XPosed+Charles抓包淘宝App

作者: 吃饱了就送 | 来源:发表于2021-06-08 11:37 被阅读0次

XPosed+Charles抓包淘宝App
Fiddler 对App抓包代理问题
app抓包
应用抓包之tcpdump命令抓包
Charles安装
mitmproxy ios抓包设置
网络抓包原理
利用java代码和web拦截器轻松实现一个app抓包工具
App反抓包
Android app抓包

阿里系大多使用了MTOP来加签请求，所以需要通过hook的方式关掉这个加签。我这里使用的是xposed。也可以使用Frida

 @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
        XposedBridge.log("========START=====");

if(lpparam.packageName.contains("com.taobao")){
            XposedUtil.checkXposed(lpparam);
            XposedHelpers.findAndHookMethod(XposedHelpers.findClassIfExists("mtopsdk.mtop.global.SwitchConfig", lpparam.classLoader), "isGlobalSpdySwitchOpen",
                    new XC_MethodHook() {
                protected void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable {
                    super.afterHookedMethod(methodHookParam);
                    XposedBridge.log("========开启抓包=====");
                   methodHookParam.setResult(false);
                }
            });
}
}

Charles设置抓包HTTPS，打开淘宝，就能在Charles看到请求了

抓包淘宝

public static void checkXposed(XC_LoadPackage.LoadPackageParam lpparam) {
XposedHelpers.findAndHookMethod("android.app.ApplicationPackageManager", lpparam.classLoader, "getInstalledPackages", int.class, new XC_MethodHook() {
            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
                List<PackageInfo> packageInfos = (List<PackageInfo>) param.getResult();
                if (packageInfos != null) {
                    int size = packageInfos.size();
                    PackageInfo packageInfo;
                    for (int i = 0; i < size; i++) {
                        packageInfo = packageInfos.get(i);
                        if (packageInfo.packageName.contains("de.robv.android.xposed.XposedBridge") || packageInfo.packageName.contains("com.zte.heartyservice.SCC.FrameworkBridge")) {
                            packageInfos.remove(packageInfo);
                            i--;
                            size--;
                        }
                    }
                    //把修改后的List当作结果返回去
                    param.setResult(packageInfos);
                }

            }
        });
        XposedHelpers.findAndHookMethod(Throwable.class, "getStackTrace", new XC_MethodHook() {
            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                super.afterHookedMethod(param);
                StackTraceElement[] stackTraceElements = (StackTraceElement[]) param.getResult();
                if (stackTraceElements != null) {
                    List<StackTraceElement> list = new ArrayList<>(Arrays.asList(stackTraceElements));
                    int size = list.size();
                    StackTraceElement element;
                    for (int i = 0; i < size; i++) {
                        element = stackTraceElements[i];
                        if (element != null && (element.getClassName().contains("de.robv.android.xposed.XposedBridge") || element.getClassName().contains("com.zte.heartyservice.SCC.FrameworkBridge"))) {
                            list.remove(element);
                            i--;
                            size--;
                        }
                    }
                    stackTraceElements = list.toArray(new StackTraceElement[list.size()]);
                }
                param.setResult(stackTraceElements);
            }
        });
    }