Mobile HTTPS grab bag those things--step-by-step article

The last time and everyone introduced the mobile phone side HTTPS grab packet, that is, in the case of the phone is not root or jailbreak the situation of how to crawl HTTPS traffic, but when the analysis of the application will find that many applications of HTTPS traffic is still unable to crawl, this is why?

The main reason is that the client in the implementation of the HTTPS request for the certificate verification, if the only check whether there is a certificate but not strict validation of the validity of the book, you can use the mobile phone client to install the Packet Capture tool certificate to bypass the signature verification, but if the client did a strict certificate verification, If it is not a trusted certificate, HTTPS communication does not work properly, how can we crawl HTTPS traffic for business analysis in this situation?

Next go to our second chapter-Advanced article, deep-seated grasping package (shallow-level grab packet- --Mobile HTTPS grab those things--elementary article ).

This time there will be a demand for our equipment, Android devices require equipment Root,ios equipment requirements jailbreak. We will continue to show how to do this in two platforms in succession.

Android Platform

The operation on the Android platform is mainly through hook, the application and the system to verify that the HTTPS certificate logic all hook to verify that the results are correct, so that regardless of the installed certificate is valid, can be normal HTTPS communication.

Here it is necessary to install the hook frame for mobile phone, the hook frame used here is xposted, the official:

Http://repo.xposed.info/module/de.robv.android.xposed.installer , it's important to note that In the android4.0-4.4 can be directly through the installation of the APK into the xposted frame, while the Android 5.0 above the need to brush into the xposted firmware package, the specific operation here will not repeat, there are a lot of tutorials on the web has been told very detailed.

If you want to make an HTTPS grab, you need to install an open source module for xposted--justtrustme,github The link address is:https://github.com/Fuzion24/JustTrustMe , Download the latest version of the installation package, install it into your phone, activate and restart your phone in xposted, and then grab the traffic in your phone.

IOS Platform

iOS will need to jailbreak the phone, you can use the most popular Pangu jailbreak tool, but currently only support iOS10 version, so do mobile security research or penetration testing, prepare an old version of the test machine is still very necessary, Maybe it's not going to work on the latest system.

On the other, the tool used on iOS is called SSL Kill Switch 2, which uses the Cydia substrate hook technology, which hooks up the iOS verification certificate function so that they accept any certificate.

SSL Kill Switch 2 is also an open source software on GitHub:Https://github.com/nabla-c0d3/ssl-kill-switch2 , here's a quick introduction to how to install the tool.

First, see if the following software is installed in the Cydia tool after jailbreak:

Debian Packagercydia Substratepreferenceloader

As shown in:

If the installation is complete, download the latest release package from GitHub:https://github.com/nabla-c0d3/ssl-kill-switch2/releases , as now as the latest version of v0.11 The installation package is Com.nablac0d3.sslkillswitch2_0.11.deb , the file is copied to the iOS device, the copy file can be itools, ifunbox and other tools.

：

Link your iOS device with SSH to find the Deb File transfer directory (/user/media):

Execute the following command to install:

Dpkg-i com.nablac0d3.sslkillswitch2_0.11-hup Springboard

Back in Cydia, check the installed software, already in the list.

This is the time to crawl HTTPS traffic.

Test

After the certificate is installed, access an HTTPS Web site with your phone, and you will find that HTTPS packets can be crawled.

Mobile HTTPS grab those things-advanced article