下载安装
https://telerik-fiddler.s3.amazonaws.com/fiddler/FiddlerSetup.exe
Fiddler设置
Tools→options→https→勾上Capture Https Connections→勾上Decrypt HTTPS
traffic→选择from all process
Tools->Options->connections→Fiddler listens on port→填上8888→勾上Allow
remote computers to connect
查电脑ip
开始菜单输入cmd打开命令行,在里面输入ipconfig | findstr "IPv4"就可以看到电脑局域网ip
我的ip是10.13.0.6
手机设置
长按wifi,选择高级、代理为手动、填写电脑ip、端口8888。
安装证书
安装证书才可以抓到https的数据包。打开手机浏览器,输入证书网址ip+port
比如我的是 10.13.0.6:8888打开证书界面,点击FiddlerRoot certificate安装证书。
证书网页打不开
如果在手机浏览器上打不开证书网址 ,输入ip+port比如我的是 10.13.0.6:8888打不开怎么办不要急,先在电脑浏览器上打开证书网址。如果打不开的话,请检查你Fiddler版本和Fiddler设置。如果电脑可以正常打开证书网址,而手机打不开,那就设置下防火墙。还有一次情况是这样的、手机上就是打不开、当时是手机升级版本了、也不知道怎么处理、但是手机浏览器一直开着在尝试打开10.13.0.6:8888、过了大概五分钟自动打开了。
开始→控制面板→Windows 防火墙→允许程序→勾上Fiddler就可以了
捕获不到app的网络请求
targetSdkVersion 28 后android 9.0手机抓不到包。手机已经做出上述设置了、然后可以成功捕获手机chrome浏览器发出的网络请求、但是自己写的app的网络请求捕捉不到,最后排查发现是 targetSdkVersion 28 抓不到包。targetSdkVersion 28 会导致Cleartext HTTP traffic to not permitted 错误。解决方案有很多,比如在AndroidManifest.xml配置文件的标签中直接插入
android:usesCleartextTraffic="true"
Android 禁止代理抓包
https://blog.youkuaiyun.com/chenhuakang/article/details/82178988
/**
* Same as {@link #openConnection()}, except that the connection will be
* made through the specified proxy; Protocol handlers that do not
* support proxing will ignore the proxy parameter and make a
* normal connection.
*
* Invoking this method preempts the system's default ProxySelector
* settings.
*
* @param proxy the Proxy through which this connection
* will be made. If direct connection is desired,
* Proxy.NO_PROXY should be specified.
* @return a <code>URLConnection</code> to the URL.
* @exception IOException if an I/O exception occurs.
* @exception SecurityException if a security manager is present
* and the caller doesn't have permission to connect
* to the proxy.
* @exception IllegalArgumentException will be thrown if proxy is null,
* or proxy has the wrong type
* @exception UnsupportedOperationException if the subclass that
* implements the protocol handler doesn't support
* this method.
* @see java.net.URL#URL(java.lang.String, java.lang.String,
* int, java.lang.String)
* @see java.net.URLConnection
* @see java.net.URLStreamHandler#openConnection(java.net.URL,
* java.net.Proxy)
* @since 1.5
*/
public URLConnection openConnection(Proxy proxy)
throws java.io.IOException {
if (proxy == null) {
throw new IllegalArgumentException("proxy can not be null");
}
// Create a copy of Proxy as a security measure
Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : sun.net.ApplicationProxy.create(proxy);
SecurityManager sm = System.getSecurityManager();
if (p.type() != Proxy.Type.DIRECT && sm != null) {
InetSocketAddress epoint = (InetSocketAddress) p.address();
if (epoint.isUnresolved())
sm.checkConnect(epoint.getHostName(), epoint.getPort());
else
sm.checkConnect(epoint.getAddress().getHostAddress(),
epoint.getPort());
}
return handler.openConnection(this, p);
}
抓包https
如果抓不到https包,请增加如下配置
src/main/res/xml/network_security_config.xml
内容如下
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<!-- https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/-->
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
然后在application中引用
<application
android:networkSecurityConfig="@xml/network_security_config"
>
扫一扫
1509
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
