Today, I will introduce you to the capture of Android and prevent the capture of packets
Packet capture tools Profiter and Charles are used to capture packets.
Tool environment:
Android Studio 4.2.2
Google Pixel 3XL Android 11
Use the Profiler tool to capture packets
Connect your phone to your computer and open the Android Studio Profiler
Android Studio White Fox and below versions of The NetWork Inspector in Profler, Bumblebee version of the NetWork Inspector in App Inspection.
Then when the APP accesses the network, it will be prompted like this:
If we select volatility, we can see the requested information
After we click on the interface information, we can see the details of the request
In this way, we can easily grab our App’s network information through the AndroidStudio Profiler.
Use the Charles tool to capture packages
1. Install the certificate
Download Charles first, open it and click Help->SSL Proxying -> Install Charles Root Certificate to Install the Root Certificate
Then double-click the certificate to trust it
This completes the configuration of the computer side. Next, configure the client side
Method 1:
Download the certificate from the browser on the mobile phone
The mobile terminal will set the proxy for wifi connection, set the manual proxy, set the proxy address suggested by Charles, and then Charles will have a prompt:
Then we’ll just say yes.
Then enter CHLS. Pro/SSL in the browser to download the certificate and install it. However, sometimes this method cannot be installed, you can use method 2 to install.
Method 2:
Save the Certificate on your computer through Help->SSL Proxying -> Save Charles Root Certificate
Then upload to the mobile phone, click Settings – Security – Encryption and credentials – Installation certificate -CA certificate, select the certificate we just installed.
At this point, we are done installing the certificate.
2. Caught
At this point, when we do network access, we can see the data we accessed on Charles
We can Filter the address through the Filter in the lower left corner to find the network data we want to see.
Prevent caught
Sometimes in our projects, because of some security problems, we do not want our APP to be captured, so we need to add some methods to prevent packet capture.
Data encryption:
Our interface information can be encrypted to prevent information leakage, as long as the client and the back end are well defined.
SSL certificate verification:
This method requires the cooperation of the backend or o&M to obtain the SSL server certificate.
1. Extract the public key of the certificate
openssl rsa -in certificate.crt -pubout > public_key.pub
2. Delete begin public key and end public key in public_key.pub and merge them into a line
cat public_key.pub | grep -v ‘PUBLIC’ | awk ‘{printf(“%s”,$0)}’
The output looks like this:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMI...
Copy the code
3. Use the output of command 2, then calculate the sha256 digest (download pubkey-sha256.py)
python pubkey-sha256.py MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMI…
The output is similar
SHA256:S8Ff3JCaO4V...
Copy the code
Change the starting SHA256: to SHA256 /, and get
sha256/S8Ff3JCaO4V...
Copy the code
Then configure it in our OkHttp
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.certificatePinner(new CertificatePinner.Builder()
.add("Domain name"."sha256/S8Ff3JCaO4V...")
.build());
Copy the code
Then we use Charles to capture the bag again and the result is like this:
There was a network request, but the data was missing.
Ban agents
Okhttp before establishing a socket connection, Okhttp obtains proxy information from the system. If a proxy is set, its IP is resolved by DNS and the proxy IP is used to establish the socket connection. If no proxy is set, the connection is established using the IP address of the URL in the request.
/**
* Gets the system-wide proxy selector.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("getProxySelector")}
* @see #setDefault(ProxySelector)
* @return the system-wide {@code ProxySelector}
* @since1.5 * /
public static ProxySelector getDefault(a) {
SecurityManager sm = System.getSecurityManager();
if(sm ! =null) {
sm.checkPermission(SecurityConstants.GET_PROXYSELECTOR_PERMISSION);
}
return theProxySelector;
}
/**
* Sets (or unsets) the system-wide proxy selector.
*
* Note: non-standard protocol handlers may ignore this setting.
*
* @param ps The HTTP proxy selector, or
* {@code null} to unset the proxy selector.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("setProxySelector")}
*
* @see #getDefault()
* @since1.5 * /
public static void setDefault(ProxySelector ps) {
SecurityManager sm = System.getSecurityManager();
if(sm ! =null) {
sm.checkPermission(SecurityConstants.SET_PROXYSELECTOR_PERMISSION);
}
theProxySelector = ps;
}
Copy the code
OkHttp uses ProxySelector to get proxy information, which can be set when constructing OkHttpClient. Its default value is ProxySelector. GetDefault (), which reflects the system proxy information. Then we can provide our own implementation of ProxySelector to achieve the ability to bypass system proxies.
OkHttpClient client = new OkHttpClient.Builder()
2 .proxySelector(new ProxySelector() {
3 @Override
4 public List<Proxy> select(URI uri) {
5 return Collections.singletonList(Proxy.NO_PROXY);
6 }
7
8 @Override
9 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
10
11 }
12 }).build();
Copy the code
If Charles was used to capture the package after setting up the game, the app’s access information could not be captured.
conclusion
Above, we mainly introduce two modes of packet capture:
- Use the Profiler that comes with AndroidStudio to capture packages
- The use of Charles
Using Charls, you can install a certificate in two ways:
- Install the certificate using a browser
- Manually Installing a Certificate
There are three ways to prevent packet capture:
- Data encryption
- Verify the SSL certificate
- Disable the agent