一.fridajs脚本模板(网上找的保留)
<code class="language-js">//Thanks to https://codeshare.<a href="https://www.gaodaima.com/tag/frida" title="查看更多关于frida的文章" target="_blank">frida</a>.re/@pcipolloni/universal-<a href="https://www.gaodaima.com/tag/android" title="查看更多关于android的文章" target="_blank">android</a>-<a href="https://www.gaodaima.com/tag/ssl" title="查看更多关于ssl的文章" target="_blank">ssl</a>-pinning-bypass-with-frida/ //At the moment, this seems to fix the SSL exceptions, but bypass the proxy itself! //If you have any idea why Android would ignore the proxy setting completely after the following runs, please email [email protected] - thanks! (function () { Java.perform(function () { console.log(""); console.log("[.] Cert Pinning Bypass/Re-Pinning"); var URL = Java.use("java.net.URL"); var InputStreamReader = Java.use("java.io.InputStreamReader"); var CertificateFactory = Java.use("java.security.cert.CertificateFactory"); var FileInputStream = Java.use("java.io.FileInputStream"); var BufferedInputStream = Java.use("java.io.BufferedInputStream"); var X509Certificate = Java.use("java.security.cert.X509Certificate"); var KeyStore = Java.use("java.security.KeyStore"); var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory"); var SSLContext = Java.use("javax.net.ssl.SSLContext"); // Load CAs from an InputStream console.log("[+] Loading our CA...") var cf = CertificateFactory.getInstance("X.509"); try { //this assumes you"ve already got the system proxy set to use Fiddler var fiddlerUrl = URL.$new("http://ipv4.fiddler:8888/FiddlerRoot.cer"); var connection = fiddlerUrl.openConnection(); } catch (err) { console.log("[o] " + err); } var bufferedInputStream = BufferedInputStream.$new(connection.getInputStream()); var ca = cf.generateCertificate(bufferedInputStream); bufferedInputStream.close(); var certInfo = Java.cast(ca, X509Certificate); console.log("[o] Our CA Info: " + certInfo.getSubjectDN()); // Create a KeyStore containing our trusted CAs console.log("[+] Creating a KeyStore for our CA..."); var keyStoreType = KeyStore.getDefaultType(); var keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca); // Create a TrustManager that trusts the CAs in our KeyStore console.log("[+] Creating a TrustManager that trusts the CA in our KeyStore..."); var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); var tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); console.log("[+] Our TrustManager is ready..."); console.log("[+] Hijacking SSLContext methods now...") console.log("[-] Waiting for the app to invoke SSLContext.init()...") SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;", "[Ljavax.net.ssl.TrustManager;", "java.security.SecureRandom").implementation = function (a, b, c) { console.log("[o] App invoked javax.net.ssl.SSLContext.init..."); SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;", "[Ljavax.net.ssl.TrustManager;", "java.security.SecureRandom").call(this, a, tmf.getTrustManagers(), c); console.log("[+] SSLContext initialized with our custom TrustManager!"); } }) })(); </code>
www#gaodaima.com来源gao.dai.ma.com搞@代*码网搞代码
搞代码网(gaodaima.com)提供的所有资源部分来自互联网,如果有侵犯您的版权或其他权益,请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected],我们会在看到邮件的第一时间内为您处理,或直接联系QQ:872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:hook框架frida 绕过fillder证书认证
转载请注明原文链接:hook框架frida 绕过fillder证书认证
