r0ysue / r0capture Goto Github PK
View Code? Open in Web Editor NEW安卓应用层抓包通杀脚本
License: Apache License 2.0
安卓应用层抓包通杀脚本
License: Apache License 2.0
对微信进行抓包时,抓包的流量十分有限,抓不到有意义的http流量
运行: python r0capture.py -U -f com.qiyi.video
报错信息:frida.InvalidArgumentError: device not found
运行:报错,且没有导出客户端证书,(App已添加存储权限)
python r0capture.py -H 192.168.50.153:8888 -f xxx.xxx.xxx.xxx -v
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
^CYou have stoped logging.
^C^C^C^C^CYou have stoped logging.
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.test.vc-2/base.apk"],nativeLibraryDirectories=[/data/app/com.test.vc-2/lib/arm, '
'/data/app/com.test.vc-2/base.apk!/lib/armeabi-v7a, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.test.vc-2/base.apk"],nativeLibraryDirectories=[/data/app/com.test.vc-2/lib/arm, '
'/data/app/com.test.vc-2/base.apk!/lib/armeabi-v7a, /vendor/lib, '
'/system/lib]]\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at <anonymous> (/script1.js:190)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/index.js:212)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOpsWhenReady '
'(frida/node_modules/frida-java-bridge/index.js:231)\n'
' at perform (frida/node_modules/frida-java-bridge/index.js:191)\n'
' at <eval> (/script1.js:222)',
'type': 'error'}
Traceback (most recent call last):
File "r0capture.py", line 63, in <module>
import frida
ModuleNotFoundError: No module named 'frida'
Traceback (most recent call last):
File "D:/Projects/work/frida_project/r0capture/r0capture.py", line 351, in
ssl_log(int(parsed.process) if parsed.process.isdigit() else parsed.process, parsed.pcap, parsed.verbose, isUsb=parsed.isUsb, isSpawn=parsed.isSpawn, ssllib=parsed.ssl, wait=parsed.wait)
File "D:/Projects/work/frida_project/r0capture/r0capture.py", line 288, in ssl_log
script = session.create_script(_FRIDA_SCRIPT)
File "C:\Users\Vincent\Anaconda3\envs\frida\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "C:\Users\Vincent\Anaconda3\envs\frida\lib\site-packages\frida\core.py", line 204, in create_script
return Script(self._impl.create_script(*args, **kwargs))
frida.InvalidArgumentError: script(line 195): SyntaxError: function statement not allowed
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 833A98DD38DCA4E3FAA733B177DE922A6B10A0958B473301799FA91CAEF1ACF3
[SSL_read] 115.159.231.144:443 --> 172.16.1.15:54395
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: B5FEB6A8BFF0EDC0B2C09F0DC545B9A217E1DC4A95790CA1A4DB932EE3D859B0
[SSL_read] 123.206.235.144:443 --> 172.16.1.15:47914
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: D4E416C3AE4F321FFA8196616BC8C251E7E3954DCD3D200138309E67CCA1DFF5
[SSL_read] 123.206.235.145:443 --> 172.16.1.15:34207
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: DD9542DD18D63C80C062E26EC2673A637E9B085103A342B444166EC196021C89
[SSL_read] 123.206.235.144:443 --> 172.16.1.15:47912
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session:
[HTTP_send] 172.16.1.15:33222 --> 14.22.7.140:80
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session:
[HTTP_recv] 14.22.7.140:80 --> 172.16.1.15:33222
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
报错如下:
{'columnNumber': 1,
'description': 'Error: Implementation for socketRead0 expected return value '
'compatible with int',
'fileName': 'frida/node_modules/frida-java-bridge/lib/class-factory.js',
'lineNumber': 614,
'stack': 'Error: Implementation for socketRead0 expected return value '
'compatible with int\n'
' at ne '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:614)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:592)',
'type': 'error'}
安卓7.1 frida版本 14.2.2和12.8.20都试过,抓的过程中报错如上,试过手淘,美团,拼多多。。。。
你好呀!
刚开始抓的一般app没发现问题。
不过后来试着抓浏览器的包,试了好几个浏览器都发现没有抓下东西
个人猜想不是因为包名选的是浏览器,但是浏览网页时的流量是通过webview的,所以抓不到?
hi there
does not working on Genymotion
facebook , or twitter or instagram
ebay抓不到包耶
真机安卓6运行报错,不知是否可以修复一下,以支持程序在安卓6上的运行。
报错如下
attach
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.sankuai.meituan.takeoutnew-1/base.apk"],nativeLibraryDirectories=[/data/app/com.sankuai.meituan.takeoutnew-1/lib/arm, '
'/data/app/com.sankuai.meituan.takeoutnew-1/base.apk!/lib/armeabi, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 126,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.sankuai.meituan.takeoutnew-1/base.apk"],nativeLibraryDirectories=[/data/app/com.sankuai.meituan.takeoutnew-1/lib/arm, '
'/data/app/com.sankuai.meituan.takeoutnew-1/base.apk!/lib/armeabi, '
'/vendor/lib, /system/lib]]\n'
' at frida/node_modules/frida-java-bridge/lib/env.js:126\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:459\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:840\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:128\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:83\n'
' at /script1.js:193\n'
' at frida/node_modules/frida-java-bridge/lib/vm.js:11\n'
' at frida/node_modules/frida-java-bridge/index.js:446\n'
' at frida/node_modules/frida-java-bridge/index.js:395',
'type': 'error'}
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ysw.app-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ysw.app-1/lib/arm, '
'/data/app/com.ysw.app-1/base.apk!/lib/armeabi-v7a, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 126,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ysw.app-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ysw.app-1/lib/arm, '
'/data/app/com.ysw.app-1/base.apk!/lib/armeabi-v7a, /vendor/lib, '
'/system/lib]]\n'
' at frida/node_modules/frida-java-bridge/lib/env.js:126\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:459\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:840\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:128\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:83\n'
' at /script1.js:193\n'
' at frida/node_modules/frida-java-bridge/lib/vm.js:11\n'
' at frida/node_modules/frida-java-bridge/index.js:446\n'
' at frida/node_modules/frida-java-bridge/index.js:395',
'type': 'error'}
Terminated: 15
我是Python新手,不太明白frida的机制
运行项目时出现frida.ServerNotRunningError: unable to connect to remote frida-server: closed
我想应该是我没有开启服务之类的,能否详细说一下这个抓包的流程?
这个是运行在手机本机上吗?是否为代理模式?
我尝试了好几个APP最终都是没有成功抓到包。(google真机实验:酷安9.6.2版、Instagram165版等其他都没有成功)
Spawn 模式运行:被抓包的APP直接闪屏退出,随后出现下面的错误,接着又重新自动启动。
Press Ctrl+C to stop logging.
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, /vendor/lib, '
'/system/lib]]\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at (/script1.js:192)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at '
'(frida/node_modules/frida-java-bridge/index.js:229)\n'
' at apply (native)\n'
' at ne '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:613)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:592)',
'type': 'error'}
Attach 模式运行:也是会出现错误,并会在r0capture.py同级目录下生成空的 .pacp文件。错误如下:
attach
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, /vendor/lib, '
'/system/lib]]\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at (/script1.js:192)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at '
'(frida/node_modules/frida-java-bridge/index.js:212)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOpsWhenReady '
'(frida/node_modules/frida-java-bridge/index.js:231)\n'
' at perform (frida/node_modules/frida-java-bridge/index.js:191)\n'
' at (/script1.js:224)',
'type': 'error'}
我相信这个应该不只有我自己遇到,希望之前有遇到并解决了这个问题的朋友们可以交流一下,谢谢!
hexdump 是不是需要安装
运行抓包脚本报错
执行 python3 r0capture.py -U -f com.px.app -v
SSL Session: 260DD20314522F822376002763B4407F0901476261B7DC3C70E
[SSL_write] 172.17.100.15:51203 --> xxxx:443
Traceback (most recent call last):
File "C:\Users\xxx\AppData\Local\Programs\Python\Python37-32\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 236, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 260DD20314522F822376002763B4407F0901476261B7DC3C70E333900E
[SSL_read] xxx:443 --> 172.17.100.15:51203
Traceback (most recent call last):
File "C:\Users\xxx\AppData\Local\Programs\Python\Python37-32\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 236, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
You have stoped logging.
https 不安装证书能抓吗,能解析吗
如果需要证书,如何安装呢,谢谢
华为游戏中心抓到的包是 ssl 加密的,且没导出证书
是否能抓到那些绕过了代理的包。
程序和正常的charles等抓包工具的原理(中间人攻击)是一样的吗?
示例:mei团外卖app, 获取商超门店信息;
由于有代理检测,所以正常charles是抓不到包的。使用全局代理软件:drony后,是可以抓到包的(也是走http协议)。
1、是否能支持需要全局代理的抓包。
2、全局代理后,app应用能“感知”到使用了代理,这使得响应数据可能异常,是否能避开“感知”,无感知抓包。
是否可以增加连接模拟器的功能?手机有时候不方便
Package Version
-------------- -------
colorama 0.4.4
frida 14.1.2
frida-tools 9.0.1
hexdump 3.3
pip 18.1
prompt-toolkit 3.0.8
Pygments 2.7.2
setuptools 40.6.2
wcwidth 0.2.5
--------------------------------------------------------------------------------------------
.oooo. .
d8P'`Y8b .o8
oooo d8b 888 888 .ooooo. .oooo. oo.ooooo. .o888oo oooo oooo oooo d8b .ooooo.
`888""8P 888 888 d88' `"Y8 `P )88b 888' `88b 888 `888 `888 `888""8P d88' `88b
888 888 888 888 .oP"888 888 888 888 888 888 888 888ooo888
888 `88b d88' 888 .o8 d8( 888 888 888 888 . 888 888 888 888 .o
d888b `Y8bd8P' `Y8bod8P' `Y888""8o 888bod8P' "888" `V88V"V8P' d888b `Y8bod8P'
888
o888o
https://github.com/r0ysue/r0capture
--------------------------------------------------------------------------------------------
attach
Traceback (most recent call last):
File "r0capture.py", line 346, in <module>
ssl_log(int(parsed.process) if parsed.process.isdigit() else parsed.process, parsed.pcap, parsed.verbose, isUsb=parsed.isUsb, isSpawn=parsed.isSpawn, ssllib=parsed.ssl, wait=parsed.wait)
File "r0capture.py", line 256, in ssl_log
session = device.attach(process)
File "/Users/esingtse/.pyenv/versions/frida/lib/python3.6/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/Users/esingtse/.pyenv/versions/frida/lib/python3.6/site-packages/frida/core.py", line 156, in attach
return Session(self._impl.attach(self._pid_of(target)))
frida.TransportError: the connection is closed
Instrgram在抓包开始前运行python r0capture.py -U com.instagram.android -p ins.pcap
,程序会直接闪退,重新打开程序的时候报错
传统的charles fiddler等抓包软件, 都是配置代理的方式来抓包, 手机端配置代理
r0capture 这个要怎样来抓包呢? 手机端怎么配置?
Is there any way with which we can proxy the traffic to mitmproxy or any other tool instead of saving it as a PCAP file?
Traceback (most recent call last):
File "/root/r0capture/r0capture.py", line 356, in
ssl_log(
File "/root/r0capture/r0capture.py", line 257, in ssl_log
pid = device.spawn([process])
File "/usr/local/lib/python3.9/dist-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/dist-packages/frida/core.py", line 140, in spawn
return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.ServerNotRunningError: unable to connect to remote frida-server
# -*- coding: utf-8 -*-
你好,肉丝姐,在应用到一个flutter-app的时候,报错如下:
attach
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ec.vc-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ec.vc-1/lib/arm, '
'/data/app/com.ec.vc-1/base.apk!/lib/armeabi-v7a, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ec.vc-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ec.vc-1/lib/arm, '
'/data/app/com.ec.vc-1/base.apk!/lib/armeabi-v7a, /vendor/lib, '
'/system/lib]]\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at <anonymous> (/script1.js:193)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/index.js:212)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOpsWhenReady '
'(frida/node_modules/frida-java-bridge/index.js:231)\n'
' at perform (frida/node_modules/frida-java-bridge/index.js:191)\n'
' at <eval> (/script1.js:225)',
'type': 'error'}
testapp: https[]//v-com.life/Android/V-Com-1.0.3.apk
最近在研究flutter app抓包,真是碰到硬石头了。
此app有内置证书校验,查询了网上的办法,但frida hook 不到 libflutter.so
function listmodules()
{
Process.enumerateModules({
onMatch: function(module){
console.log(JSON.stringify(module));
if(module.name == "libflutter.so"){
console.log("Base address: " + module.base)
console.log(JSON.stringify(module));
var pattern = "2d e9 f0 4f a3 b0 81 46 50 20"
var results = Memory.scanSync(module.base, module.size, pattern);
console.log('Memory.scanSync() result:\n' +
JSON.stringify(results));
}
},
onComplete: function(){}
});
}
请问这个问题我应该怎样做呢
SSLpinning position locator => /system/etc/security/cacerts 929ec953.0
java.lang.Throwable
at java.io.File.(Native Method)
at android.security.net.config.DirectoryCertificateSource.findCerts(DirectoryCertificateSource.java:147)
at android.security.net.config.DirectoryCertificateSource.findAllByIssuerAndSignature(DirectoryCertificateSource.java:118)
at android.security.net.config.SystemCertificateSource.findAllByIssuerAndSignature(SystemCertificateSource.java:27)
at android.security.net.config.CertificatesEntryRef.findAllCertificatesByIssuerAndSignature(CertificatesEntryRef.java:65)
at android.security.net.config.NetworkSecurityConfig.findAllCertificatesByIssuerAndSignature(NetworkSecurityConfig.java:146)
at android.security.net.config.TrustedCertificateStoreAdapter.findAllIssuers(TrustedCertificateStoreAdapter.java:46)
at com.android.org.conscrypt.TrustManagerImpl.findAllTrustAnchorsByIssuerAndSignature(TrustManagerImpl.java:917)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:548)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:321)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:113)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:131)
at java.lang.reflect.Method.invoke(Native Method)
at android.net.http.X509TrustManagerExtensions.checkServerTrusted(X509TrustManagerExtensions.java:102)
at bcai.a(SourceFile:3)
at org.chromium.net.X509Util.a(SourceFile:69)
at org.chromium.net.AndroidNetworkLibrary.verifyServerCertificates(SourceFile:8)
你好, 真机环境, Nexus 6p, Android 8.1.0
使用r0capture抓包之后, 被抓App的响应速度非常慢, 大部分图片无法加载, 请问是在哪里导致?
尝试了京东v8.4.0 和 滴滴v5.4.18_903,android8.1.0,主要抓包订单信息,滴滴可以抓到订单详情的返回,请求抓不到;京东完全抓不到。
columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '...
你好👋作者大大,首先我拿到这个项目。我以为是可以局域网arp欺骗然后截获android设备的所有ssl流量。可是我看到你的参数-U 后面连接的是com.qiyi.video,而且执行中没有输入任何ip地址,我不太懂这是什么意思。-U参数是connect to USB device,我也在网上搜了一下,目前没有次项目的教程。请问能请教一下吗? @r0ysue
已知APP做了加固,比如爱加密、邦邦加固,这些都有反调试、反HOOK的功能,是否还有效?
不太会用这种方式抓包,能否指导下如何使用?
我让流量经过 charles,http2 的包在 charles 有记录,但是脚本没有记录,是因为http2使用了其他的函数发包的吗?
frida.ServerNotRunningError: unable to connect to remote frida-server: closed
r0capture最新版
frida 14.2.3
{'columnNumber': 1,
'description': 'TypeError: not a function',
'fileName': '/script1.js',
'lineNumber': 353,
'stack': 'TypeError: not a function\n'
' at (/script1.js:353)\n'
' at apply (native)\n'
' at ne '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:613)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:592)',
'type': 'error'}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.