通过 jmeter/burpsuite 为 Android/iOS 应用程序在代理会话时添加 SSL 证书异常 [英] Add SSL certificate exception while proxy session via jmeter/burpsuite for an Android/iOS App

问题描述

我正在尝试通过 Jmeter/Burpsuite 为与 HTTPS API 请求交互的 Android 或 iOS 应用程序录制会话，例如https//api.server.com/login

I'm trying to record a session via Jmeter/Burpsuite for and Android or iOS App which interact with an HTTPS API requests e.g. https//api.server.com/login

如果使用浏览器，我们可以添加 SSL 的例外，但是我们如何在 Android/iOS 的 App 上做代理.

We can add the exception of SSL if using a Browser, But how can we do so while doing proxy on App for Android/iOS.

推荐答案

简单的方法是通过电子邮件将证书发送给自己，在移动设备上打开电子邮件并使用系统对话框安装证书.

The easy way is sending the certificate to yourself by email, opening the email on the mobile device and installing the certificate using system dialog.

证书文件是 ApacheJMeterTemporaryRootCA.crt，当您启动 HTTP(S) 测试脚本记录器

The certificate file is ApacheJMeterTemporaryRootCA.crt and it's being generated in the "bin" folder of your JMeter installation when you start HTTP(S) Test Script Recorder

作为替代，也可以考虑使用 Mobile Recorder 服务，在这种情况下，您将被自动引导完成虚拟证书安装过程.此外，它可以在所谓的SmartJMX"模式下导出 JMeter 测试 - 应用自动关联，因此您不必浪费时间开发正则表达式来解决动态参数

As an alternative can also consider using Mobile Recorder service, in that case you will be automatically guided through dummy certificate installation process. Moreover, it can export JMeter tests in so-called "SmartJMX" mode - with automatic correlation applied so you won't have to waste your time on developing Regular Expressions to work around dynamic parameters

这篇关于通过 jmeter/burpsuite 为 Android/iOS 应用程序在代理会话时添加 SSL 证书异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！