进城务工人员小梅iOS12下使用Fiddler抓HTTPS包时,除了正常的:
1、开启Fiddler的远程访问权限;
2、安装SSL根证书;
以外,还有两点需要注意:
1、到https://www.telerik.com/fiddler/add-ons上安装CertMaker插件
Fiddler CertMaker插件
2、Trust manually installed certificate profiles in iOS
根据苹果官网的说法,iOS10.3以后安装的自签名证书需要再次人工信任一下(If you want to turn on SSL trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under “Enable full trust for root certificates,” turn on trust for the certificate):
|
1 |
In iOS 10.3 and later, when you manually install a profile that contains a certificate payload, that certificate isn't automatically trusted for SSL. |
我们需要注意,在此操作之后如果APP没有证书校验是能够抓到的(如使用Safari访问https://www.baidu.com能够抓到):
Safari等无证书验证的APP可被正常抓包
但AppStore等应用中某些敏感的请求(如AppleId注册等)是抓不到的,这个问题在参考资料2中有所说明:
部分敏感请求有证书验证
如果要绕过SSL证书校验,可以在越狱后参考使用https://github.com/nabla-c0d3/ssl-kill-switch2:
越狱后安装ssl-kill-switch2
如果要抓AppStore的包还需要重启itunesstored进程,在https://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios中有说明。
在https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing中讲到了针对NSURLSession、AlamoFire、AFNetworking、TrustKit几个具体的钩子。
参考资料:
1、https://www.telerik.com/forums/ios-app-not-allowing-me-to-connect-when-‘decrypt-https-traffic’-is-enabled
2、https://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios
3、https://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForiOS
4、https://support.apple.com/en-us/HT204477
转载时请保留出处,违法转载追究到底:进城务工人员小梅 » 苹果iOS12下使用Fiddler抓HTTPS包