使用 SSL Pinning 的 Charles Proxy for Mobile 应用程序 [英] Charles Proxy for Mobile apps that use SSL Pinning

问题描述

Charles Proxy 网站评论说:

Charles Proxy website comments that:

请注意，某些应用会实施 SSL 证书固定，这意味着它们会专门验证根证书.因为应用程序本身正在验证根证书，所以它不会接受 Charles 的证书并且连接会失败.如果您已成功安装 Charles 根 SSL 证书，并且可以在 Safari 中使用 SSL 代理浏览 SSL 网站，但应用程序失败，则可能是 SSL Pinning 问题.

Note that some apps implement SSL certificate pinning which means they specifically validate the root certificate. Because the app is itself verifying the root certificate it will not accept Charles's certificate and will fail the connection. If you have successfully installed the Charles root SSL certificate and can browse SSL websites using SSL Proxying in Safari, but an app fails, then SSL Pinning is probably the issue.

可以肯定的是，即使移动应用程序使用 SSL 证书固定，是否也可以使用像 Charles Proxy(或其他监视器)这样的 HTTP 监视器?

Just to be certain, is it possible to use an HTTP monitor like Charles Proxy (or another monitor) even though a mobile app uses SSL certificate pinning?

推荐答案

正如 Steffen 所说，您可能需要修补应用程序以禁用证书固定.大多数移动应用程序不使用它:)因此您只需要启用 SSL与自签名证书的连接.允许使用 Android应用程序执行以下操作.首先下载apktool.然后解压APK文件(根据 apktool 2.4.1):

As Steffen said you might need to patch the app to disable certificate pinning. Most mobile apps don't use it though :) Thus you just need to enable SSL connections with self-signed certificate. To allow that with Android application do following. First Download apktool. Then unpack APK file (according to apktool 2.4.1):

java -jar apktool.jar d app.apk

通过将此属性添加到 application 元素来修改 AndroidManifest.xml:

Modify AndroidManifest.xml by adding this attribute to application element:

android:networkSecurityConfig="@xml/network_security_config"

创建文件res/xml/network_security_config.xml，内容如下:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
   <base-config>
      <trust-anchors>
         <certificates src="system" />
         <certificates src="user" />
      </trust-anchors>
   </base-config>
</network-security-config>

生成密钥以签署 APK:

Generate keys to sign APK:

keytool -genkey -alias keys -keystore keys -keyalg DSA

构建已修补的 APK:

Build patched APK:

java -jar apktool.jar b app -o app_patched.apk --use-aapt2

签署APK文件:

jarsigner -verbose -keystore keys app_patched.apk keys

如有必要，将 APK 转换为 JAR 以进行进一步分析:d2j-dex2jar.sh app.apk.更多信息:网络安全配置.

If necessary convert APK to JAR for further analysis: d2j-dex2jar.sh app.apk. More information: Network security configuration.

这篇关于使用 SSL Pinning 的 Charles Proxy for Mobile 应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！