《2024双向认证APP自吐证书密码与抓包.docx》由会员分享,可在线阅读,更多相关《2024双向认证APP自吐证书密码与抓包.docx(16页珍藏版)》请在第壹文秘上搜索。
1、双向认证APP自吐证书密码与抓包双向认证APP读密码HOOk网络框架抓包批量hook查看调用筑迹HOOk强混淆APP抓包总结参考资料、,一刖百在许多业务非常聚焦比如行业应用银行公共交通游戏等行业C/S架构中服务器高度集中,对应用的版本控制非常严格这时候就会在服务器上部署对app内置证书的校验代码双向认证APP读密码当抓包出现如下提示时,我们确定出此APP为服务器校验app客户端证书,JHjHmi,.tetajMiWIMMMGMCtwWBVlMCMMMlCmmbom1mWiEmlZM M4wOMMMMCJM Slit。UNVVWvMWIIUW3mMKMM.MtIMMOtI841JIEM.UWtM
2、MMMWMtfMb*l9fltwiIKTmBmM4M)IFHItdiIFaQ三nItaxna.IteOM*W,MlMlt459l4WWIIMccM0*I,HIJSB”Ac_ICflflMnds:/Ilhlp*Displaysthehelpsystea.objeDisplayInfonMtiOnaboutobject*itquitExit.MorinfoatMtpcwwtf.frda.rdocVM/Sp*m*dcn.Mlap.adreM.KswlngMinthread*(PxlX1.:cn.souIpp.androidhookKeyStorwlod.)va.lang.Throwableatjav
3、a.security.KeyStore.lod(ltotiveMethod)atcoa.android.orQ.cmcrypt.KeyRafWQerfactorylBpl.engrwlnt(KeyMafWQerfdctorylHpl.java:67)at)tfaultr(SS1.ParwtertIapl.java:471)scrpt.SSlFaramtersIepl.gtfaultX3MKryManagr(SSlFarawtersIapl.)ava:43)atca.android.0r9.cmcrypt.SS1.FaraMrterilapl.(SS1.arawtersKapl.java:125
4、)atc.android.org.CanSCrpt.QpenSS1.ContcxtIapl.engnelnt(OPenSSuOr)textIapl.jw:IeI)atJaVaIUnet.tl.SS1.Context.InitlSSlContext.Javatca.android.okhttp.OicWttpCUent.9etOefaultS1.SocketFactoryQtontpCUe11t,jaa632)tcob.android.okhttp.OkHttpCUcnt.COpyVithtefMUs(OMttpCUnt.jwcl)atco*android.okhttp.OkUrlFactory
5、.op*n(OkUrlFactory.pva:59)atcm.android.okhttp.OkUrlFactory.Open(OkUflFactoryJavarM)atco.android.okhttp.Httpandlr.OpvnConrwction(HttPHandI”.java:44)at)*.UR1.opfweatco*.tffnt.bu9ly.proguard.s,a(BUGtY:75)atcob.tencent.bugly.proguard.s.aIBUG1.Y:52)atcob.tercnt.bugly.proguard.s.a0UG1.Y13)atCMtemcent.bugl
6、y.proguard.v.njn(BUG1.Y:41)atcoB.tenccnt.bugly.proguard.u$l.run(BUG1.Y:1)atjava.lang.Thread.nmTrMd.)ava:7M)Keytore.load2:nullnull)avA.l11g.Thr(Mbleatpva.MCurty.K*yStorloadNafv*fthod)atC.I.(T1.SSocketFactory.*vazllatcn.Mulapp.a11drod.fWt.k.(SoulNtStorag.jva:l).9.AiokHttpCUeotHelper.java:18)atC.oulNet
7、wrkOK.a(SoulMetworlKSOK.jav:7i)atCA.p.a.b.d.aNetFroxy.java:1).p.b.a.acceptUnknownSOUrc:6).0.j.b.onNext(leC(XiSUBer.)ava:2)atio.rMtvex.internal.operators.obrvM)le.c2M.bObcrvableOberven.javaz8)atio.rctv.internal.operators.ob$rvatole.c21a.11m0bservable54rn.jva:3atio.rectivex.internal.schedulers.a.run(S
8、cKeduledRurtnAble.jaifa:2)atio.rectvx.internal.SCheAJIc.callSdZUlBRMngbI。.java:1)atW.utxl.COfKurrent.FutureTMk.run(RitureTMk.Java:266)*t)ava.util.concurrwt.SctwduledThrMdPooU*cutorSSchduldFuturtak.nm(chduldThradP00Ucutor.java:Ml)atjava.util.concurrent.TbrMdRiolUwcutor.ru11ttorkr(DradPooUxcutor.java:
9、1152)atjava.util.concurrentTbreadPoolExecutorSUorlter.run(ThrMdFoolEjrecwtor.java:6Xat)*va.lang.11rM.11MotHugeFileseon,64bits,4CPUsIntel(R)Core(TM)iScanningthedriveforarchives:1file,83351124bytes(8MiB)Extractingarchive:soulchannelsoul.apkPath三soulchannelsoul.apkType三zipPhysicalSize三83351124Everythin
10、gisOkFiles:7592Size:95x31Size:144123783Coapressed:83351124:一,DMr。口12双向证书”,treeNCFhlIgreP-ipl2I|2.5Kclient.pl2D.ktop12,双向MwC如果在安装包内找不到证书的话也可以进行hkjava.io.FilePlainTextQ复制代码#androidhookingwatchclass_methodjava.io.File.$2init:tobjectiongc11.soulapp.androidexploreCheckingforanewerversionofobjection.Using
11、USBdvicPixelXlAgentinjectedandrespondsok!I1.IJI1.IJIIIIIIIIIIII1.I1.I-1.IJII(object)Inject(ion)vl.9.6RuntiMMobileExplorationby:QleonjzafroaQsenseposttabforcomandsuggestions(google:8.1.)androidhookingwatchclassmethodjava.io.File.$Initjava.10.File.Snt(java.o.Fle.ii11it()java.io.File.Sinit(java.io.File.Sint(java.io.File.$init(java.10.File,Sinit()agent)AttenptingtowatchclassJava.10.FileandIBethodSinit.(agent)Hooking(a
