某些android应用无法通过提琴手进行连接 [英] Some androids apps won't connect through fiddler

问题描述

我已遵循有关如何使用nox和memu模拟器以及运行棉花糖的android手机在android模拟器上添加提琴手证书的说明，我将WiFi代理设置为通过本地网络指向我的PC使用网络浏览器打开网站，一切正常，我收到警告，我选择继续，并且使用fiddler成功建立了隧道连接并解密了该连接。

I have followed instructions on how to add fiddler certificate on android emulator, using both nox and memu emulators, as well as my android phone running marshmallow, I set the WiFi proxy to point to my PC over the local network, when I open a website using a web browser, things work fine, I receive the warning, I choose to proceed and the connection is successfully tunneled and decrypted using fiddler.

但是，当我尝试使用其他应用程序，连接失败！我看到隧道连接，然后连接失败。我敢打赌，这是由于HTTPS证书无效造成的，所以我的问题是，我是否可以通过一种方法将提琴手安装到受信任的权威机构，从而在没有警告的情况下进行连接？这样我就可以最终调试往返于这些应用程序的HTTPS流量。

But, when I try to use other apps, connections fail! I see the tunnel connections, and then connection fails. My bet is, it's due to the invalid HTTPS certificate, so my question is, is there a way for me to install fiddler to the trusted authorities so connecting to it will go through without the warning? So I can finally debug HTTPS traffic from and to those apps.

我在SO上发现了类似的问题，但是它们都与我的不完全相同，也没有正确的答案，所以我不确定这个问题是否确实可以重复。

I found similar questions here on SO, but none of them were exactly the same as mine, nor did they have the right answers, so I'm not sure if this question does in fact qualify as a duplicate.

谢谢

推荐答案

在使用针对目标API级别24（Android 7）开发的应用程序的现代Android设备上，监听流量已不再那么简单。

On modern Android devices using apps developed for target API Level 24 (Android 7) sniffing traffic is not that simple anymore.

主要问题是，如果您安装Fiddler Android中的根CA证书，它被标记为用户证书（而不是系统证书）。并且除非在应用程序中明确配置，否则这些用户证书将不受信任。

The main problem is that if you install the Fiddler root CA certificate in Android it is marked as user certificate (not system certificate). And unless explicitly configured in an app those user certificates are not trusted.

请注意，某些应用程序进一步使用证书锁定（叶或根CA锁定）。因此，即使将Fiddler根CA证书安装为系统证书，该应用也不信任该证书，因为它在证书固定时失败。

Note that some apps further use certificate pinning (leaf or root CA pinning). Therefore even if the Fiddler root CA certificate is installed as system certificate the app won't trust this certificate as it fails on the certificate pinning.

证书固定也是网站功能，因此某些站点将证书哈希保存在Web浏览器缓存中，该哈希将站点固定到某个证书。在这种情况下，清除浏览器缓存通常会删除那些固定数据。

Certificate pinning is also a web site feature, hence some sites save a certificate hash in the web browser cache that pins the site to a certain certificate. In such a case clearing the browser cache is usually removing those pinning data.

如果您的设备已启动，则可以尝试安装Fiddler根CA证书作为系统证书。有一个Magisk模块似乎可以自动将用户证书安装为系统证书： https：// github .com / NVISO-BE / MagiskTrustUserCerts

If your device is rooted you can try to install the Fiddler root CA certificate as system certificate. There is a Magisk module that seems to be able to install user certificates automatically as system certificates: https://github.com/NVISO-BE/MagiskTrustUserCerts

或者您可以安装Magisk + Edxposed + TrustMeAlready Xposed模块。这样可以在整个系统范围内禁用证书检查。

Alternatively you can install Magisk + Edxposed + TrustMeAlready Xposed module. This allows to disable certificate checking system wide.

还可以安装并运行 Frida -设备上的服务器，并挂接到您要在运行时修改SSL / TLS证书检查的应用程序。 AFAIK基于Frida的框架 Objection 具有一些脚本。

Also possible is installing and run Frida-Server on the device and hook into the app you are interested to modify the SSL/TLS certificate checking at run-time. AFAIK the Frida based framework Objection has some scripts to do so.

在非根目录设备上，只有在将应用程序安装到设备上之前，才可以对其进行修改。请注意，某些应用程序将检测到它们已被修改，并且将拒绝工作。

On a non-rooted device there is only the option to modify the application before you install it onto the device. Note that some apps will detect that they have been modified and will refuse to work.

要让该应用程序信任用户证书，您必须修改 network_secutrity_config.xml （请参见例如此处）。您可以使用 apktool 来反编译/重新编译应用程序。不要忘记重新签名重新编译/重新打包的应用程序，例如使用Android SDK中的 apksigner 。

To let the app trust user certificates you have to modify network_secutrity_config.xml (see e.g. here) included in the app. You can use apktool to decompile/recompile the app. Don't forget to re-sign the recompiled/repackaged app e.g. using apksigner from Android SDK.

还可以通过将适用于Android的Frida小工具添加到应用中来修改应用。这将允许在非root用户的设备上针对该特定应用程序使用Frida。

There is also the possibility to modify an app by including the Frida gadget for Android into the app. This would allow to use Frida for this specific app on a non-rooted device.

这篇关于某些android应用无法通过提琴手进行连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！