interrupted point to request data, will be stopped by breakpoints, as shown.

The message on the right is also clear, and you can edit the request at the beginning. If you click on single-Step execution, you can also edit the response when you return.

There are several ways to look at this, but it is recommended to use JSON text to see more clearly. Now that we've made changes to the intercepted data, I've changed all these statistics to 999.

Then click on execute step below again, and the changed data will appear as normal returned data, and the app's page shows.

The ability to come to this point shows that we have mastered the technology of using blue-and-white porcelain to tamper with the data test app.

If you do not see this article in the Dong Yuan Blog Park, please click to view the original text.

The meaning of doing so:

Here are just a few simple changes to the number, the page display more intuitive. In the actual operation, you can often use to change certain values to a critical condition to see how the app reacts when dealing with these critical conditions, which is much lower than the cost of the test account for those critical data. You can also find some fields that may not reverse the value, just delete the values inside to nil, and see if they will be reported as abnormal and so on.

iOS uses Charles (blue and white porcelain) to grab a packet and tamper with the returned data graphic