Some said that Charles can't catch the android 7.0 HTTPS requests, but I tried using android 6.0 mobile phone also not line,
If it is really Charles can't catch the android 7.0 HTTPS requests, what's the most convenient way to modify?
CodePudding user response:
Caught failure there are two possible factors:1. The Android API can be in the network link, the required Proxy. NO_PROXY, this time, the use of Charles (Mac OS), Fiddler (Windows) are not enough, is Android library directly without the use of agent, so can't catch.
2. The second is network link limit, grasp the HTTPS package, for example, the original client and server to use the two-way HTTPS authentication, Charles certificate cannot be used, the client of the Android system will detect the server certificate, the server will detect the client request certificate, then Charles as intermediate certificate is unable to request right,
For one solution is to use the Droni this Android APP, equivalent to provide a local VPN way, so that the client NO_PROXY invalid, of course, if the client added NO_VPN Settings, also not line,
Is no solution for 2, this can only be from a different Angle to deal with, have the following way:
1. If it is a one-way authentication, is the client authentication server, the server does not validate the client, you can in the Root cell phone, use xposed + just trustme configuration caught again,
2. If it is a two-way content, may, by way of xposed and hooks to the request of the access network addresses, log printing way, to assist in obtaining, such as the Uri u=new Uri (" https://hman.info/"); This statement, you can be Xposed to Hook the Uri/Url structure,
This 2 is very complicated, and why now most of the service platform for the cause of the HTTPS, use HTTPS two-way authentication, can effectively protect the network content,
3. For this way, all from the network, there is a kind of can by decompiling, static analysis directly, if it is reinforced, so you can use the real machine + + Fdex2 Xposed to try hulling export, reoccupy dex2jar and jd - GUI to assist decompiling, see the source code, static analysis network request,
In general, you too hard ~, android programmer too difficult ~
CodePudding user response:
Try to use virtualXposed