Giters

r0ysue / r0capture

安卓应用层抓包通杀脚本

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

无法绕过ssl pinning

ZhouZiyi1 opened this issue · comments

commented

类似issue #38,我显示的结果如下。但是我在app的代码里,没看到org.chromium.net.AndroidNetworkLibrary这个类,frida直接hook也显示这个类不存在。请问这种情况是什么原因,怎么hook呢?谢谢。

2022-08-17 15:11:30.854 | INFO     | __main__:on_message:222 - SSLpinning position locator => /system/etc/security/cacerts aec28df6.0
2022-08-17 15:11:30.855 | INFO     | __main__:on_message:223 - java.lang.Throwable
        at java.io.File.<init>(Native Method)
        at android.security.net.config.DirectoryCertificateSource.findCerts(DirectoryCertificateSource.java:144)
        at android.security.net.config.DirectoryCertificateSource.findAllByIssuerAndSignature(DirectoryCertificateSource.java:115)
        at android.security.net.config.SystemCertificateSource.findAllByIssuerAndSignature(SystemCertificateSource.java:27)
        at android.security.net.config.CertificatesEntryRef.findAllCertificatesByIssuerAndSignature(CertificatesEntryRef.java:65)
        at android.security.net.config.NetworkSecurityConfig.findAllCertificatesByIssuerAndSignature(NetworkSecurityConfig.java:146)
        at android.security.net.config.TrustedCertificateStoreAdapter.findAllIssuers(TrustedCertificateStoreAdapter.java:46)
        at com.android.org.conscrypt.TrustManagerImpl.findAllTrustAnchorsByIssuerAndSignature(TrustManagerImpl.java:936)
        at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:560)
        at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:507)
        at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:335)
        at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:113)
        at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:133)
        at java.lang.reflect.Method.invoke(Native Method)
        at android.net.http.X509TrustManagerExtensions.checkServerTrusted(X509TrustManagerExtensions.java:101)
        at dh.a(:com.google.android.gms.dynamite_cronetdynamite@221215065@22.12.15 (100400-0):1)
        at di.b(:com.google.android.gms.dynamite_cronetdynamite@221215065@22.12.15 (100400-0):18)
        at org.chromium.net.AndroidNetworkLibrary.verifyServerCertificates(:com.google.android.gms.dynamite_cronetdynamite@221215065@22.12.15 (100400-0):1)
commented

Frida 指定classloader hook动态加载的类
参考:https://blog.csdn.net/qq_39441603/article/details/126732909