小提琴手 - 解密的Andr​​oid HttpsUrlConnection SSL流量 [英] Fiddler - Decrypt Android HttpsUrlConnection SSL traffic

问题描述

我花了无数的时间试图解密通过提琴手的Andr​​oid SSL流量HttpsUrlConnection很少成功。我如何可靠地配置提琴手SSL流量从一个Android应用程序中使用解密HttpsUrlConnection？

I've spent countless hours trying to decrypt Android SSL traffic via Fiddler for HttpsUrlConnection with very little success. How do I reliably configure Fiddler to decrypt SSL traffic from an Android app using HttpsUrlConnection?

下面是我的步骤

1. 运行上的提琴手PC（用适当的设置：捕捉HTTPS连接，解密HTTPS流量，允许远程计算机连接）
2. 在配置上的Andr​​oid设备代理，通过电脑运行小提琴手无线连接
3. 从Android设备打开的浏览器输入http：// [PC运行小提琴手的IP]：8888下载FiddlerRoot证书。名称并进行安装。
4. 开启 https://www.google.com 在Android浏览器和浏览解密的流量在提琴手在PC上。

1. Run Fiddler on PC (With proper settings: capture HTTPS Connect, decrypt HTTPS traffic, allow remote computers to connect)
2. Configure wireless connection on Android device to proxy through pc running fiddler
3. From android device open browser to http://[ip of pc running fiddler]:8888 and download "FiddlerRoot certificate". Name and install it.
4. Open https://www.google.com in android browser and view decrypted traffic in Fiddler on PC.

以上的作品。的问题是，非浏览器机器人流量显示在拉琴作为连接隧道。我的初步研究表明这一问题是由于证书是如何通过HttpsUrlConnection信任的，所以我确信在此基础上文章<一个信任所有证书href="https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf">https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf

The above works. The problem is that non-browser android traffic shows up in Fiddler as connect tunnels. My initial research suggested the issue was due to how certs were trusted via HttpsUrlConnection so I made sure to trust all certs based on this article https://secure.mcafee.com/us/resources/white-papers/wp-defeating-ssl-cert-validation.pdf

不幸的是信任所有证书并没有为我与HttpsUrlConnection让我停了下来调查工作。几天后，我决定再试一次，惊讶地发现，提琴手交通一度被解密的HttpsUrlConnection！不幸的是我没有做任何进一步的修改来解决这个问题，所以我不完全知道为什么它开始工作。它的工作原理与设备是LG-擎天柱L9 Android版本4.0.4，并扎根。

Unfortunately trusting all certs didn't work for me with HttpsUrlConnection so I stopped investigating. A few days later I decided to try again and was surprised to find that fiddler traffic was being decrypted for HttpsUrlConnection! Unfortunately I didn't make any further changes to fix this so I'm not entirely sure why it started working. The device it works with is an LG-Optimus L9 Android version 4.0.4 and is rooted.

现在我想这个配置对于​​一台Nexus 7 Android版本4.2.2（不是植根），但可惜我所有的小提琴手看到的是连接隧道。由于这两种设备上的证书具有相同的序列和应用程序，我的测试是相同的，我难倒，为什么我不能配置小提琴手与其他Android设备。

Now I'm trying to configure this for a Nexus 7 Android Version 4.2.2 (not rooted) but alas all I see in fiddler are the connect tunnels. Since the cert on both devices has the same serial and the app I'm testing is identical I'm stumped as to why I can't configure Fiddler with another Android device.

要总结

• 提琴手可以解密从LG擎天柱SSL流量，但只显示从的Nexus 7
连接隧道
• 在两个设备都运行相同的应用程序，它使用HttpsUrlConnection网络请求
• 在这两款器件具有相同的小提琴手证书安装（连续匹配），并没有安装其他用户的证书。
• 请不要以为这些事，但...
  • 在根植设备（LG擎天柱的Andr​​oid 4.0.4）使用代理服务器的Droid指向PC上运行的提琴手
  • 非root权限的设备（的Nexus 7的Andr​​oid 4.2.2）使用内置的修改网络为指向PC上运行的提琴手
  • Fiddler can decrypt SSL traffic from the LG Optimus but only shows connect tunnels from Nexus 7
  • Both devices are running the same app which uses HttpsUrlConnection for network requests
  • Both devices have the same fiddler cert installed (serials match) and no other user cert installed.
  • Don't think these matter but...
    • Rooted device (LG Optimus Android 4.0.4) uses Proxy Droid to point to PC running fiddler
    • Non rooted device (Nexus 7 Android 4.2.2) using built in "modify network" to point to PC running fiddler

    推荐答案

    显示我的研究，有在HttpsUrlConnection pipeling实现中的错误。

    My research shown that there is a bug in HttpsUrlConnection pipeling implementation.

    要解决一个问题，您需要执行提琴手以下步骤：

    To solve a problem you need to perform following steps in Fiddler:

    1. 在提琴手点击规则 - >自定义规则;

    1. In Fiddler click "Rules->Customize Rules";

    在打开的脚本，发现功能OnBeforeResponse

    In opened script and find function OnBeforeResponse

    在函数体中添加下列code：

    In the function body add following code:

    if (oSession.oRequest["User-Agent"].indexOf("Dalvik") > -1 && oSession.HTTPMethodIs("CONNECT")) {  
       oSession.oResponse.headers["Connection"] = "Keep-Alive";     
    } 
    

  4.Save文件并重新启动提琴手

  4.Save file and restart Fiddler

  这篇关于小提琴手 - 解密的Andr​​oid HttpsUrlConnection SSL流量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！