Android版
Android版=安卓版抖音,对于网络抓包做了限制,导致的现象是:
- 当已设置好WiFi的代理,再去抓包抖音,会出现:
网络错误。当前无网络,请检查后重试 - mitmdump等抓包工具抓包时报错:
Client TLS handshake failed
[16:07:30.334][192.168.1.20:40974] server connect polaris.zijieapi.com:443 (223.111.245.248:443) [16:07:30.381][192.168.1.20:40974] Client TLS handshake failed. The client does not trust the proxy's certificate for polaris.zijieapi.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')])) [16:07:30.381][192.168.1.20:40974] client disconnect [16:07:30.381][192.168.1.20:40974] server disconnect polaris.zijieapi.com:443 (223.111.245.248:443) [16:07:33.674][192.168.1.20:40984] client connect [16:07:33.693][192.168.1.20:40984] server connect api3-normal-c.amemv.com:443 ([2409:8c20:aa51:2e:3::3de]:443) [16:07:33.734][192.168.1.20:40984] Client TLS handshake failed. The client does not trust the proxy's certificate for api3-normal-c.amemv.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')])) ... [16:07:42.408][192.168.1.20:37932] server disconnect i.snssdk.com:443 ([2409:8c20:5223:104:3::3fd]:443) [16:07:44.161][192.168.1.20:37946] client connect [16:07:44.195][192.168.1.20:37946] server connect log.snssdk.com:443 ([2409:8c20:9c73:103:3::9]:443) [16:07:44.321][192.168.1.20:37946] Client TLS handshake failed. The client does not trust the proxy's certificate for log.snssdk.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')])) [16:07:44.324][192.168.1.20:37946] client disconnect [16:07:44.326][192.168.1.20:37946] server disconnect log.snssdk.com:443 ([2409:8c20:9c73:103:3::9]:443) [16:07:44.378][192.168.1.20:37962] client connect [16:07:44.403][192.168.1.20:37962] server connect log.snssdk.com:443 ([2409:8c20:9c73:103:3::8]:443) [16:07:44.451][192.168.1.20:37962] Client TLS handshake failed. The client does not trust the proxy's certificate for log.snssdk.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')])) [16:07:44.453][192.168.1.20:37962] client disconnect [16:07:44.454][192.168.1.20:37962] server disconnect log.snssdk.com:443 ([2409:8c20:9c73:103:3::8]:443) [16:07:47.372][192.168.1.20:41272] client connect [16:07:47.382][192.168.1.20:41272] server connect i.snssdk.com:443 ([2409:8c20:5223:104:3::3fe]:443) [16:07:47.412][192.168.1.20:41272] Client TLS handshake failed. The client does not trust the proxy's certificate for i.snssdk.com (OpenSSL Error([('SSL routines', '', 'ssl/tls alert certificate unknown')])) [16:07:47.413][192.168.1.20:41272] client disconnect [16:07:47.413][192.168.1.20:41272] server disconnect i.snssdk.com:443 ([2409:8c20:5223:104:3::3fe]:443)
主要是用的另外一个手段:
改用另外一个网络库(Google开发的):Cronet
而其默认不允许https抓包,而想要绕过限制,可以去hook特定的一些函数,从而实现,绕过抓包限制,可以正常(https)抓包。
而实现绕过安卓版抖音的抓包限制的:
- 核心思路,就一种
- hook函数
SSL_CTX_set_custom_verify,使其参数mode从1改为0- 目的:实现忽略SSL协议验证,从而允许https抓包
- hook函数
不过具体实现做法=方式,有2种:
- hook代码的方式
- 用Frida找到并去hook函数
SSL_CTX_set_custom_verify,使其参数mode从1改为0
- 用Frida找到并去hook函数
- 修改并替换so库的方式
- 已知上述几个特定函数是属于
libsscronet.so,所以可以去修改此so库文件,并替换掉该库文件
- 已知上述几个特定函数是属于
下面详细解释: