小程序|App抓包(一)环境篇
![](https://pic4.zhimg.com/v2-4c7872bc32777e31616662c3728ab8eb_b.jpg)
小程序|App抓包(一)环境篇
----------Charles安装配置---------
一、charles安装配置
https://www.charlesproxy.com/download/
![](https://pic4.zhimg.com/v2-2e48aa390f8afe4d21f63cc84c9ad277_b.jpg)
下载即可
![](https://pic2.zhimg.com/v2-a6b7aac5668d99d7f5b307e64bb05a65_b.jpg)
安装:
![](https://pic1.zhimg.com/v2-3758fcab6f4ccc9dec9febccb6164f24_b.jpg)
激活:
https://www.zzzmode.com/mytools/charles/
![](https://pic1.zhimg.com/v2-b99371bbc812cfc6f2591cf7627476e8_b.jpg)
或者是:
注册码:
Registered Name: https://zhile.io License Key: 48891cf209c6d32bf4
激活:
![](https://pic4.zhimg.com/v2-43ca5761393e07feeeb84e174c2c965b_b.jpg)
安装证书:
![](https://pic4.zhimg.com/v2-20a4595b5674c9574638340c69a73dbf_b.jpg)
a. windows
windows 直接 Help -> SSL Proxying -> Install Charles Root Certificate
然后都是点击下一步即可
![](https://pic2.zhimg.com/v2-3e92f251060bac8868a8cb698cc32d31_b.jpg)
![](https://pic2.zhimg.com/v2-dec6c377cd1de34b995603d9e3d747a5_b.jpg)
b. mac
mac 也是直接 Help -> SSL Proxying -> Install Charles Root Certificate,但需要配置证书
c. ubuntu
保存charlesRoot.cer
运行charles软件,菜单Help->SSL Proxying->Save Charles Root Certificate…
保存名为CharlesRoot.cer
开启http代理
运行charles软件,菜单Proxy->Proxy Setting->标签Proxies下勾选Enable transparent HTTP proxying
![](https://pic2.zhimg.com/v2-42390680629594b3d8860d23cb1b0fc1_b.jpg)
允许访问http和https协议
在proxy>ssl proxy settings>Enable SSL Proxying, 然后add, host和 port都填 *(如果出现抓https的包是unknown的话,一般是由于这个没设置)
![](https://pic4.zhimg.com/v2-c68a27f62cf809e52015c389b6a30d1b_b.jpg)
也可代理转发设置:
![](https://pic3.zhimg.com/v2-15677045b156702009bea4dc123f393e_b.jpg)
抓取电脑基本上设置本地代理端口就OK
抓取手机需要手机设置本机IP和对应代理端口:
cmd执行ipconfig linux/mac shell执行ifconfig
![](https://pic2.zhimg.com/v2-508f4cfa4ddabdc3d5b77ae00291d31d_b.jpg)
手机配置代理地址:配置电脑IP地址
手机移动端与charles所在电脑在同一个局域网下
使手机跟charles所在电脑连在同个局域网,如手机使用wifi,找到该wifi的高级设置,代理选择手动,代理服务器主机名填charles所在电脑的IP,可通过Help -> SSL Proxying -> Install Charles Root Certificate on a Mobile Device or Remote Browser查看,服务端口填8888
![](https://pic3.zhimg.com/v2-f51def5575e297d572149c88f951704a_b.jpg)
手机端下载证书
(先设置手机代理IP,再在这IP下下载证书)
浏览器中输入 chls.pro/ssl 来安装证书
ps. 会报安装失败,到系统设置->安全->从设备内在或sd卡安装证书来安装
注:若手机是iphone,且如果是6s以上,需要用苹果自带的safari安装完证书,安装后,
设置-> 通用 -> 描述文件与设备管理进行证书安装,再接着到设置-> 通用 -> 关于本机 -> 证书信任设置,打开证书信任
----------Fiddler安装配置---------
二、Fiddler安装配置
下载地址:www.telerik.com/fiddler
![](https://pic1.zhimg.com/v2-4c5e44cdf511e9842c02d228e9044b18_b.jpg)
下载安装:
![](https://pic4.zhimg.com/v2-dc5cfb3891a788cad979d30026125d0b_b.jpg)
![](https://pic3.zhimg.com/v2-d66e24197f8df8ba0139190b26d78696_b.jpg)
![](https://pic1.zhimg.com/v2-7ad998e91aff277fd966ebf49df221a0_b.jpg)
![](https://pic1.zhimg.com/v2-e263866ba9b62ad2a62752c45fcad6c0_b.jpg)
新版账户登录:
![](https://pic3.zhimg.com/v2-058c945467d8ac1c7fa4fae048396866_b.jpg)
![](https://pic1.zhimg.com/v2-86db7f2f4345e66a1be549f0d336a610_b.jpg)
设置抓包:
![](https://pic1.zhimg.com/v2-5200f5f49febd2be3a6b5ada4ed185dc_b.jpg)
抓取手机需要手机设置本机IP和对应代理端口:
cmd执行ipconfig linux/mac shell执行ifconfig
![](https://pic4.zhimg.com/v2-a50eba74145a50837a86e4c3f9c5d4d7_b.jpg)
手机配置代理地址:配置电脑IP地址
![](https://pic3.zhimg.com/v2-37d3ddb1a95f88771d91ee4a656072ca_b.jpg)
----------BURP安装配置---------
三、Burpsuite安装配置
1、Burpsuite下载链接:
下载后台回复:"burp"即可 2021.8.1版本也一并分享
![](https://pic1.zhimg.com/v2-3fe42c19540a0eb12b5f913cfea3a920_b.jpg)
2、Burpsuite需要java环境,安装JDK
JDK安装配置
默认一直安装即可:
![](https://pic1.zhimg.com/v2-1ba2b9c56ca3d0161376c454abc7a5dc_b.jpg)
默认安装:
![](https://pic1.zhimg.com/v2-68c5ebe8284fdfeed9cf99f3a79fb128_b.jpg)
C:\Program Files\Java\jdk1.8.0_251
C:\Program Files\Java\jre1.8.0_251
![](https://pic1.zhimg.com/v2-86a151807d0da4d8f5c9c32357c5e874_b.jpg)
![](https://pic1.zhimg.com/v2-37cb80f5ddb028753a92b2f9a7499a8c_b.jpg)
C:\Program Files\Java\jdk1.8.0_251
C:\Program Files\Java\jre1.8.0_251
![](https://pic1.zhimg.com/v2-e2079e3386673ba4e100dd0629cc1740_b.jpg)
环境变量配置:
右键“计算机”—“属性”—“高级系统配置”右键“计算机”—“属性”—“高级系统配置”
![](https://pic1.zhimg.com/v2-30619a6f10d1862838fcafad09672e44_b.jpg)
(1)JAVA_HOME
变量值填写JAVA安装的路径,我的是
C:\Program Files\Java\jdk1.8.0_251
(2)CLASSPATH 变量值填写
.;%JAVA_HOME%\lib\dt.jar;%JAVA_HOME%\lib\tools.jar
(3)修改Path变量 (如果是Win7)在其变量值的后面加上
;%JAVA_HOME%\bin;%JAVA_HOME%\jre\bin
![](https://pic1.zhimg.com/v2-5266fe6358afcd79fea89fff6129ed30_b.jpg)
![](https://pic2.zhimg.com/v2-893cd6a737301ebc9ed50ea988551045_b.jpg)
![](https://pic4.zhimg.com/v2-a06229852241647e9ea4a945d11f80cb_b.jpg)
安装测试成果与否:
java -version
![](https://pic2.zhimg.com/v2-11315ac8b6bf1fc67592bfc6e1d673ad_b.jpg)
Burp安装激活:
![](https://pic4.zhimg.com/v2-3862b5ba8a0f3496aee81a513041a6f3_b.jpg)
激活过程
![](https://pic3.zhimg.com/v2-6afcba1ba63c2c57902b84b41a0b9996_b.jpg)
![](https://pic2.zhimg.com/v2-ae68645b5d2804c8ac9de679e564e10d_b.jpg)
激活成功
![](https://pic4.zhimg.com/v2-1dd053128737e3d42c10ccec984a06cb_b.jpg)
成功进入:
![](https://pic4.zhimg.com/v2-ccbba2fbbaf96672708ebb1eadfbd6ef_b.jpg)
设置代理:
![](https://pic3.zhimg.com/v2-33e55cd6e91cb8c537d741a081a64702_b.jpg)
本地导入证书:
访问本地:
![](https://pic4.zhimg.com/v2-346eadc5c3066ad82327d3cc13ef13eb_b.jpg)
安装证书:
![](https://pic2.zhimg.com/v2-6a7f6c889bfcceb3112a0a7f71d2c311_b.jpg)
手机端也是:访问电脑IP地址下载证书,修改为der为cer进行安装。
抓取手机需要手机设置本机IP和对应代理端口:
cmd执行ipconfig linux/mac shell执行ifconfig
![](https://pic1.zhimg.com/v2-caeccbffd90e76477d833442f9d603ec_b.jpg)
手机配置代理地址:配置电脑IP地址
![](https://pic2.zhimg.com/v2-45871560f169f218c8d4653ba34c8155_b.jpg)
Burpsuite下载链接:
下载后台回复:"burp"即可 2021.8.1版本也一并分享
参考:
https://www.jianshu.com/p/08e74fb4e521
https://blog.csdn.net/LUOBIKUN/article/details/87457545
注意:⚠️
免责声明:本站提供安全工具、程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
如果本文内容侵权或者对贵公司业务或者其他有影响,请联系作者删除。
转载声明:著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
订阅查看更多复现文章、学习笔记
thelostworld
安全路上,与你并肩前行!!!!
个人知乎:https://www.zhihu.com/people/fu-wei-43-69/columns
个人简书:https://www.jianshu.com/u/bf0e38a8d400
个人CSDN:https://blog.csdn.net/qq_37602797/category_10169006.html
个人博客园:https://www.cnblogs.com/thelostworld/
FREEBUF主页:https://www.freebuf.com/author/thelostworld?type=article
语雀博客主页:https://www.yuque.com/thelostworld
![](https://pic1.zhimg.com/v2-4b029825345899d23992b40ada6b2840_b.jpg)
欢迎添加本公众号作者微信交流,添加时备注一下“公众号”
![](https://pic3.zhimg.com/v2-0d302ca3ab5381e8c1ab1065bf16271a_b.jpg)
转载漏洞复现、代码审计、网络安全相关内容