小提琴手 - 解密的Android HttpsUrlConnection SSL流量 [英] Fiddler - Decrypt Android HttpsUrlConnection SSL traffic
问题描述
我花了无数的时间试图解密通过提琴手的Android SSL流量HttpsUrlConnection很少成功。我如何可靠地配置提琴手SSL流量从一个Android应用程序中使用解密HttpsUrlConnection?
I've spent countless hours trying to decrypt Android SSL traffic via Fiddler for HttpsUrlConnection with very little success. How do I reliably configure Fiddler to decrypt SSL traffic from an Android app using HttpsUrlConnection?
下面是我的步骤
- 运行上的提琴手PC(用适当的设置:捕捉HTTPS连接,解密HTTPS流量,允许远程计算机连接)
- 在配置上的Android设备代理,通过电脑运行小提琴手无线连接
- 从Android设备打开的浏览器输入http:// [PC运行小提琴手的IP]:8888下载FiddlerRoot证书。名称并进行安装。
- 开启 https://www.google.com 在Android浏览器和浏览解密的流量在提琴手在PC上。
- Run Fiddler on PC (With proper settings: capture HTTPS Connect, decrypt HTTPS traffic, allow remote computers to connect)
- Configure wireless connection on Android device to proxy through pc running fiddler
- From android device open browser to http://[ip of pc running fiddler]:8888 and download "FiddlerRoot certificate". Name and install it.
- Open https://www.google.com in android browser and view decrypted traffic in Fiddler on PC.
以上的作品。的问题是,非浏览器机器人流量显示在拉琴作为连接隧道。我的初步研究表明这一问题是由于证书是如何通过HttpsUrlConnection信任的,所以我确信在此基础上文章<一个信任所有证书href="https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf">https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf
The above works. The problem is that non-browser android traffic shows up in Fiddler as connect tunnels. My initial research suggested the issue was due to how certs were trusted via HttpsUrlConnection so I made sure to trust all certs based on this article https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf
不幸的是信任所有证书并没有为我与HttpsUrlConnection让我停了下来调查工作。几天后,我决定再试一次,惊讶地发现,提琴手交通一度被解密的HttpsUrlConnection!不幸的是我没有做任何进一步的修改来解决这个问题,所以我不完全知道为什么它开始工作。它的工作原理与设备是LG-擎天柱L9 Android版本4.0.4,并扎根。
Unfortunately trusting all certs didn't work for me with HttpsUrlConnection so I stopped investigating. A few days later I decided to try again and was surprised to find that fiddler traffic was being decrypted for HttpsUrlConnection! Unfortunately I didn't make any further changes to fix this so I'm not entirely sure why it started working. The device it works with is an LG-Optimus L9 Android version 4.0.4 and is rooted.
现在我想这个配置对于一台Nexus 7 Android版本4.2.2(不是植根),但可惜我所有的小提琴手看到的是连接隧道。由于这两种设备上的证书具有相同的序列和应用程序,我的测试是相同的,我难倒,为什么我不能配置小提琴手与其他Android设备。
Now I'm trying to configure this for a Nexus 7 Android Version 4.2.2 (not rooted) but alas all I see in fiddler are the connect tunnels. Since the cert on both devices has the same serial and the app I'm testing is identical I'm stumped as to why I can't configure Fiddler with another Android device.
要总结
- 提琴手可以解密从LG擎天柱SSL流量,但只显示从的Nexus 7 连接隧道
- 在两个设备都运行相同的应用程序,它使用HttpsUrlConnection网络请求
- 在这两款器件具有相同的小提琴手证书安装(连续匹配),并没有安装其他用户的证书。
- 请不要以为这些事,但...
- 在根植设备(LG擎天柱的Android 4.0.4)使用代理服务器的Droid指向PC上运行的提琴手
- 非root权限的设备(的Nexus 7的Android 4.2.2)使用内置的修改网络为指向PC上运行的提琴手
- Fiddler can decrypt SSL traffic from the LG Optimus but only shows connect tunnels from Nexus 7
- Both devices are running the same app which uses HttpsUrlConnection for network requests
- Both devices have the same fiddler cert installed (serials match) and no other user cert installed.
- Don't think these matter but...
- Rooted device (LG Optimus Android 4.0.4) uses Proxy Droid to point to PC running fiddler
- Non rooted device (Nexus 7 Android 4.2.2) using built in "modify network" to point to PC running fiddler
推荐答案
显示我的研究,有在HttpsUrlConnection pipeling实现中的错误。
My research shown that there is a bug in HttpsUrlConnection pipeling implementation.
要解决一个问题,您需要执行提琴手以下步骤:
To solve a problem you need to perform following steps in Fiddler:
-
在提琴手点击规则 - >自定义规则;
In Fiddler click "Rules->Customize Rules";
在打开的脚本,发现功能OnBeforeResponse
In opened script and find function OnBeforeResponse
在函数体中添加下列code:
In the function body add following code:
if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 && oSession.HTTPMethodIs("CONNECT")) { oSession.oResponse.headers["Connection"] = "Keep-Alive"; }
4.Save文件并重新启动提琴手
4.Save file and restart Fiddler
这篇关于小提琴手 - 解密的Android HttpsUrlConnection SSL流量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!