r0ysue / r0capture Goto Github PK
View Code? Open in Web Editor NEW安卓应用层抓包通杀脚本
License: Apache License 2.0
r0capture's People
Contributors
Stargazers
Watchers
Forkers
icew4y lr-zhao huangwenyan1225 zhmingzh tinymagicka kingking888 super-keys piowind skvpn dxcyber409 akshayjaing iyzwei4666 lurans xiaoran-xr huluxia guapier d2550 fathui sudami devil125860 crackercat csyjyy wyhuan devilmaycrying belinkang xsren lloves lnsoso sw1ng19 cash2one zzhsec raystyle monsterjkk viho-chen sanqudui8ban mickeystone owen800q n3000 veeeooo nicolas-yuan liufengwenyu m4yfly ifyoung zu1kbackup wemaxel cplasfss sslvtao keqizwl gitwk86 satnglove laowang1026 angrykobe jinqi520 kkilloas q251995379 killerwhiles y1z1n ksharpdabu wangshouman weichenhang jiangfeng0205 sujiantao erge6521 williecool puffhub smile1847 modianor jackyvan michaelzyy inject2006 durunzhe chayao2015 ydg156 tyrone782 a099 sobeited sheepyang1993 otianwen whisperbb onegithuber wulio guguji12345 geogubd binyoucai wyu0hop anylayer yizhimanpadewoniu hzhuhao bill-bil ilovehairtail yiruijie hj3938 shenjihehe dstmath crazyxw zh-juliet liangbaika shamrock33 voccoo onlygodseer0capture's Issues
两种用法对真机上的APP抓包时总是抓不到任何包
我尝试了好几个APP最终都是没有成功抓到包。(google真机实验:酷安9.6.2版、Instagram165版等其他都没有成功)
Spawn 模式运行:被抓包的APP直接闪屏退出,随后出现下面的错误,接着又重新自动启动。
Press Ctrl+C to stop logging.
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, /vendor/lib, '
'/system/lib]]\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at (/script1.js:192)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at '
'(frida/node_modules/frida-java-bridge/index.js:229)\n'
' at apply (native)\n'
' at ne '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:613)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:592)',
'type': 'error'}
Attach 模式运行:也是会出现错误,并会在r0capture.py同级目录下生成空的 .pacp文件。错误如下:
attach
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.instagram.android-1/base.apk"],nativeLibraryDirectories=[/data/app/com.instagram.android-1/lib/x86, '
'/data/app/com.instagram.android-1/base.apk!/lib/x86, /vendor/lib, '
'/system/lib]]\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at (/script1.js:192)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at '
'(frida/node_modules/frida-java-bridge/index.js:212)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOpsWhenReady '
'(frida/node_modules/frida-java-bridge/index.js:231)\n'
' at perform (frida/node_modules/frida-java-bridge/index.js:191)\n'
' at (/script1.js:224)',
'type': 'error'}
我相信这个应该不只有我自己遇到,希望之前有遇到并解决了这个问题的朋友们可以交流一下,谢谢!
tx视频使用这个报错
证书错误?
请问这个问题我应该怎样做呢
SSLpinning position locator => /system/etc/security/cacerts 929ec953.0
java.lang.Throwable
at java.io.File.(Native Method)
at android.security.net.config.DirectoryCertificateSource.findCerts(DirectoryCertificateSource.java:147)
at android.security.net.config.DirectoryCertificateSource.findAllByIssuerAndSignature(DirectoryCertificateSource.java:118)
at android.security.net.config.SystemCertificateSource.findAllByIssuerAndSignature(SystemCertificateSource.java:27)
at android.security.net.config.CertificatesEntryRef.findAllCertificatesByIssuerAndSignature(CertificatesEntryRef.java:65)
at android.security.net.config.NetworkSecurityConfig.findAllCertificatesByIssuerAndSignature(NetworkSecurityConfig.java:146)
at android.security.net.config.TrustedCertificateStoreAdapter.findAllIssuers(TrustedCertificateStoreAdapter.java:46)
at com.android.org.conscrypt.TrustManagerImpl.findAllTrustAnchorsByIssuerAndSignature(TrustManagerImpl.java:917)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:548)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:321)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:113)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:131)
at java.lang.reflect.Method.invoke(Native Method)
at android.net.http.X509TrustManagerExtensions.checkServerTrusted(X509TrustManagerExtensions.java:102)
at bcai.a(SourceFile:3)
at org.chromium.net.X509Util.a(SourceFile:69)
at org.chromium.net.AndroidNetworkLibrary.verifyServerCertificates(SourceFile:8)
怎样配置抓包
传统的charles fiddler等抓包软件, 都是配置代理的方式来抓包, 手机端配置代理
r0capture 这个要怎样来抓包呢? 手机端怎么配置?
ebay抓不到包耶
请教下这是什么错误
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ysw.app-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ysw.app-1/lib/arm, '
'/data/app/com.ysw.app-1/base.apk!/lib/armeabi-v7a, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 126,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ysw.app-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ysw.app-1/lib/arm, '
'/data/app/com.ysw.app-1/base.apk!/lib/armeabi-v7a, /vendor/lib, '
'/system/lib]]\n'
' at frida/node_modules/frida-java-bridge/lib/env.js:126\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:459\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:840\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:128\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:83\n'
' at /script1.js:193\n'
' at frida/node_modules/frida-java-bridge/lib/vm.js:11\n'
' at frida/node_modules/frida-java-bridge/index.js:446\n'
' at frida/node_modules/frida-java-bridge/index.js:395',
'type': 'error'}
Terminated: 15
执行最新版本的出现报错
Traceback (most recent call last):
File "D:/Projects/work/frida_project/r0capture/r0capture.py", line 351, in
ssl_log(int(parsed.process) if parsed.process.isdigit() else parsed.process, parsed.pcap, parsed.verbose, isUsb=parsed.isUsb, isSpawn=parsed.isSpawn, ssllib=parsed.ssl, wait=parsed.wait)
File "D:/Projects/work/frida_project/r0capture/r0capture.py", line 288, in ssl_log
script = session.create_script(_FRIDA_SCRIPT)
File "C:\Users\Vincent\Anaconda3\envs\frida\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "C:\Users\Vincent\Anaconda3\envs\frida\lib\site-packages\frida\core.py", line 204, in create_script
return Script(self._impl.create_script(*args, **kwargs))
frida.InvalidArgumentError: script(line 195): SyntaxError: function statement not allowed
浏览器抓包
问候
你好呀!
现象
刚开始抓的一般app没发现问题。
不过后来试着抓浏览器的包,试了好几个浏览器都发现没有抓下东西
疑惑
个人猜想不是因为包名选的是浏览器,但是浏览网页时的流量是通过webview的,所以抓不到?
Windows 运行报错,是缺少什么环境吗?能不能出个从零到一的教程?
Traceback (most recent call last):
File "r0capture.py", line 63, in <module>
import frida
ModuleNotFoundError: No module named 'frida'
抓包出错
Spawn 模式下抓包APP运行慢甚至出现无响应
你好, 环境是真机AOSP 8.1.0系统 , 能够抓包 , 但是运行几个APP均出现页面加载过慢以及卡住甚至出现APP无响应的提示,
请问是在代码哪个地方可能存在这样耗时
或耗费资源过大的地方, 我尝试自己修改一下 , 谢谢!
小米运动APP 报错
运行抓包脚本报错
最好开头加一行
# -*- coding: utf-8 -*-
怎么连接模拟器
是否可以增加连接模拟器的功能?手机有时候不方便
ebay抓不到包耶
ebay抓不到包耶
肉丝姐,报错了自动退出。。。。
报错如下:
{'columnNumber': 1,
'description': 'Error: Implementation for socketRead0 expected return value '
'compatible with int',
'fileName': 'frida/node_modules/frida-java-bridge/lib/class-factory.js',
'lineNumber': 614,
'stack': 'Error: Implementation for socketRead0 expected return value '
'compatible with int\n'
' at ne '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:614)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:592)',
'type': 'error'}
安卓7.1 frida版本 14.2.2和12.8.20都试过,抓的过程中报错如上,试过手淘,美团,拼多多。。。。
Attach模式如何抓HTTPS包
抓出来的pcap用wireshark打开是这样的。
抓包的时候出现好多异常
工具: frida 14.2.3
手机: nexus 5x
apk: didi
老版本没异常,但是并抓不到didi的什么包
新版本一堆异常还没查看包
是否能抓到那些绕过了代理的包?
是否能抓到那些绕过了代理的包。
程序和正常的charles等抓包工具的原理(中间人攻击)是一样的吗?
示例:mei团外卖app, 获取商超门店信息;
由于有代理检测,所以正常charles是抓不到包的。使用全局代理软件:drony后,是可以抓到包的(也是走http协议)。
1、是否能支持需要全局代理的抓包。
2、全局代理后,app应用能“感知”到使用了代理,这使得响应数据可能异常,是否能避开“感知”,无感知抓包。
抓包后APP请求变慢
你好, 真机环境, Nexus 6p, Android 8.1.0
使用r0capture抓包之后, 被抓App的响应速度非常慢, 大部分图片无法加载, 请问是在哪里导致?
NameError: name 'hexdump' is not defined
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 833A98DD38DCA4E3FAA733B177DE922A6B10A0958B473301799FA91CAEF1ACF3
[SSL_read] 115.159.231.144:443 --> 172.16.1.15:54395
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: B5FEB6A8BFF0EDC0B2C09F0DC545B9A217E1DC4A95790CA1A4DB932EE3D859B0
[SSL_read] 123.206.235.144:443 --> 172.16.1.15:47914
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: D4E416C3AE4F321FFA8196616BC8C251E7E3954DCD3D200138309E67CCA1DFF5
[SSL_read] 123.206.235.145:443 --> 172.16.1.15:34207
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: DD9542DD18D63C80C062E26EC2673A637E9B085103A342B444166EC196021C89
[SSL_read] 123.206.235.144:443 --> 172.16.1.15:47912
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session:
[HTTP_send] 172.16.1.15:33222 --> 14.22.7.140:80
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session:
[HTTP_recv] 14.22.7.140:80 --> 172.16.1.15:33222
Traceback (most recent call last):
File "D:\python\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "D:\javaby\gongju\r0capture\r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
how to use
你好👋作者大大,首先我拿到这个项目。我以为是可以局域网arp欺骗然后截获android设备的所有ssl流量。可是我看到你的参数-U 后面连接的是com.qiyi.video,而且执行中没有输入任何ip地址,我不太懂这是什么意思。-U参数是connect to USB device,我也在网上搜了一下,目前没有次项目的教程。请问能请教一下吗? @r0ysue
加固了的APP,frida 能 attch,但是抓不了
环境 macOS + 网易mumu
Instragram无法抓包
Package Version
-------------- -------
colorama 0.4.4
frida 14.1.2
frida-tools 9.0.1
hexdump 3.3
pip 18.1
prompt-toolkit 3.0.8
Pygments 2.7.2
setuptools 40.6.2
wcwidth 0.2.5
--------------------------------------------------------------------------------------------
.oooo. .
d8P'`Y8b .o8
oooo d8b 888 888 .ooooo. .oooo. oo.ooooo. .o888oo oooo oooo oooo d8b .ooooo.
`888""8P 888 888 d88' `"Y8 `P )88b 888' `88b 888 `888 `888 `888""8P d88' `88b
888 888 888 888 .oP"888 888 888 888 888 888 888 888ooo888
888 `88b d88' 888 .o8 d8( 888 888 888 888 . 888 888 888 888 .o
d888b `Y8bd8P' `Y8bod8P' `Y888""8o 888bod8P' "888" `V88V"V8P' d888b `Y8bod8P'
888
o888o
https://github.com/r0ysue/r0capture
--------------------------------------------------------------------------------------------
attach
Traceback (most recent call last):
File "r0capture.py", line 346, in <module>
ssl_log(int(parsed.process) if parsed.process.isdigit() else parsed.process, parsed.pcap, parsed.verbose, isUsb=parsed.isUsb, isSpawn=parsed.isSpawn, ssllib=parsed.ssl, wait=parsed.wait)
File "r0capture.py", line 256, in ssl_log
session = device.attach(process)
File "/Users/esingtse/.pyenv/versions/frida/lib/python3.6/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/Users/esingtse/.pyenv/versions/frida/lib/python3.6/site-packages/frida/core.py", line 156, in attach
return Session(self._impl.attach(self._pid_of(target)))
frida.TransportError: the connection is closed
Instrgram在抓包开始前运行python r0capture.py -U com.instagram.android -p ins.pcap,程序会直接闪退,重新打开程序的时候报错
quic协议支持吗
dump客户端证书 hook java.security.KeyStore$PrivateKeyEntry.init 构造函数会不会更好一点
直接dump传入私钥和证书链 可以减少重复的证书保存.
这里名字不统一 有bug
help
Traceback (most recent call last):
File "/root/r0capture/r0capture.py", line 356, in
ssl_log(
File "/root/r0capture/r0capture.py", line 257, in ssl_log
pid = device.spawn([process])
File "/usr/local/lib/python3.9/dist-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/dist-packages/frida/core.py", line 140, in spawn
return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.ServerNotRunningError: unable to connect to remote frida-server
不支持http/2
我让流量经过 charles,http2 的包在 charles 有记录,但是脚本没有记录,是因为http2使用了其他的函数发包的吗?
如何使用?
不太会用这种方式抓包,能否指导下如何使用?
does not working on Genymotion
hi there
does not working on Genymotion
facebook , or twitter or instagram
NameError: name 'hexdump' is not defined
运行:报错,且没有导出客户端证书,(App已添加存储权限)
python r0capture.py -H 192.168.50.153:8888 -f xxx.xxx.xxx.xxx -v
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 71A92366608A0A253692FADF47DCC8377D374F83C20B8B7C345E360D9D3272BB
[SSL_read] 120.83.147.111:443 --> 192.168.50.153:37088
Traceback (most recent call last):
File "/root/miniconda3/envs/py380/lib/python3.8/site-packages/frida/core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 239, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
^CYou have stoped logging.
^C^C^C^C^CYou have stoped logging.
5.0盒子报错,找不到类
columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '...
flutter-app抓包报错
你好,肉丝姐,在应用到一个flutter-app的时候,报错如下:
attach
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ec.vc-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ec.vc-1/lib/arm, '
'/data/app/com.ec.vc-1/base.apk!/lib/armeabi-v7a, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.ec.vc-1/base.apk"],nativeLibraryDirectories=[/data/app/com.ec.vc-1/lib/arm, '
'/data/app/com.ec.vc-1/base.apk!/lib/armeabi-v7a, /vendor/lib, '
'/system/lib]]\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at <anonymous> (/script1.js:193)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/index.js:212)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOpsWhenReady '
'(frida/node_modules/frida-java-bridge/index.js:231)\n'
' at perform (frida/node_modules/frida-java-bridge/index.js:191)\n'
' at <eval> (/script1.js:225)',
'type': 'error'}
testapp: https[]//v-com.life/Android/V-Com-1.0.3.apk
最近在研究flutter app抓包,真是碰到硬石头了。
此app有内置证书校验,查询了网上的办法,但frida hook 不到 libflutter.so
function listmodules()
{
Process.enumerateModules({
onMatch: function(module){
console.log(JSON.stringify(module));
if(module.name == "libflutter.so"){
console.log("Base address: " + module.base)
console.log(JSON.stringify(module));
var pattern = "2d e9 f0 4f a3 b0 81 46 50 20"
var results = Memory.scanSync(module.base, module.size, pattern);
console.log('Memory.scanSync() result:\n' +
JSON.stringify(results));
}
},
onComplete: function(){}
});
}
TypeError: not a function
r0capture最新版
frida 14.2.3
{'columnNumber': 1,
'description': 'TypeError: not a function',
'fileName': '/script1.js',
'lineNumber': 353,
'stack': 'TypeError: not a function\n'
' at (/script1.js:353)\n'
' at apply (native)\n'
' at ne '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:613)\n'
' at '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:592)',
'type': 'error'}
Proxy Traffic
Is there any way with which we can proxy the traffic to mitmproxy or any other tool instead of saving it as a PCAP file?
NameError: name 'hexdump' is not defined
hexdump 是不是需要安装
加固包如何抓包
已知APP做了加固,比如爱加密、邦邦加固,这些都有反调试、反HOOK的功能,是否还有效?
经测试,抓不到包
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.test.vc-2/base.apk"],nativeLibraryDirectories=[/data/app/com.test.vc-2/lib/arm, '
'/data/app/com.test.vc-2/base.apk!/lib/armeabi-v7a, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 124,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.test.vc-2/base.apk"],nativeLibraryDirectories=[/data/app/com.test.vc-2/lib/arm, '
'/data/app/com.test.vc-2/base.apk!/lib/armeabi-v7a, /vendor/lib, '
'/system/lib]]\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/env.js:124)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:443)\n'
' at value '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:812)\n'
' at _make '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:112)\n'
' at use '
'(frida/node_modules/frida-java-bridge/lib/class-factory.js:63)\n'
' at use (frida/node_modules/frida-java-bridge/index.js:245)\n'
' at <anonymous> (/script1.js:190)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOps '
'(frida/node_modules/frida-java-bridge/index.js:237)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/index.js:212)\n'
' at <anonymous> '
'(frida/node_modules/frida-java-bridge/lib/vm.js:12)\n'
' at _performPendingVmOpsWhenReady '
'(frida/node_modules/frida-java-bridge/index.js:231)\n'
' at perform (frida/node_modules/frida-java-bridge/index.js:191)\n'
' at <eval> (/script1.js:222)',
'type': 'error'}
你好,请问能否详细讲一下使用流程?
我是Python新手,不太明白frida的机制
运行项目时出现frida.ServerNotRunningError: unable to connect to remote frida-server: closed
我想应该是我没有开启服务之类的,能否详细说一下这个抓包的流程?
frida.ServerNotRunningError: unable to connect to remote frida-server: closed
frida.ServerNotRunningError: unable to connect to remote frida-server: closed
"Error: java.lang.ClassNotFoundException: Didn't find class "
你好 我在使用该脚本时遇到错误了
能知道这是怎么回事吗 感谢~
咋用啊 大哥
安卓6运行报错
真机安卓6运行报错,不知是否可以修复一下,以支持程序在安卓6上的运行。
报错如下
attach
{'columnNumber': 1,
'description': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.sankuai.meituan.takeoutnew-1/base.apk"],nativeLibraryDirectories=[/data/app/com.sankuai.meituan.takeoutnew-1/lib/arm, '
'/data/app/com.sankuai.meituan.takeoutnew-1/base.apk!/lib/armeabi, '
'/vendor/lib, /system/lib]]',
'fileName': 'frida/node_modules/frida-java-bridge/lib/env.js',
'lineNumber': 126,
'stack': "Error: java.lang.ClassNotFoundException: Didn't find class "
'"java.net.SocketOutputStream" on path: DexPathList[[zip file '
'"/data/app/com.sankuai.meituan.takeoutnew-1/base.apk"],nativeLibraryDirectories=[/data/app/com.sankuai.meituan.takeoutnew-1/lib/arm, '
'/data/app/com.sankuai.meituan.takeoutnew-1/base.apk!/lib/armeabi, '
'/vendor/lib, /system/lib]]\n'
' at frida/node_modules/frida-java-bridge/lib/env.js:126\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:459\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:840\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:128\n'
' at '
'frida/node_modules/frida-java-bridge/lib/class-factory.js:83\n'
' at /script1.js:193\n'
' at frida/node_modules/frida-java-bridge/lib/vm.js:11\n'
' at frida/node_modules/frida-java-bridge/index.js:446\n'
' at frida/node_modules/frida-java-bridge/index.js:395',
'type': 'error'}
win10电脑上anaconda运行
运行: python r0capture.py -U -f com.qiyi.video
报错信息:frida.InvalidArgumentError: device not found
程序报错
执行 python3 r0capture.py -U -f com.px.app -v
SSL Session: 260DD20314522F822376002763B4407F0901476261B7DC3C70E
[SSL_write] 172.17.100.15:51203 --> xxxx:443
Traceback (most recent call last):
File "C:\Users\xxx\AppData\Local\Programs\Python\Python37-32\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 236, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
SSL Session: 260DD20314522F822376002763B4407F0901476261B7DC3C70E333900E
[SSL_read] xxx:443 --> 172.17.100.15:51203
Traceback (most recent call last):
File "C:\Users\xxx\AppData\Local\Programs\Python\Python37-32\lib\site-packages\frida\core.py", line 383, in _on_message
callback(message, data)
File "r0capture.py", line 236, in on_message
hexdump.hexdump(data)
NameError: name 'hexdump' is not defined
You have stoped logging.
微信抓包不全
对微信进行抓包时,抓包的流量十分有限,抓不到有意义的http流量
请问如何运行该程序 ,运行环境是在手机上还是代理模式。
这个是运行在手机本机上吗?是否为代理模式?
https的包能抓吗
https 不安装证书能抓吗,能解析吗
如果需要证书,如何安装呢,谢谢
抓到的包是 ssl 加密的
华为游戏中心抓到的包是 ssl 加密的,且没导出证书
有情况
尝试了京东v8.4.0 和 滴滴v5.4.18_903,android8.1.0,主要抓包订单信息,滴滴可以抓到订单详情的返回,请求抓不到;京东完全抓不到。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.