在对采用HTTPS协议的APP进行抓包时出现部分URL可解析请求原文,部分请求解析不了,Fiddler提示如下
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
“调用 SSPI 失败,请参见内部异常。 证书链是由不受信任的颁发机构颁发的”;
用Wireshark抓取的正常通信如下,查阅资料对比没发现有双向验证
请教这种该如何抓包?
补充:
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
大家讲道理2017-04-18 09:50:08
The problem has been solved, thank you everyone for your answers!
After rooting, I used the artifact xposed to bypass the certificate binding
伊谢尔伦2017-04-18 09:50:08
You can’t parse the text, right? It’s SSLv3 encrypted, and the server’s certificate seems to have been obtained by yourself
PHP中文网2017-04-18 09:50:08
You can try charles to capture HTTPS requests. . . But you need to install the certificate on your phone first. . http://www.tuicool.com/articl...
PHP中文网2017-04-18 09:50:08
It is recommended that you use wireshark. It is very professional and can catch anything