最新消息:20210816 当前crifan.com域名已被污染,为防止失联,请关注(页面右下角的)公众号

【已解决】Charles抓包已安装和信任证书的iPhone但部分https无法解析:Failure EOF EOF reading HTTP headers

https crifan 3857浏览 0评论
折腾:
【未解决】iPhone中安装Charles证书使得可以抓包https和CONNECT
期间,已经去安装并信任了Charles的证书了。
然后此处现象是:
部分的https可以抓包了,不是之前的unknown了:
但是部分https,尤其是和接口api,数据cdn等关键接口,还是unknown,且是红色的出错的:
URL 
https://childapi.xxx.com
Status 
Failed
Failure 
EOF: EOF reading HTTP headers
Notes
 You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
Response Code
 200 Connection established
Protocol 
HTTP/1.1
去看官网的解释:
SSL Certificates • Charles Web Debugging Proxy

iOS devices

  • Set your iOS device to use Charles as its HTTP proxy in the Settings app > Wifi settings.
  • Open Safari and browse to https://chls.pro/ssl. Safari will prompt you to install the SSL certificate.
  • If you are on iOS 10.3 or later, open the Settings.app and navigate to General > About > Certificate Trust Settings, and find the Charles Proxy certificate, and switch it on to enable full trust for it (More information about this change in iOS 10).
  • Now you should be able to access SSL websites with Charles using SSL Proxying.
Charles supports App Transport Security (ATS) as of the 3.11.4 release.
已经完全按照操作了。
但是现在是:
部分https有效,部分https无效
并且,此处开了SSL的话:
app端就无法加载数据了
-》估计是因为Charles解析出错了
-》而不开SSL的话:
虽然不能看https的明文内容,但是至少是
app可以正常使用,正常加载数据,播放视频的:
Charles可以正常抓https的包的:
charles https some url unknown
charles https partial  unknown
encoding – Charles Proxy Response unreadable – Stack Overflow
右击后:
Enable SSL Proxying
SSL Proxying Disabled
都是灰色的,无法操作。
应该还是全局的去开启和关闭的。
Charles Proxy SSL Certificate not working – Stack Overflow
估计还是因为:
https://stackoverflow.com/questions/19108067/charles-proxy-fails-on-ssl-connect-method
“You can face with this problem at some applications like Facebook or Instagram. Charles certificate doesn’t work at some new apps because they are using a technique named as SSL-PINNING. First of all you have to break ssl-pinning system of application or you can instal old version of application then it sometimes works but we need a new solution about ssl pinning in order to record traffic for this kind of applications.”
部分请求,支持SSL-PINNING
Charles抓包工具 – 简书
去关闭Mac中此处的ss翻墙,重启Charles,问题依旧。
然后注意到出错信息:
URL 
https://childapi.xxx.com
Status 
Failed
Failure 
EOF: EOF reading HTTP headers
Notes 
You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
Response Code 
200 Connection established
前端 – Mac上Charles抓包,显示unknown – SegmentFault 思否
Charles抓https显示unknown解决方法 – 简书
Charles抓https显示unknown解决方法 – 简书
Charles Root Certificates

Charles uses its own Root SSL certificate for SSL requests through Charles to hosts enabled for SSL Proxying. The Root certificate is generated automatically for each Charles installation.
Because Charles has signed the Root certificate itself, it won't be trusted by your browsers or applications. In order to use the SSL Proxying feature in Charles you therefore need to add the Root certificate for your copy of Charles to the trust-store on your OS, and perhaps in your browser.
Use the options in the SSL submenu in the Help menu in Charles to help install the Root certificate. You can install the certificate on the current OS, or on remote devices or browsers.
To install the certificate in Mozilla Firefox, first configure Firefox to use Charles as its proxy then browse to chls.pro/ssl.
参考:
Charles抓https显示unknown解决方法 – 简书
iPhone中,故意去用Safari去打开百度:
https://www.baidu.com
可见,Charles是可以正常抓取的https的,至少是普通的https是可以抓取的:
所以现在确定是:
普通的https,是可以抓包解析看到明文的
但是特殊的https,就不行了。
charles https Failure EOF EOF reading HTTP headers
Charles安装和抓包及报错 – 简书
试了试:
右键想要抓包的https请求 -》Disable SSL Proxying
-》结果等价于全局的 开启/关闭 SSL
不过此处突然有个惊喜:
在对于
https://cdn2.xxx.cn
去右键
Enable SSL Proxying
和:
Disable SSL Proxying
几次之后,突然发现新出现一个:
https://cdn2.xxx.cn
然后其中https的内容,可以正常解析了,可以看到视频内容了:
可见,就可以去获取mp4的原始文件了:
:status: 206
server: Tengine
content-type: video/mp4
content-length: 6529075
date: Mon, 27 Aug 2018 10:18:38 GMT
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=31536000
content-disposition: inline; filename="15235223183506.mp4"; filename*=utf-8' '15235223183506.mp4
content-transfer-encoding: binary
etag: "lqkSSgYXoIRjZmN-xmYeqk3yI95l"
last-modified: Thu, 12 Apr 2018 08:38:40 GMT
x-log: mc.g/404;rs39_7.sel/not found;rs38_21.sel/not found;rdb.g;bs.r.47.198.9742547879;DBD;v4.get;rwro.get:1;RS.dbs:1;RS:1;mc.s;xs0EBD;mc.g;IO:41
x-m-log: QNM:tj29;QNM3:200
x-m-reqid: jQYAALAC6aVwtk4V
x-qiniu-zone: 0
x-qnm-cache: MissFg
x-reqid: D3UAAHk_2cbIsU4V
x-svr: IO
via: cache29.l2et2-2[363,200-0,M], cache41.l2et2-2[365,0], cache13.cn1402[0,206-0,H], cache2.cn1402[1,0]
age: 595777
x-cache: HIT TCP_MEM_HIT dirn:12:127931952 mlen:-1
x-swift-savetime: Mon, 27 Aug 2018 10:18:38 GMT
x-swift-cachetime: 2592000
content-range: bytes 65536-6594610/6594611
timing-allow-origin: *
eagleid: 65597d1615359608952172616e
...
后面就是视频原始数据了
去:
Copy cURL Request
后的结果是:
curl -H 'Host: cdn2.xxx.cn' -H 'accept: */*' -H 'x-playback-session-id: 60E7555D-5F0D-4ACF-B16B-2D7C93E045A2' -H 'range: bytes=65536-6594610' -H 'user-agent: AppleCoreMedia/1.0.0.15E216 (iPhone; U; CPU OS 11_3 like Mac OS X; zh_cn)' -H 'accept-language: zh-cn' '

'
其中mp4地址是:
https://cdn2.xxx.cn/2018-04-12/15235223183506.mp4
看看浏览器能否直接打开:
https://cdn2.xxx.cn/2018-04-12/15235223183506.mp4
竟然是可以直接打开的:
!!!!
真是太帅了
那么再去研究看看,如何才能复现之前的操作,使得之前:
开启了:
Enable SSL Proxying
后,始终红色unknown的https的地址:
https://cdn2.xxx.cn
如何才能:
被正常解析到
然后此处刚注意到:
此处对于
https://cdn2.xxx.cn
右键去:
Disable SSL Proxying
后,此处SSLProxying的配置中,自动帮忙加了条配置:
cdn2.xxx.cn:443
-》这个配置是很容易理解的
-》但是为何单独只选择这个url后,然后就能正常解析,而之前
*:*
为何不可以,就很奇怪。
不管,先去再去app中操作播放视频,看看此处能否正常实现https解析
此处再去iPhone中xxx的ap中打开另外一个视频:
然后此处抓包:
竟然真的是可以正常解析的了
不过看到的不是一个url,同一个视频的url,多次的请求:
然后此处去拷贝视频地址:
双击 Url后面的value的值:
https://cdn2.xxx.cn/2018-08-16/15344018652023.mp4
然后去浏览器再去打开,看看是否也能正常播放:
竟然也是可以的!!!!
那么好像此处真的就实现了xxx的app端的视频的地址的破解了??
顺带再去看看,此处能否,更加变态的,直接访问url的上一级:
https://cdn2.xxx.cn/2018-08-16/
不会直接出现文件列表吧?
还好,没这么变态的,让我们这么轻易的访问😁。
而再去试试:
https://cdn2.xxx.cn/
结果是:
中国电信的服务器?
注意到此处的url:
https://cdn2.xxx.cn/2018-08-16/15344018652023.mp4
中的,mp4文件名:
15344018652023
很明显是个时间戳
去反向解析时间戳,看看时间是多少
时间戳(Unix timestamp)转换工具 – 在线工具
结果竟然是:
2456-03-26 03:24:12
不合理啊
注意到,此处不是常见的,时间戳的毫秒是13位,而是14位,所以去掉最后一位:
1534401865202
解析出来是:
2018-08-16 14:44:25
这就对了
顺带把当前配置保存下来:
重新加上后缀chls:
想看看配置,结果发现是二进制:
此处,继续回来看看Charles抓包https的问题:
  • 彻底关闭和重新打开Mac中的Charles
  • 保证开启了Enable SSL Proxying
    • 以及只开启了cdn2.xxx.cn:443
  • 然后iPhone中xxx的app,也关闭后重新打开
看看是否还能正常的解析此处我们希望的
https://cdn2.xxx.cn/
的数据
果然真的可以!!!!
使用这样的配置:
Charles中:
SSL Proxying Settings -> SSL Proxying -> Enable SSL Proxying -> Location:
  • 只添加:
    • cdn2.xxx.cn:443
  • 不要添加其他的过滤选项
然后对于正确安装了Charles证书,且设置信任根证书后,iOS中对应app xxx,去点击播放视频页面后,此处Charles即可抓取并正确解析出对应的
的地址的https内容,此处就是可以看到https的明文:
了。
而不是之前的红色的出错的unkown,或者是没有开启SSL时的CONNECT但看不到内容的情况了。
最终整理出完全的操作流程和注意事项,详见:
【整理】Mac中用Charles抓包iOS或Android手机app中包括https的数据

转载请注明:在路上 » 【已解决】Charles抓包已安装和信任证书的iPhone但部分https无法解析:Failure EOF EOF reading HTTP headers

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
81 queries in 0.242 seconds, using 22.13MB memory