折腾:
【未解决】iPhone中安装Charles证书使得可以抓包https和CONNECT
期间,已经去安装并信任了Charles的证书了。
然后此处现象是:
部分的https可以抓包了,不是之前的unknown了:
但是部分https,尤其是和接口api,数据cdn等关键接口,还是unknown,且是红色的出错的:
URL https://childapi.xxx.com Status Failed Failure EOF: EOF reading HTTP headers Notes You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu. Response Code 200 Connection established Protocol HTTP/1.1
去看官网的解释:
“
iOS devices
- Set your iOS device to use Charles as its HTTP proxy in the Settings app > Wifi settings.
- Open Safari and browse to https://chls.pro/ssl. Safari will prompt you to install the SSL certificate.
- If you are on iOS 10.3 or later, open the Settings.app and navigate to General > About > Certificate Trust Settings, and find the Charles Proxy certificate, and switch it on to enable full trust for it (More information about this change in iOS 10).
- Now you should be able to access SSL websites with Charles using SSL Proxying.
Charles supports App Transport Security (ATS) as of the 3.11.4 release.
”
”
已经完全按照操作了。
但是现在是:
部分https有效,部分https无效
并且,此处开了SSL的话:
app端就无法加载数据了
-》估计是因为Charles解析出错了
-》而不开SSL的话:
虽然不能看https的明文内容,但是至少是
app可以正常使用,正常加载数据,播放视频的:
Charles可以正常抓https的包的:
charles https some url unknown
charles https partial unknown
右击后:
Enable SSL Proxying
和
SSL Proxying Disabled
都是灰色的,无法操作。
应该还是全局的去开启和关闭的。
估计还是因为:
“You can face with this problem at some applications like Facebook or Instagram. Charles certificate doesn’t work at some new apps because they are using a technique named as SSL-PINNING. First of all you have to break ssl-pinning system of application or you can instal old version of application then it sometimes works but we need a new solution about ssl pinning in order to record traffic for this kind of applications.”
部分请求,支持SSL-PINNING
去关闭Mac中此处的ss翻墙,重启Charles,问题依旧。
然后注意到出错信息:
URL https://childapi.xxx.com Status Failed Failure EOF: EOF reading HTTP headers Notes You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu. Response Code 200 Connection established
Charles Root Certificates Charles uses its own Root SSL certificate for SSL requests through Charles to hosts enabled for SSL Proxying. The Root certificate is generated automatically for each Charles installation. Because Charles has signed the Root certificate itself, it won't be trusted by your browsers or applications. In order to use the SSL Proxying feature in Charles you therefore need to add the Root certificate for your copy of Charles to the trust-store on your OS, and perhaps in your browser. Use the options in the SSL submenu in the Help menu in Charles to help install the Root certificate. You can install the certificate on the current OS, or on remote devices or browsers. To install the certificate in Mozilla Firefox, first configure Firefox to use Charles as its proxy then browse to chls.pro/ssl.
参考:
iPhone中,故意去用Safari去打开百度:
可见,Charles是可以正常抓取的https的,至少是普通的https是可以抓取的:
所以现在确定是:
普通的https,是可以抓包解析看到明文的
但是特殊的https,就不行了。
charles https Failure EOF EOF reading HTTP headers
试了试:
右键想要抓包的https请求 -》Disable SSL Proxying
-》结果等价于全局的 开启/关闭 SSL
不过此处突然有个惊喜:
在对于
去右键
Enable SSL Proxying
和:
Disable SSL Proxying
几次之后,突然发现新出现一个:
然后其中https的内容,可以正常解析了,可以看到视频内容了:
可见,就可以去获取mp4的原始文件了:
:status: 206 server: Tengine content-type: video/mp4 content-length: 6529075 date: Mon, 27 Aug 2018 10:18:38 GMT accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: X-Log, X-Reqid access-control-max-age: 2592000 cache-control: public, max-age=31536000 content-disposition: inline; filename="15235223183506.mp4"; filename*=utf-8' '15235223183506.mp4 content-transfer-encoding: binary etag: "lqkSSgYXoIRjZmN-xmYeqk3yI95l" last-modified: Thu, 12 Apr 2018 08:38:40 GMT x-log: mc.g/404;rs39_7.sel/not found;rs38_21.sel/not found;rdb.g;bs.r.47.198.9742547879;DBD;v4.get;rwro.get:1;RS.dbs:1;RS:1;mc.s;xs0EBD;mc.g;IO:41 x-m-log: QNM:tj29;QNM3:200 x-m-reqid: jQYAALAC6aVwtk4V x-qiniu-zone: 0 x-qnm-cache: MissFg x-reqid: D3UAAHk_2cbIsU4V x-svr: IO via: cache29.l2et2-2[363,200-0,M], cache41.l2et2-2[365,0], cache13.cn1402[0,206-0,H], cache2.cn1402[1,0] age: 595777 x-cache: HIT TCP_MEM_HIT dirn:12:127931952 mlen:-1 x-swift-savetime: Mon, 27 Aug 2018 10:18:38 GMT x-swift-cachetime: 2592000 content-range: bytes 65536-6594610/6594611 timing-allow-origin: * eagleid: 65597d1615359608952172616e ... 后面就是视频原始数据了
去:
Copy cURL Request
后的结果是:
curl -H 'Host: cdn2.xxx.cn' -H 'accept: */*' -H 'x-playback-session-id: 60E7555D-5F0D-4ACF-B16B-2D7C93E045A2' -H 'range: bytes=65536-6594610' -H 'user-agent: AppleCoreMedia/1.0.0.15E216 (iPhone; U; CPU OS 11_3 like Mac OS X; zh_cn)' -H 'accept-language: zh-cn' ''
其中mp4地址是:
看看浏览器能否直接打开:
竟然是可以直接打开的:
!!!!
真是太帅了
那么再去研究看看,如何才能复现之前的操作,使得之前:
开启了:
Enable SSL Proxying
后,始终红色unknown的https的地址:
如何才能:
被正常解析到
然后此处刚注意到:
此处对于
右键去:
Disable SSL Proxying
后,此处SSLProxying的配置中,自动帮忙加了条配置:
cdn2.xxx.cn:443
-》这个配置是很容易理解的
-》但是为何单独只选择这个url后,然后就能正常解析,而之前
*:*
为何不可以,就很奇怪。
不管,先去再去app中操作播放视频,看看此处能否正常实现https解析
此处再去iPhone中xxx的ap中打开另外一个视频:
然后此处抓包:
竟然真的是可以正常解析的了
不过看到的不是一个url,同一个视频的url,多次的请求:
然后此处去拷贝视频地址:
双击 Url后面的value的值:
然后去浏览器再去打开,看看是否也能正常播放:
竟然也是可以的!!!!
那么好像此处真的就实现了xxx的app端的视频的地址的破解了??
顺带再去看看,此处能否,更加变态的,直接访问url的上一级:
不会直接出现文件列表吧?
还好,没这么变态的,让我们这么轻易的访问😁。
而再去试试:
结果是:
中国电信的服务器?
注意到此处的url:
https://cdn2.xxx.cn/2018-08-16/15344018652023.mp4
中的,mp4文件名:
15344018652023
很明显是个时间戳
去反向解析时间戳,看看时间是多少
结果竟然是:
2456-03-26 03:24:12
不合理啊
注意到,此处不是常见的,时间戳的毫秒是13位,而是14位,所以去掉最后一位:
1534401865202
解析出来是:
2018-08-16 14:44:25
这就对了
顺带把当前配置保存下来:
重新加上后缀chls:
想看看配置,结果发现是二进制:
此处,继续回来看看Charles抓包https的问题:
- 彻底关闭和重新打开Mac中的Charles
- 保证开启了Enable SSL Proxying
- 以及只开启了cdn2.xxx.cn:443
- 然后iPhone中xxx的app,也关闭后重新打开
看看是否还能正常的解析此处我们希望的
的数据
果然真的可以!!!!
使用这样的配置:
Charles中:
SSL Proxying Settings -> SSL Proxying -> Enable SSL Proxying -> Location:
- 只添加:
- cdn2.xxx.cn:443
- 不要添加其他的过滤选项
的地址的https内容,此处就是可以看到https的明文:
了。
而不是之前的红色的出错的unkown,或者是没有开启SSL时的CONNECT但看不到内容的情况了。
最终整理出完全的操作流程和注意事项,详见:
【整理】Mac中用Charles抓包iOS或Android手机app中包括https的数据
转载请注明:在路上 » 【已解决】Charles抓包已安装和信任证书的iPhone但部分https无法解析:Failure EOF EOF reading HTTP headers