问题描述
我遵循了有关如何在 android 模拟器上添加 fiddler 证书的说明,使用 nox 和 memu 模拟器,以及运行棉花糖的 android 手机,我将 WiFi 代理设置为通过本地网络指向我的 PC,当我使用网络浏览器打开一个网站,一切正常,我收到警告,我选择继续,并且使用 fiddler 成功建立了隧道和解密连接.
I have followed instructions on how to add fiddler certificate on android emulator, using both nox and memu emulators, as well as my android phone running marshmallow, I set the WiFi proxy to point to my PC over the local network, when I open a website using a web browser, things work fine, I receive the warning, I choose to proceed and the connection is successfully tunneled and decrypted using fiddler.
但是,当我尝试使用其他应用程序时,连接失败!我看到隧道连接,然后连接失败.我敢打赌,这是由于 HTTPS 证书无效,所以我的问题是,有没有办法让我将 fiddler 安装到受信任的机构,以便在没有警告的情况下连接到它?所以我终于可以调试进出这些应用的 HTTPS 流量了.
But, when I try to use other apps, connections fail! I see the tunnel connections, and then connection fails. My bet is, it's due to the invalid HTTPS certificate, so my question is, is there a way for me to install fiddler to the trusted authorities so connecting to it will go through without the warning? So I can finally debug HTTPS traffic from and to those apps.
我在 SO 上发现了类似的问题,但没有一个和我的完全一样,也没有正确的答案,所以我不确定这个问题是否真的有资格作为重复.
I found similar questions here on SO, but none of them were exactly the same as mine, nor did they have the right answers, so I'm not sure if this question does in fact qualify as a duplicate.
谢谢
推荐答案
在使用为目标 API 级别 24 (Android 7) 或更高级别开发的应用程序的现代 Android 设备上,嗅探流量不再那么简单.应用程序的目标 API 级别在 条目中的 AndroidManifest.xml 文件中定义.
On modern Android devices using apps developed for target API Level 24 (Android 7) or higher sniffing traffic is not that simple anymore. The target API level of an app is defined it's AndroidManifest.xml file in the entry <uses-sdk android:targetSdkVersion="??"/>.
主要问题是,如果您在 Android 中安装 Fiddler 根 CA 证书,它会被标记为用户证书(而不是系统证书).除非在应用程序中明确配置那些 用户证书不受信任.
The main problem is that if you install the Fiddler root CA certificate in Android it is marked as user certificate (not system certificate). And unless explicitly configured in an app those user certificates are not trusted.
请注意,某些应用程序进一步使用证书固定(叶或根 CA 固定).因此,即使 Fiddler 根 CA 证书安装为系统证书,应用程序也不会信任此证书,因为它在证书锁定时失败.
Note that some apps further use certificate pinning (leaf or root CA pinning). Therefore even if the Fiddler root CA certificate is installed as system certificate the app won't trust this certificate as it fails on the certificate pinning.
证书固定也是网站的一项功能,因此某些网站会在 Web 浏览器缓存中保存证书哈希,以将网站固定到某个证书.在这种情况下,清除浏览器缓存通常就是删除那些固定数据.
Certificate pinning is also a web site feature, hence some sites save a certificate hash in the web browser cache that pins the site to a certain certificate. In such a case clearing the browser cache is usually removing those pinning data.
如果您的设备已root,您可以尝试安装 Fiddler 根 CA 证书作为系统证书.Mitmproxy 文档包含如何手动安装 mitmproxy证书.
If your device is rooted you can try to install the Fiddler root CA certificate as system certificate. The Mitmproxy documentation contains a how-to for manually installing the mitmproxy certificate.
如果您使用 Magisk 对手机进行了 root 操作,则有一个 Magisk 模块似乎能够自动安装用户证书作为系统证书:https://github.com/NVISO-BE/MagiskTrustUserCerts
If you have rooted the phone using Magisk, there is a Magisk module that seems to be able to install user certificates automatically as system certificates: https://github.com/NVISO-BE/MagiskTrustUserCerts
或者,您可以安装 Magisk + Edxposed + TrustMeAlready Xposed 模块.这允许在系统范围内禁用证书检查.
Alternatively you can install Magisk + Edxposed + TrustMeAlready Xposed module. This allows to disable certificate checking system wide.
还可以在设备上安装并运行 Frida-Server 并连接到您有兴趣修改的应用程序在运行时检查 SSL/TLS 证书.AFAIK 基于 Frida 的框架 Objection 有一些脚本可以这样做.
Also possible is installing and run Frida-Server on the device and hook into the app you are interested to modify the SSL/TLS certificate checking at run-time. AFAIK the Frida based framework Objection has some scripts to do so.
在非 root 设备上,只有在将应用程序安装到设备上之前修改应用程序的选项.请注意,某些应用会检测到它们已被修改并拒绝运行.
On a non-rooted device there is only the option to modify the application before you install it onto the device. Note that some apps will detect that they have been modified and will refuse to work.
要让应用信任用户证书,您必须修改network_security_config.xml(参见例如此处a>) 包含在应用程序中.您可以使用 apktool 来反编译/重新编译应用程序.不要忘记重新签名重新编译/重新打包的应用程序,例如使用 Android SDK 中的 apksigner.
To let the app trust user certificates you have to modify network_security_config.xml (see e.g. here) included in the app. You can use apktool to decompile/recompile the app. Don't forget to re-sign the recompiled/repackaged app e.g. using apksigner from Android SDK.
有一些工具可以自动进行反编译、修改和签名,例如 apk-mitm.
There are some tools available that automate the decompiling , modification and signing like apk-mitm.
还可以通过在应用中包含适用于 Android 的 Frida 小工具来修改应用.这将允许在非 root 设备上将 Frida 用于此特定应用.
There is also the possibility to modify an app by including the Frida gadget for Android into the app. This would allow to use Frida for this specific app on a non-rooted device.
这篇关于某些 androids 应用程序无法通过 fiddler 连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!