<1> HTTP Proxy Client
1.下载链接:https://play.google.com/store/apps/details?id=com.assets.androidproxy
2.地址填写电脑抓包工具的IP和端口号,如我的电脑Charels地址为:192.168.37.2:8888
3.右上角更多可以选择哪些APP要抓包或者哪些APP禁止抓包
4.最后点击START就可以愉快的指定APP抓包了
<2> ProxyMe
1.和HTTP Proxy Client几乎一致,都是从TunProxy版本fork出来的,只是这个没有广告,但是更新没有HTTP Proxy Client及时
<3> PowerTunnel-Android
1.其内部也使用了TunProxy,但是可修改的功能更多
2.配置跟前两种有点区别,需要将上游代理,即Upstream相关ip和端口配置为电脑抓包的ip和端口即可,如下图
image.png
3.其他选择抓包程序和前两个一APP样
<4>其他类似只能抓https的APP
a)Proxy Manager https://play.google.com/store/apps/details?id=com.evanhe.proxymanager
b)Proxy My Apps https://play.google.com/store/apps/details?id=com.ostechnologies.proxymyapps
c)
=================
<5> 前面这几个工具由于都是基于TunProxy开发的,所以存在一个问题,http的请求无法转发到Charles,所以如果存在http的请求,则需要使用另外的工具:
a)Drony(可以指定APP)的使用教程比较多,我就不写了,可以参考别人写好的:
1.https://blog.csdn.net/lckj686/article/details/100697545
2.https://www.cnblogs.com/gqv2009/p/13681134.html
b)Postern(不能指定APP)的教程貌似比较少,好在3个月前有位大佬刚好写了,直接给你们链接:
https://www.jianshu.com/p/738cdd5ea664
c)College Proxy (可以选择禁止APP走代理,总感觉有点傻)
https://play.google.com/store/apps/details?id=com.cell47.College_Proxy
College Proxy反编译修改:去广告,指定APP抓包
College Proxy 7.0.6原版本下载
College Proxy 7.0.6反编译版本下载
College Proxy 8.0.4反编译版本下载
=================
1.去广告:使用MT管理器,打开MainActivity搜索qureka.com,
//1.使用#注释掉下面相关的代码
startActivity(new Intent("android.intent.action.VIEW", Uri.parse(string)));
//2.将qureka.com替换为其他内容,使这个判断失效,如qurekaXXX.com
if (string.contains("qureka.com"))
2.修改禁止列表为允许列表,打开LocalVpnService,将不在列表的全部排除
image.png
3.修改fragment_direct.xml
image.png
image.png
4.修改Settings
image.png
image.png
5.反编译代码->去广告
去广告修改.png
const-string v2, "https://344.win.qureka.com/"
.line 451
invoke-interface {v1, p2, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object p2
const-string v1, "qurekaXXXX.com"
.line 453
invoke-virtual {p2, v1}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result v1
if-eqz v1, :cond_6c
.line 454
new-instance v1, Landroidx/browser/customtabs/CustomTabsIntent$Builder;
invoke-direct {v1}, Landroidx/browser/customtabs/CustomTabsIntent$Builder;-><init>()V
.line 455
invoke-virtual {v1}, Landroidx/browser/customtabs/CustomTabsIntent$Builder;->build()Landroidx/browser/customtabs/CustomTabsIntent;
move-result-object v1
.line 456
invoke-static {p2}, Landroid/net/Uri;->parse(Ljava/lang/String;)Landroid/net/Uri;
move-result-object p2
invoke-virtual {v1, p0, p2}, Landroidx/browser/customtabs/CustomTabsIntent;->launchUrl(Landroid/content/Context;Landroid/net/Uri;)V
goto :goto_6c
.line 459
.line 462
:cond_6c
:goto_6c
invoke-direct {p0}, Lcom/cell47/College_Proxy/ui/MainActivity;->fetchLatestRedirection()V
6.反编译代码->白名单
smali代码.png
java代码.png
.line 418
invoke-virtual {p0}, Lcom/cell47/College_Proxy/core/LocalVpnService;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v1
.line 419
invoke-virtual {v1, v3}, Landroid/content/pm/PackageManager;->getInstalledPackages(I)Ljava/util/List;
move-result-object v1
.line 420
new-instance v2, Ljava/util/HashSet;
invoke-direct {v2}, Ljava/util/HashSet;-><init>()V
const/4 v4, 0x0
.line 422
:goto_9f
invoke-interface {v1}, Ljava/util/List;->size()I
move-result v6
if-ge v4, v6, :cond_b3
.line 423
invoke-interface {v1, v4}, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object v6
check-cast v6, Landroid/content/pm/PackageInfo;
.line 424
iget-object v6, v6, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
invoke-interface {v2, v6}, Ljava/util/Set;->add(Ljava/lang/Object;)Z
add-int/lit8 v4, v4, 0x1
goto :goto_9f
.line 427
:cond_b3
invoke-virtual {p0}, Lcom/cell47/College_Proxy/core/LocalVpnService;->getApplicationContext()Landroid/content/Context;
move-result-object v1
const-string v4, "Lists"
invoke-virtual {v1, v4, v3}, Landroid/content/Context;->getSharedPreferences(Ljava/lang/String;I)Landroid/content/SharedPreferences;
move-result-object v1
const/4 v4, 0x0
new-instance v4, Ljava/util/HashSet;
invoke-direct {v4}, Ljava/util/HashSet;-><init>()V
const-string v6, "Direct_Apps"
.line 428
invoke-interface {v1, v6, v4}, Landroid/content/SharedPreferences;->getStringSet(Ljava/lang/String;Ljava/util/Set;)Ljava/util/Set;
move-result-object v1
if-eqz v1, :cond_102
.line 430
invoke-interface {v2}, Ljava/util/Set;->iterator()Ljava/util/Iterator;
move-result-object v7
:goto_cf
invoke-interface {v7}, Ljava/util/Iterator;->hasNext()Z
move-result v4
if-eqz v4, :cond_102
invoke-interface {v7}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v4
check-cast v4, Ljava/lang/String;
.line 431
invoke-interface {v1, v4}, Ljava/util/Set;->contains(Ljava/lang/Object;)Z
move-result v6
if-nez v6, :cond_fc
invoke-virtual {p0}, Landroid/content/Context;->getPackageName()Ljava/lang/String;
move-result-object v6
invoke-virtual {v4, v6}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v6
if-nez v6, :cond_fc
const-string v6, "xxxx"
invoke-virtual {v4, v6}, Ljava/lang/String;->contains(Ljava/lang/CharSequence;)Z
move-result v6
if-nez v6, :cond_fc
.line 433
invoke-virtual {v0, v4}, Landroid/net/VpnService$Builder;->addDisallowedApplication(Ljava/lang/String;)Landroid/net/VpnService$Builder;
.line 434
const-string v6, "禁止抓包"
invoke-static {v6, v4}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
goto :goto_101
.line 435
:cond_fc
const-string v6, "允许抓包"
invoke-static {v6, v4}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
.line 436
:goto_101
goto :goto_cf
.line 439
:cond_102
new-instance v1, Landroid/content/Intent;
const-class v2, Lcom/cell47/College_Proxy/ui/MainActivity;
7.修改首页按钮文字(修改XML),屏蔽右上角菜单按钮(返回false),将去除广告按钮改为选择抓包APP(修改内部内跳转),开启代理隐藏选择抓包按钮,关闭代理显示选择抓包按钮等(需要查找remove_ads的id),修改apklist_item的图标大小(否则会导致显示混乱),修改activity_main时注意有2个XML
#//点击remove_ads的跳转代码,基于8.0.4源码
# classes.dex
.class Lcom/cell47/College_Proxy/ui/MainActivity$11$2$1;
.super Ljava/lang/Object;
.source "MainActivity.java"
# interfaces
.implements Landroid/view/View$OnClickListener;
# annotations
.annotation system Ldalvik/annotation/EnclosingMethod;
value = Lcom/cell47/College_Proxy/ui/MainActivity$11$2;->onSkuDetailsResponse(Lcom/android/billingclient/api/BillingResult;Ljava/util/List;)V
.end annotation
.annotation system Ldalvik/annotation/InnerClass;
accessFlags = 0x0
name = null
.end annotation
# instance fields
.field final synthetic this$2:Lcom/cell47/College_Proxy/ui/MainActivity$11$2;
.field final synthetic val$skuDetails:Lcom/android/billingclient/api/SkuDetails;
# direct methods
.method constructor <init>(Lcom/cell47/College_Proxy/ui/MainActivity$11$2;Lcom/android/billingclient/api/SkuDetails;)V
.registers 3
.line 1402
iput-object p1, p0, Lcom/cell47/College_Proxy/ui/MainActivity$11$2$1;->this$2:Lcom/cell47/College_Proxy/ui/MainActivity$11$2;
iput-object p2, p0, Lcom/cell47/College_Proxy/ui/MainActivity$11$2$1;->val$skuDetails:Lcom/android/billingclient/api/SkuDetails;
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
return-void
.end method
# virtual methods
.method public onClick(Landroid/view/View;)V
.registers 4
.line 1065
iget-object v0, p0, Lcom/cell47/College_Proxy/ui/MainActivity$11$2$1;->this$2:Lcom/cell47/College_Proxy/ui/MainActivity$11$2;
iget-object v0, v0, Lcom/cell47/College_Proxy/ui/MainActivity$11$2;->this$1:Lcom/cell47/College_Proxy/ui/MainActivity$11;
iget-object v0, v0, Lcom/cell47/College_Proxy/ui/MainActivity$11;->this$0:Lcom/cell47/College_Proxy/ui/MainActivity;
new-instance v1, Landroid/content/Intent;
iget-object p0, p0, Lcom/cell47/College_Proxy/ui/MainActivity$11$2$1;->this$2:Lcom/cell47/College_Proxy/ui/MainActivity$11$2;
iget-object p0, p0, Lcom/cell47/College_Proxy/ui/MainActivity$11$2;->this$1:Lcom/cell47/College_Proxy/ui/MainActivity$11;
iget-object p0, p0, Lcom/cell47/College_Proxy/ui/MainActivity$11;->this$0:Lcom/cell47/College_Proxy/ui/MainActivity;
const-class p1, Lcom/cell47/College_Proxy/Settings;
invoke-direct {v1, p0, p1}, Landroid/content/Intent;-><init>(Landroid/content/Context;Ljava/lang/Class;)V
invoke-virtual {v0, v1}, Lcom/cell47/College_Proxy/ui/MainActivity;->startActivity(Landroid/content/Intent;)V
return-void
.end method
#//隐藏和显示去除广告按钮的代码
.method public changeheight(Z)V
.registers 5
if-eqz p1, :cond_1c
.line 690
iget-object p1, p0, Lcom/cell47/College_Proxy/ui/MainActivity;->heightchangable:Landroid/widget/LinearLayout;
invoke-virtual {p1}, Landroid/widget/LinearLayout;->getLayoutParams()Landroid/view/ViewGroup$LayoutParams;
move-result-object p1
const/4 v0, -0x2
.line 691
iput v0, p1, Landroid/view/ViewGroup$LayoutParams;->height:I
.line 694
iget-object v0, p0, Lcom/cell47/College_Proxy/ui/MainActivity;->heightchangable:Landroid/widget/LinearLayout;
invoke-virtual {v0, p1}, Landroid/widget/LinearLayout;->setLayoutParams(Landroid/view/ViewGroup$LayoutParams;)V
const v1, 0x7f090194
.line 695
invoke-virtual {p0, v1}, Lcom/cell47/College_Proxy/ui/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v1
const/4 v2, 0x0
invoke-virtual {v1, v2}, Landroid/view/View;->setVisibility(I)V
goto :goto_37
.line 698
:cond_1c
iget-object p1, p0, Lcom/cell47/College_Proxy/ui/MainActivity;->heightchangable:Landroid/widget/LinearLayout;
invoke-virtual {p1}, Landroid/widget/LinearLayout;->getLayoutParams()Landroid/view/ViewGroup$LayoutParams;
move-result-object p1
const/16 v0, -0x2
.line 699
iput v0, p1, Landroid/view/ViewGroup$LayoutParams;->height:I
.line 702
iget-object v0, p0, Lcom/cell47/College_Proxy/ui/MainActivity;->heightchangable:Landroid/widget/LinearLayout;
invoke-virtual {v0, p1}, Landroid/widget/LinearLayout;->setLayoutParams(Landroid/view/ViewGroup$LayoutParams;)V
const v1, 0x7f090194
.line 703
invoke-virtual {p0, v1}, Lcom/cell47/College_Proxy/ui/MainActivity;->findViewById(I)Landroid/view/View;
move-result-object v1
const/16 v2, 0x8
invoke-virtual {v1, v2}, Landroid/view/View;->setVisibility(I)V
:goto_37
return-void
.end method
8.对于安卓11及以上手机需要增加读取安装应用权限(旧版本需要自己加上[如7.0.6版本],8.0.4原版本已添加,所以不用处理这个问题)
image.png
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
网友评论