通过jmeter / burpsuite为Android / iOS应用程序进行代理会话时添加SSL证书例外 [英] Add SSL certificate exception while proxy session via jmeter/burpsuite for an Android/iOS App

问题描述

我正在尝试通过Jmeter / Burpsuite for和Android或iOS App记录与HTTPS API请求进行交互的会话，例如https // api.server.com / login

I'm trying to record a session via Jmeter/Burpsuite for and Android or iOS App which interact with an HTTPS API requests e.g. https//api.server.com/login

如果使用浏览器，我们可以添加SSL例外，但是当在Android版App上进行代理时，我们该如何添加/ iOS。

We can add the exception of SSL if using a Browser, But how can we do so while doing proxy on App for Android/iOS.

推荐答案

最简单的方法是通过电子邮件将证书发送给自己，在移动设备上打开电子邮件并安装使用系统对话框的证书。

The easy way is sending the certificate to yourself by email, opening the email on the mobile device and installing the certificate using system dialog.

证书文件为 ApacheJMeterTemporaryRootCA.crt ，并且在安装JMeter的 bin文件夹中生成该文件您开始 HTTP（S）测试脚本记录器

The certificate file is ApacheJMeterTemporaryRootCA.crt and it's being generated in the "bin" folder of your JMeter installation when you start HTTP(S) Test Script Recorder

作为替代方案，也可以考虑使用 Mobile Recorder 服务，在这种情况下，系统会自动引导您完成虚拟证书安装过程。而且，它可以以所谓的 SmartJMX模式导出JMeter测试-应用了自动关联，因此您不必浪费时间开发正则表达式来解决动态参数

As an alternative can also consider using Mobile Recorder service, in that case you will be automatically guided through dummy certificate installation process. Moreover, it can export JMeter tests in so-called "SmartJMX" mode - with automatic correlation applied so you won't have to waste your time on developing Regular Expressions to work around dynamic parameters

这篇关于通过jmeter / burpsuite为Android / iOS应用程序进行代理会话时添加SSL证书例外的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！