Kotani bald collection

  • We used it in reversetcpdump.wiresharkGrab a bag. Here’s what Gu likesCharles(Blue and white)

1. Charles captures HTTPS packets

It’s actually pretty easy to configure when we use a Mac

    1. So let’s start withThe iPhone and MacConnected to theThe same networkUnder the

In this case, Kotani’s approach is that WiFi is on the Mac and the iPhone is connected

    1. Mac open WiFi

    1. The iPhone connect WiFi

Settings – > WIRELESS LAN – > Connections. Then click on WiFi Settings

    1. Open theCharles(Blue and white). inInstall the root certificate on the Mac

    1. Trust certificate

    1. Install the mobile phone trust certificate

    1. Configure the protocol port

At this point, you can restart Charles on your Mac and grab HTTPS packets.

    1. Example: Suppose we ask Baidu (www.baidu.com)

It worked out

2. Charles changes the packet

2.1. Redirect the request address

Then our request www.qq.com. Becomes a request www.baidu.com

2.2. Rewrite the function

Find and replace

  • theniPhoneSee the effect

Perfect turned into a little valley

2.3. Their context

  • BreakPoints functionThis is suitable for debuggingModify aNetwork data.redirectandRewrite the functionIt’s a long-term modification

When a breakpoint is reached, Charles intercepts the network request, which can then be modified to continue execution. (This guy can play)

2.4 Compose functions

Here comes the most popular one

  • Compose functionWhen you feel like you’ve captured an important request, you canAn unscrupulous, bottomless experiment

Execute and see the result, in short, can always change the parameters of the test

3. Break SSL bidirectional authentication

  • We useCharlesYou can grab a lot of network packets, but if you use themSSL Two-way authentication.CharlesYou can’t catch it

Is there nothing to be done? How could it be! Ha ha 😆

  • Ssl-kill -switch2 plug-in download (interested can see his source code is how to achieve ~)

  • Download com. Nablac0d3. Sslkillswitch2_0. 14. Deb (the latest)

  • Install it in the /var/mobile-/ directory of your phone

Install and restart the screen

  • After theSet the interfaceYou can see one of these

With this enabled, Charles can capture data packets!

4. To summarize

  • I was gonna give you an example at the end. But what example do you have in mind

  • Charles is pretty good at catching bags. You guys can use it. (However, there is not much contact with positive development, and Xiaoya is also a wave of interest research.)

  • Finally, I hope this blog is useful for brothers, wish brothers wuyun Changlong ~