{"id":1623,"date":"2026-03-02T12:12:18","date_gmt":"2026-03-02T04:12:18","guid":{"rendered":"http:\/\/www.preluna.xyz\/?p=1623"},"modified":"2026-03-02T14:08:45","modified_gmt":"2026-03-02T06:08:45","slug":"6days","status":"publish","type":"post","link":"http:\/\/www.preluna.xyz\/index.php\/2026\/03\/02\/6days\/preluna\/text\/","title":{"rendered":"\u57fa\u7840\u5165\u95e8-\u6293\u5305\u6280\u672f&HTTPS\u534f\u8bae&APP&\u5c0f\u7a0b\u5e8f&PC\u5e94\u7528&Web&\u8bc1\u4e66\u4fe1\u4efb&\u8f6c\u53d1\u8054\u52a8"},"content":{"rendered":"\n

\u6293\u5305\u6280\u672f-Web\u5e94\u7528-http\/s-Burp&Yakit<\/h2>\n\n\n\n

\u4f5c\u4e3a\u6709\u7f16\u7a0b\u7ecf\u9a8c\u7684\u4f60\uff0c\u53ef\u80fd\u7ecf\u5e38\u7528\u6d4f\u89c8\u5668F12\u5f00\u53d1\u8005\u5de5\u5177\u67e5\u770b\u7f51\u7edc\u8bf7\u6c42\uff0c\u4f46\u90a3\u4e2a\u8c03\u8bd5\u9762\u677f\u53ea\u80fd\u88ab\u52a8\u89c2\u5bdf\uff0c\u5982\u679c\u4f60\u60f3\u4e3b\u52a8\u4fee\u6539\u8bf7\u6c42\u5305\u3001\u91cd\u653e\u653b\u51fb\u3001\u6216\u8005\u67e5\u770bHTTPS\u52a0\u5bc6\u540e\u7684\u771f\u5b9e\u5185\u5bb9\uff0c\u5c31\u9700\u8981\u66f4\u4e13\u4e1a\u7684\u6293\u5305\u5de5\u5177\u3002\u6293\u5305\u6280\u672f\u5728Web\u5b89\u5168\u4e2d\u5c31\u50cf\u662f\u201c\u7f51\u7edc\u663e\u5fae\u955c\u201d\uff0c\u8ba9\u6211\u4eec\u80fd\u770b\u6e05\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u6bcf\u4e00\u6b21\u5bf9\u8bdd\uff0c\u751a\u81f3\u80fd\u4e2d\u9014\u7be1\u6539\u5bf9\u8bdd\u5185\u5bb9\u3002\u4eca\u5929\u6211\u4eec\u5c31\u805a\u7126Web\u5e94\u7528\u4e2d\u7684HTTP\u548cHTTPS\u534f\u8bae\uff0c\u5e76\u4ecb\u7ecd\u4e24\u5927\u4e3b\u6d41\u6293\u5305\u5de5\u5177\uff1aBurp Suite\u548cYakit\u3002<\/p>\n\n\n\n

\u5728\u6df1\u5165\u5de5\u5177\u4e4b\u524d\uff0c\u6211\u4eec\u5148\u8981\u7406\u89e3HTTP\u548cHTTPS\u7684\u672c\u8d28\u533a\u522b\u3002HTTP\u662f\u660e\u6587\u534f\u8bae\uff0c\u6240\u6709\u4f20\u8f93\u7684\u6570\u636e\u90fd\u53ef\u4ee5\u88ab\u76f4\u63a5\u8bfb\u53d6\uff0c\u5c31\u50cf\u5bc4\u660e\u4fe1\u7247\uff1b\u800cHTTPS\u901a\u8fc7TLS\/SSL\u52a0\u5bc6\uff0c\u76f8\u5f53\u4e8e\u628a\u660e\u4fe1\u7247\u88c5\u8fdb\u4e86\u53ea\u6709\u6536\u53d1\u53cc\u65b9\u80fd\u6253\u5f00\u7684\u4fdd\u9669\u7bb1\u3002\u4f46\u4f5c\u4e3a\u5b89\u5168\u6d4b\u8bd5\u4eba\u5458\uff0c\u6211\u4eec\u6070\u6070\u9700\u8981\u67e5\u770b\u548c\u4fee\u6539\u8fd9\u4e9b\u52a0\u5bc6\u6d41\u91cf\uff0c\u8fd9\u5c31\u5f15\u51fa\u4e86\u6293\u5305\u5de5\u5177\u7684\u6838\u5fc3\u673a\u5236\u2014\u2014\u4e2d\u95f4\u4eba\u4ee3\u7406\u3002\u6293\u5305\u5de5\u5177\u5728\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u7aef\u4e4b\u95f4\u626e\u6f14\u201c\u53cc\u9762\u95f4\u8c0d\u201d\uff1a\u5bf9\u5ba2\u6237\u7aef\u5b83\u4f2a\u88c5\u6210\u670d\u52a1\u7aef\uff0c\u5bf9\u670d\u52a1\u7aef\u5b83\u53c8\u4f2a\u88c5\u6210\u5ba2\u6237\u7aef\uff0c\u4ece\u800c\u89e3\u5bc6\u6d41\u91cf\uff0c\u8ba9\u6211\u4eec\u80fd\u770b\u5230\u660e\u6587\u5e76\u4efb\u610f\u4fee\u6539\u3002\u8fd9\u4e2a\u673a\u5236\u7684\u5173\u952e\u5728\u4e8e\u8ba9\u5ba2\u6237\u7aef\u4fe1\u4efb\u6293\u5305\u5de5\u5177\u63d0\u4f9b\u7684\u4f2a\u9020\u8bc1\u4e66\uff0c\u6240\u4ee5\u6211\u4eec\u9700\u8981\u63d0\u524d\u628a\u6293\u5305\u5de5\u5177\u7684CA\u8bc1\u4e66\u5b89\u88c5\u5230\u64cd\u4f5c\u7cfb\u7edf\u7684\u53d7\u4fe1\u4efb\u6839\u8bc1\u4e66\u5217\u8868\u91cc\u3002<\/p>\n\n\n\n

Mermaid \u56fe\u8868\uff1aHTTPS\u4e2d\u95f4\u4eba\u6293\u5305\u539f\u7406\u56fe<\/p>\n\n\n\n

\"\"<\/div><\/figure>\n\n\n\n

\u8fd9\u5f20\u56fe\u91cc\uff0c\u5ba2\u6237\u7aef\u9996\u5148\u5411\u6293\u5305\u5de5\u5177\u53d1\u8d77CONNECT\u8bf7\u6c42\uff0c\u8fd9\u662fHTTP\u4ee3\u7406\u7684\u6807\u51c6\u63e1\u624b\uff1b\u6293\u5305\u5de5\u5177\u7acb\u523b\u8fd4\u56de\u4e00\u4e2a\u7531\u5b83\u81ea\u5df1\u7684CA\u8bc1\u4e66\u7b7e\u540d\u7684\u4f2a\u9020\u670d\u52a1\u5668\u8bc1\u4e66\uff0c\u56e0\u4e3a\u5ba2\u6237\u7aef\u5df2\u7ecf\u4fe1\u4efb\u4e86\u8fd9\u4e2aCA\uff0c\u6240\u4ee5TLS\u8fde\u63a5\u6210\u529f\u5efa\u7acb\u3002\u540c\u65f6\uff0c\u6293\u5305\u5de5\u5177\u4f5c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u771f\u6b63\u7684\u670d\u52a1\u7aef\u5efa\u7acb\u53e6\u4e00\u4e2aTLS\u8fde\u63a5\u3002\u8fd9\u6837\u4e00\u6765\uff0c\u6293\u5305\u5de5\u5177\u5c31\u80fd\u770b\u5230\u4ece\u5ba2\u6237\u7aef\u53d1\u6765\u7684\u660e\u6587\u8bf7\u6c42\uff08\u6bd4\u5982\u767b\u5f55\u5bc6\u7801\uff09\uff0c\u4e5f\u80fd\u770b\u5230\u4ece\u670d\u52a1\u7aef\u8fd4\u56de\u7684\u660e\u6587\u54cd\u5e94\uff0c\u800c\u4e14\u8fd8\u80fd\u5728\u8f6c\u53d1\u524d\u4fee\u6539\u5b83\u4eec\u3002\u6574\u4e2a\u8fc7\u7a0b\u5bf9\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u7aef\u90fd\u662f\u900f\u660e\u7684\uff0c\u4f46\u53cc\u65b9\u5176\u5b9e\u90fd\u5728\u8ddf\u6293\u5305\u5de5\u5177\u5bf9\u8bdd\u3002<\/p>\n\n\n\n

\u63a5\u4e0b\u6765\u6211\u4eec\u770b\u7b2c\u4e00\u4e2a\u4e3b\u529b\u5de5\u5177\uff1aBurp Suite\u3002\u5b83\u662f\u7531PortSwigger\u516c\u53f8\u5f00\u53d1\u7684Java\u5e73\u53f0Web\u5b89\u5168\u6d4b\u8bd5\u5957\u4ef6\uff0c\u529f\u80fd\u6781\u5176\u4e30\u5bcc\u3002\u5728\u6293\u5305\u8fd9\u4e2a\u573a\u666f\u4e0b\uff0c\u6700\u6838\u5fc3\u7684\u6a21\u5757\u662fProxy\uff08\u4ee3\u7406\uff09\uff0c\u5b83\u8d1f\u8d23\u62e6\u622a\u548c\u8f6c\u53d1\u6d41\u91cf\uff1bTarget\uff08\u76ee\u6807\u57df\uff09\u5e2e\u4f60\u6574\u7406\u7ad9\u70b9\u5730\u56fe\uff1bRepeater\uff08\u91cd\u653e\u5668\uff09\u8ba9\u4f60\u624b\u52a8\u4fee\u6539\u8bf7\u6c42\u5e76\u53cd\u590d\u53d1\u9001\uff1bIntruder\uff08\u5165\u4fb5\u8005\uff09\u7528\u4e8e\u81ea\u52a8\u5316\u53c2\u6570\u679a\u4e3e\u548c\u7206\u7834\uff1bScanner\uff08\u626b\u63cf\u5668\uff09\u80fd\u4e3b\u52a8\u53d1\u73b0\u6f0f\u6d1e\uff1b\u8fd8\u6709Decoder\u3001Comparer\u7b49\u8f85\u52a9\u5de5\u5177\u3002Burp\u4e4b\u6240\u4ee5\u6210\u4e3a\u884c\u4e1a\u6807\u51c6\uff0c\u662f\u56e0\u4e3a\u5b83\u7684\u6a21\u5757\u5316\u8bbe\u8ba1\u8ba9\u6d4b\u8bd5\u6d41\u7a0b\u975e\u5e38\u987a\u7545\uff1a\u4f60\u4eceProxy\u6293\u5230\u8bf7\u6c42\uff0c\u7136\u540e\u4e00\u952e\u53d1\u9001\u7ed9\u5176\u4ed6\u6a21\u5757\u505a\u6df1\u5165\u6d4b\u8bd5\uff0c\u6240\u6709\u64cd\u4f5c\u90fd\u5728\u56fe\u5f62\u754c\u9762\u91cc\u5b8c\u6210\u3002<\/p>\n\n\n\n

Mermaid \u56fe\u8868\uff1aBurp Suite \u6838\u5fc3\u7ec4\u4ef6\u534f\u4f5c\u5173\u7cfb<\/p>\n\n\n\n

\"\"<\/div><\/figure>\n\n\n\n

\u8fd9\u5f20\u56fe\u5c55\u793a\u4e86Burp\u7684\u5de5\u4f5c\u6d41\u7a0b\uff1a\u5ba2\u6237\u7aef\u6d41\u91cf\u901a\u8fc7\u4ee3\u7406\u8bbe\u7f6e\u8fdb\u5165Burp Proxy\uff0c\u6211\u4eec\u5728Proxy\u754c\u9762\u770b\u5230\u62e6\u622a\u7684\u8bf7\u6c42\uff0c\u53ef\u4ee5\u9009\u62e9\u653e\u884c\uff08Forward\uff09\u6216\u4e22\u5f03\uff08Drop\uff09\uff0c\u4e5f\u53ef\u4ee5\u53f3\u952e\u628a\u8bf7\u6c42\u53d1\u9001\u5230Repeater\u3001Intruder\u6216Scanner\u8fdb\u884c\u6df1\u5ea6\u6d4b\u8bd5\u3002\u6240\u6709\u7ecf\u8fc7\u4ee3\u7406\u7684\u6d41\u91cf\u90fd\u4f1a\u88ab\u8bb0\u5f55\u5728HTTP History\u91cc\uff0c\u5e76\u81ea\u52a8\u5f52\u7c7b\u5230Target\u7684\u7ad9\u70b9\u5730\u56fe\uff0c\u65b9\u4fbf\u6211\u4eec\u68b3\u7406\u5e94\u7528\u7684\u653b\u51fb\u9762\u3002\u7bad\u5934\u8868\u793a\u6570\u636e\u6d41\u5411\u548c\u7528\u6237\u64cd\u4f5c\u8def\u5f84\uff0c\u6574\u4e2a\u8fc7\u7a0b\u975e\u5e38\u76f4\u89c2\u3002<\/p>\n\n\n\n

\u5b89\u88c5\u548c\u914d\u7f6eBurp\u4e5f\u5f88\u7b80\u5355\uff1a\u4ece\u5b98\u7f51\u4e0b\u8f7d\u793e\u533a\u7248\u6216\u4e13\u4e1a\u7248\uff0c\u542f\u52a8\u540e\u9ed8\u8ba4\u4ee3\u7406\u76d1\u542c\u5730\u5740\u662f127.0.0.1:8080\u3002\u5728\u6d4f\u89c8\u5668\u91cc\u8bbe\u7f6eHTTP\u4ee3\u7406\u4e3alocalhost:8080\uff0c\u7136\u540e\u8bbf\u95eehttp:\/\/burp \u5373\u53ef\u4e0b\u8f7dCA\u8bc1\u4e66\u3002\u6839\u636e\u64cd\u4f5c\u7cfb\u7edf\u4e0d\u540c\uff0c\u628a\u8bc1\u4e66\u5bfc\u5165\u5230\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u5217\u8868\u91cc\uff0c\u8fd9\u6837\u5c31\u80fd\u89e3\u5bc6HTTPS\u6d41\u91cf\u4e86\u3002\u6d4b\u8bd5\u662f\u5426\u6210\u529f\uff1a\u8bbf\u95ee\u4efb\u610fHTTPS\u7f51\u7ad9\uff0c\u5982\u679cBurp\u7684Proxy -> HTTP History\u91cc\u80fd\u770b\u5230\u660e\u6587\u8bf7\u6c42\u548c\u54cd\u5e94\uff0c\u8bf4\u660e\u914d\u7f6e\u6b63\u786e\u3002<\/p>\n\n\n\n

\u53e6\u4e00\u4e2a\u503c\u5f97\u4e00\u63d0\u7684\u5de5\u5177\u662fYakit\uff0c\u5b83\u662f\u8fd1\u5e74\u6765\u56fd\u5185\u6d41\u884c\u7684\u96c6\u6210\u5316\u5b89\u5168\u6d4b\u8bd5\u5e73\u53f0\uff0c\u57fa\u4e8eYaklang\u8bed\u8a00\u9a71\u52a8\uff0c\u5185\u7f6e\u4e86MITM\u4ee3\u7406\u3001\u7aef\u53e3\u626b\u63cf\u3001\u6f0f\u6d1e\u5229\u7528\u7b49\u6a21\u5757\u3002Yakit\u7684MITM\u4ee3\u7406\u4e0eBurp Proxy\u529f\u80fd\u7c7b\u4f3c\uff0c\u4f46\u5b83\u628a\u6d41\u91cf\u5c55\u793a\u548c\u4fee\u6539\u505a\u6210\u4e86Web\u754c\u9762\uff0c\u540c\u65f6\u652f\u6301\u901a\u8fc7Yak\u811a\u672c\u5b9e\u73b0\u52a8\u6001\u52ab\u6301\u548c\u81ea\u52a8\u5316\u903b\u8f91\u3002\u76f8\u6bd4Burp\uff0cYakit\u66f4\u8f7b\u91cf\uff0c\u5b8c\u5168\u514d\u8d39\uff0c\u800c\u4e14\u4e0e\u56fd\u4ea7\u751f\u6001\u96c6\u6210\u66f4\u597d\uff0c\u6bd4\u5982\u5185\u7f6e\u7684\u6f0f\u6d1e\u5e93\u548c\u63d2\u4ef6\u5e02\u573a\u5bf9\u56fd\u5185\u5e38\u89c1\u5e94\u7528\u505a\u4e86\u4f18\u5316\u3002<\/p>\n\n\n\n

Mermaid \u56fe\u8868\uff1aYakit MITM\u6a21\u5757\u4e0eBurp\u5bf9\u6bd4<\/p>\n\n\n\n

\"\"<\/div><\/figure>\n\n\n\n

\u8fd9\u5f20\u56fe\u5bf9\u6bd4\u4e86Yakit\u548cBurp\u7684MITM\u6a21\u5757\u67b6\u6784\u3002\u5de6\u4fa7Yakit\u4e2d\uff0cMITM\u4ee3\u7406\u6355\u83b7\u6d41\u91cf\u540e\u4e00\u65b9\u9762\u5728Web\u754c\u9762\u5c55\u793a\uff0c\u53e6\u4e00\u65b9\u9762\u53ef\u4ee5\u901a\u8fc7Yak\u5f15\u64ce\u6267\u884c\u70ed\u52a0\u8f7d\u811a\u672c\uff0c\u52a8\u6001\u4fee\u6539\u8bf7\u6c42\u6216\u54cd\u5e94\uff0c\u8fd9\u79cd\u8bbe\u8ba1\u975e\u5e38\u9002\u5408\u7f16\u5199\u81ea\u52a8\u5316\u6d4b\u8bd5\u903b\u8f91\u3002\u53f3\u4fa7Burp\u5219\u901a\u8fc7Java\u6269\u5c55\u673a\u5236\uff08BApp\u5546\u5e97\uff09\u6765\u589e\u5f3a\u529f\u80fd\uff0c\u751f\u6001\u66f4\u6210\u719f\u4f46\u6269\u5c55\u5f00\u53d1\u95e8\u69db\u8f83\u9ad8\u3002\u4e24\u8005\u90fd\u80fd\u5b9e\u73b0\u6293\u5305\u548c\u7be1\u6539\uff0c\u4f46\u5b9e\u73b0\u601d\u8def\u4e0d\u540c\uff1aYakit\u503e\u5411\u4e8e\u811a\u672c\u5316\uff0cBurp\u503e\u5411\u4e8e\u56fe\u5f62\u5316\u52a0\u6269\u5c55\u3002<\/p>\n\n\n\n

\u73b0\u5728\u770b\u4e00\u4e2a\u5178\u578b\u573a\u666f\uff1a\u6d4b\u8bd5\u4e00\u4e2aWeb\u767b\u5f55\u63a5\u53e3\u662f\u5426\u5b58\u5728SQL\u6ce8\u5165\u3002\u5047\u8bbe\u76ee\u6807\u7ad9\u70b9\u662fhttp:\/\/example.com\/login \uff0c\u6211\u4eec\u7528Burp\u6765\u64cd\u4f5c\u3002\u9996\u5148\u786e\u4fdd\u6d4f\u89c8\u5668\u4ee3\u7406\u6307\u5411Burp\uff0c\u5e76\u5df2\u5b89\u88c5\u8bc1\u4e66\u3002\u5728\u767b\u5f55\u9875\u9762\u8f93\u5165\u4efb\u610f\u7528\u6237\u540d\u5bc6\u7801\uff08\u5982admin\/123456\uff09\u5e76\u63d0\u4ea4\uff0cBurp Proxy\u4f1a\u62e6\u622a\u5230\u8fd9\u4e2aPOST\u8bf7\u6c42\u3002\u53f3\u952e\u8bf7\u6c42\u9009\u62e9\u201cSend to Repeater\u201d\u3002\u5728Repeater\u6807\u7b7e\u9875\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u5b8c\u6574\u7684\u539f\u59cb\u8bf7\u6c42\u5305\uff1a<\/p>\n\n\n\n

POST \/login HTTP\/1.1\nHost: example.com\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) ...\nContent-Type: application\/x-www-form-urlencoded\nContent-Length: 29\n\nusername=admin&password=123456<\/code><\/pre>\n\n\n\n
\u5728Repeater\u91cc\uff0c\u6211\u4eec\u53ef\u4ee5\u4fee\u6539username\u53c2\u6570\u7684\u503c\uff0c\u6bd4\u5982\u6539\u6210 admin' OR '1'='1<\/code>\uff0c\u7136\u540e\u70b9\u51fb\u201cGo\u201d\u53d1\u9001\u3002\u89c2\u5bdf\u54cd\u5e94\u5185\u5bb9\uff0c\u5982\u679c\u8fd4\u56de\u4e86\u767b\u5f55\u6210\u529f\u7684\u9875\u9762\u7279\u5f81\uff08\u6bd4\u5982\u8df3\u8f6c\u5230\u9996\u9875\uff09\uff0c\u5c31\u8bf4\u660e\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0cBurp\u8ba9\u6211\u4eec\u80fd\u4efb\u610f\u7be1\u6539\u8bf7\u6c42\u5e76\u770b\u5230\u5b9e\u65f6\u54cd\u5e94\uff0c\u6bd4\u6d4f\u89c8\u5668F12\u5f3a\u5927\u5f97\u591a\u3002<\/p>\n\n\n\n
\u6700\u5bb9\u6613\u8e29\u7684\u5751\u4e3b\u8981\u6709\u4e09\u4e2a\u3002\u7b2c\u4e00\u662f\u8bc1\u4e66\u5b89\u88c5\u5931\u8d25\uff0c\u5bfc\u81f4\u65e0\u6cd5\u6293\u53d6HTTPS\u5305\uff0c\u75c7\u72b6\u662f\u6d4f\u89c8\u5668\u663e\u793a\u8bc1\u4e66\u9519\u8bef\u6216\u8fde\u63a5\u4e0d\u5b89\u5168\u3002\u6b63\u786e\u505a\u6cd5\u662f\u786e\u8ba4\u6293\u5305\u5de5\u5177\u7684CA\u8bc1\u4e66\u5df2\u7ecf\u6b63\u786e\u5bfc\u5165\u5230\u7cfb\u7edf\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u5b58\u50a8\u4e2d\uff0c\u5e76\u4e14\u6ca1\u6709\u8fc7\u671f\u3002\u5728\u79fb\u52a8\u7aef\u6293\u5305\u66f4\u590d\u6742\uff0c\u6bd4\u5982Android 7\u4ee5\u4e0a\u9ed8\u8ba4\u4e0d\u4fe1\u4efb\u7528\u6237\u5b89\u88c5\u7684\u8bc1\u4e66\uff0c\u9700\u8981\u5c06\u8bc1\u4e66\u5b89\u88c5\u5230\u7cfb\u7edf\u8bc1\u4e66\u76ee\u5f55\uff08\u9700root\uff09\u6216\u4f7f\u7528VirtualXposed\u7b49\u5de5\u5177\u3002\u7b2c\u4e8c\u662f\u4ee3\u7406\u914d\u7f6e\u9057\u6f0f\uff0c\u6bd4\u5982\u6d4f\u89c8\u5668\u53ea\u8bbe\u7f6e\u4e86HTTP\u4ee3\u7406\uff0c\u4f46HTTPS\u6d41\u91cf\u4f9d\u7136\u76f4\u8fde\uff0c\u8fd9\u65f6\u9700\u8981\u628a\u4ee3\u7406\u8bbe\u7f6e\u5e94\u7528\u5230\u6240\u6709\u534f\u8bae\u3002\u7b2c\u4e09\u662f\u6d41\u91cf\u88ab\u5176\u4ed6\u4ee3\u7406\u5de5\u5177\u5e72\u6270\uff0c\u6bd4\u5982\u5f00\u542f\u4e86VPN\u6216\u7cfb\u7edf\u4ee3\u7406\uff0c\u5bfc\u81f4Burp\u6536\u4e0d\u5230\u6d41\u91cf\u3002\u9a8c\u8bc1\u65b9\u6cd5\u5f88\u7b80\u5355\uff1a\u8bbf\u95eehttp:\/\/burp \u80fd\u770b\u5230Burp\u7684\u6b22\u8fce\u9875\u9762\uff0c\u8bbf\u95eeHTTPS\u7f51\u7ad9\u65f6Burp\u5386\u53f2\u4e2d\u6709\u89e3\u5bc6\u540e\u7684\u8bb0\u5f55\u3002<\/p>\n\n\n\n
\u4e0b\u4e00\u6b65\u5efa\u8bae\u662f\u8054\u52a8\u5176\u4ed6\u6d4b\u8bd5\u6a21\u5757\u3002\u6bd4\u5982\u628a\u6293\u5230\u7684\u8bf7\u6c42\u76f4\u63a5\u53d1\u9001\u5230Burp Scanner\u8fdb\u884c\u81ea\u52a8\u5316\u6f0f\u6d1e\u626b\u63cf\uff0c\u6216\u8005\u5bfc\u51fa\u8bf7\u6c42\u683c\u5f0f\u540e\u914d\u5408SQLMap\uff08\u52a0\u4e0a-r<\/code>\u53c2\u6570\uff09\u8fdb\u884c\u66f4\u6df1\u5165\u7684\u6570\u636e\u5e93\u6ce8\u5165\u6d4b\u8bd5\u3002\u5bf9\u4e8eYakit\uff0c\u540c\u6837\u53ef\u4ee5\u5c06\u6293\u5305\u6570\u636e\u53d1\u9001\u7ed9\u5185\u7f6e\u7684\u6f0f\u6d1e\u68c0\u6d4b\u63d2\u4ef6\uff0c\u5b9e\u73b0\u65e0\u7f1d\u8854\u63a5\u3002<\/p>\n\n\n\n
\u6700\u540e\u662f\u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u5fc5\u987b\u7528Burp\uff1f\u5f53\u4f60\u9700\u8981\u6700\u5168\u9762\u7684Web\u5b89\u5168\u6d4b\u8bd5\u529f\u80fd\u3001\u5e9e\u5927\u7684\u793e\u533a\u652f\u6301\u548c\u4e30\u5bcc\u7684\u6269\u5c55\u751f\u6001\u65f6\uff0cBurp\u662f\u65e0\u53ef\u4e89\u8bae\u7684\u9996\u9009\uff0c\u5c24\u5176\u662f\u4e13\u4e1a\u7248\u81ea\u5e26\u7684\u4e3b\u52a8\u626b\u63cf\u548c\u722c\u866b\u80fd\u529b\u80fd\u5927\u5e45\u63d0\u5347\u6548\u7387\u3002\u4ec0\u4e48\u65f6\u5019Yakit\u591f\u7528\uff1f\u5982\u679c\u4f60\u503e\u5411\u4e8e\u56fd\u4ea7\u5de5\u5177\u3001\u4e60\u60ef\u811a\u672c\u5316\u64cd\u4f5c\u3001\u6216\u8005\u9884\u7b97\u6709\u9650\uff0cYakit\u63d0\u4f9b\u4e86\u975e\u5e38\u4f18\u79c0\u7684MITM\u4f53\u9a8c\u548c\u7075\u6d3b\u7684Yak\u811a\u672c\u80fd\u529b\uff0c\u5bf9\u4e8e\u65e5\u5e38\u6293\u5305\u6539\u5305\u548c\u5feb\u901f\u6f0f\u6d1e\u9a8c\u8bc1\u5b8c\u5168\u591f\u7528\u3002\u66f4\u8f7b\u91cf\u7ea7\u7684\u573a\u666f\uff0c\u6bd4\u5982\u4ec5\u4ec5\u60f3\u67e5\u770b\u548c\u89e3\u5bc6HTTPS\u6d41\u91cf\uff0c\u751a\u81f3\u53ef\u4ee5\u4f7f\u7528\u6d4f\u89c8\u5668\u7684\u5f00\u53d1\u8005\u5de5\u5177\uff08\u4ec5\u67e5\u770b\uff09\u6216Fiddler\uff08Windows\u5e73\u53f0\uff09\uff0c\u4f46\u5b83\u4eec\u7684\u7be1\u6539\u548c\u81ea\u52a8\u5316\u80fd\u529b\u8fdc\u4e0d\u5982Burp\u548cYakit\u3002\u603b\u4e4b\uff0c\u6293\u5305\u6280\u672f\u662fWeb\u5b89\u5168\u6d4b\u8bd5\u7684\u57fa\u77f3\uff0c\u638c\u63e1\u4e86Burp\u548cYakit\uff0c\u4f60\u5c31\u62e5\u6709\u4e86\u6df1\u5165\u5256\u6790Web\u5e94\u7528\u7684\u5229\u5668\u3002<\/p>\n\n\n\n
\u6293\u5305\u6280\u672f-APP\u5e94\u7528-http\/s-Burp&Yakit<\/h2>\n\n\n\n
\u5f53\u6211\u4eec\u628a\u76ee\u5149\u4ece\u6d4f\u89c8\u5668\u8f6c\u5411\u79fb\u52a8\u7aefAPP\u65f6\uff0c\u6293\u5305\u6280\u672f\u9762\u4e34\u65b0\u7684\u6311\u6218\u3002APP\u4e0d\u50cf\u6d4f\u89c8\u5668\u90a3\u6837\u53ef\u4ee5\u8f7b\u677e\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\uff0c\u800c\u4e14\u79fb\u52a8\u64cd\u4f5c\u7cfb\u7edf\u5bf9HTTPS\u8bc1\u4e66\u7684\u7ba1\u63a7\u66f4\u52a0\u4e25\u683c\uff0c\u5f88\u591aAPP\u8fd8\u5b9e\u73b0\u4e86\u8bc1\u4e66\u7ed1\u5b9a\uff08SSL Pinning\uff09\u6765\u9632\u6b62\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\u4f46\u4f5c\u4e3a\u5b89\u5168\u6d4b\u8bd5\u4eba\u5458\uff0c\u6211\u4eec\u4f9d\u7136\u9700\u8981\u770b\u6e05APP\u4e0e\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u52a0\u5bc6\u901a\u4fe1\u3002\u4eca\u5929\u6211\u4eec\u5c31\u7ee7\u7eed\u6cbf\u7528Burp Suite\u548cYakit\u8fd9\u4e24\u628a\u5229\u5668\uff0c\u6df1\u5165\u8bb2\u89e3\u5982\u4f55\u5728Android\u548ciOS\u73af\u5883\u4e0b\u5b8c\u6210APP\u7684HTTP\/HTTPS\u6293\u5305\uff0c\u4ee5\u53ca\u5982\u4f55\u5e94\u5bf9\u90a3\u4e9b\u53cd\u6293\u5305\u673a\u5236\u3002<\/p>\n\n\n\n
\u79fb\u52a8\u7aef\u6293\u5305\u7684\u6838\u5fc3\u573a\u666f\u662f\u4ec0\u4e48\uff1f\u6bd4\u5982\u4f60\u6b63\u5728\u6d4b\u8bd5\u4e00\u4e2a\u7535\u5546APP\u7684\u4e0b\u5355\u63a5\u53e3\uff0c\u60f3\u67e5\u770b\u63d0\u4ea4\u8ba2\u5355\u65f6\u53d1\u9001\u4e86\u54ea\u4e9b\u53c2\u6570\uff0c\u6216\u8005\u60f3\u7be1\u6539\u5546\u54c1\u4ef7\u683c\u3002\u8fd9\u65f6\u4f60\u65e0\u6cd5\u76f4\u63a5\u4eceAPP\u5185\u90e8\u770b\u5230\u7f51\u7edc\u8bf7\u6c42\uff0c\u5fc5\u987b\u5728\u8bbe\u5907\u5c42\u9762\u628a\u6d41\u91cf\u5f15\u5230\u6293\u5305\u5de5\u5177\u3002\u8fd9\u5c31\u6d89\u53ca\u5230\u7f51\u7edc\u4ee3\u7406\u8bbe\u7f6e\u548c\u8bc1\u4e66\u7ba1\u7406\u3002\u4e0eWeb\u6293\u5305\u6700\u5927\u7684\u533a\u522b\u5728\u4e8e\uff0c\u79fb\u52a8\u7aef\u6293\u5305\u5fc5\u987b\u89e3\u51b3\u4e24\u4e2a\u5173\u952e\u95ee\u9898\uff1a\u4e00\u662f\u5982\u4f55\u8ba9APP\u7684\u6d41\u91cf\u7ecf\u8fc7\u6211\u4eec\u6307\u5b9a\u7684\u4ee3\u7406\uff0c\u4e8c\u662f\u5982\u4f55\u8ba9APP\u4fe1\u4efb\u6293\u5305\u5de5\u5177\u7684CA\u8bc1\u4e66\u3002\u7b2c\u4e8c\u4e2a\u95ee\u9898\u5728Android 7.0\u53ca\u4ee5\u4e0a\u548c\u8f83\u65b0\u7684iOS\u7248\u672c\u4e2d\u5c24\u5176\u68d8\u624b\uff0c\u56e0\u4e3a\u7cfb\u7edf\u9ed8\u8ba4\u4e0d\u518d\u4fe1\u4efb\u7528\u6237\u5b89\u88c5\u7684\u8bc1\u4e66\uff0c\u53ea\u6709\u7cfb\u7edf\u8bc1\u4e66\u624d\u88ab\u8ba4\u53ef\u3002\u6b64\u5916\uff0c\u4e00\u4e9b\u5b89\u5168\u6027\u8f83\u9ad8\u7684APP\u8fd8\u4f1a\u5728\u4ee3\u7801\u4e2d\u56fa\u5b9a\u6821\u9a8c\u670d\u52a1\u5668\u8bc1\u4e66\u6216\u516c\u94a5\uff0c\u8fd9\u5c31\u662f\u8bc1\u4e66\u7ed1\u5b9a\uff08SSL Pinning\uff09\uff0c\u5373\u4f7f\u5b89\u88c5\u4e86\u6293\u5305\u5de5\u5177\u7684\u8bc1\u4e66\uff0cAPP\u4f9d\u7136\u4f1a\u62d2\u7edd\u8fde\u63a5\u3002<\/p>\n\n\n\n
Mermaid \u56fe\u8868\uff1a\u79fb\u52a8\u7aefHTTPS\u6293\u5305\u62d3\u6251\u4e0e\u6311\u6218<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u8fd9\u5f20\u56fe\u5c55\u793a\u4e86\u79fb\u52a8\u7aef\u6293\u5305\u7684\u5b8c\u6574\u8def\u5f84\u548c\u6570\u636e\u6d41\u5411\u3002APP\u53d1\u8d77\u7684\u8bf7\u6c42\u5148\u7ecf\u8fc7\u7cfb\u7edf\u7f51\u7edc\u5c42\uff0c\u5982\u679c\u6211\u4eec\u8bbe\u7f6e\u4e86HTTP\u4ee3\u7406\uff0c\u6d41\u91cf\u4f1a\u88ab\u8f6c\u53d1\u5230\u4ee3\u7406\u5ba2\u6237\u7aef\uff08\u5982WiFi\u4ee3\u7406\u8bbe\u7f6e\u6216VPN\uff09\uff0c\u7136\u540e\u5230\u8fbe\u6293\u5305\u5de5\u5177\u3002\u6293\u5305\u5de5\u5177\u7528\u81ea\u5df1\u7684CA\u8bc1\u4e66\u751f\u6210\u76ee\u6807\u670d\u52a1\u5668\u7684\u4f2a\u9020\u8bc1\u4e66\u8fd4\u56de\u7ed9\u8bbe\u5907\u3002\u6b64\u65f6\u8bbe\u5907\u7cfb\u7edf\u6216APP\u4f1a\u8fdb\u884c\u8bc1\u4e66\u6821\u9a8c\uff1a\u5982\u679c\u7cfb\u7edf\u4e0d\u4fe1\u4efb\u6293\u5305\u5de5\u5177\u7684CA\uff08\u7528\u6237\u8bc1\u4e66\u4e0d\u88ab\u4fe1\u4efb\uff09\uff0c\u6216\u8005APP\u5185\u7f6e\u4e86\u8bc1\u4e66\u56fa\u5b9a\u903b\u8f91\uff08SSL Pinning\uff09\uff0c\u6821\u9a8c\u5c31\u4f1a\u5931\u8d25\uff0c\u5bfc\u81f4\u8fde\u63a5\u4e2d\u65ad\u3002\u56fe\u4e2d\u7ea2\u8272\u90e8\u5206\u6807\u51fa\u4e86\u4e24\u4e2a\u6700\u5e38\u89c1\u7684\u5931\u8d25\u539f\u56e0\uff0c\u4e5f\u5c31\u662f\u6211\u4eec\u63a5\u4e0b\u6765\u8981\u89e3\u51b3\u7684\u95ee\u9898\u3002<\/p>\n\n\n\n
\u5bf9\u4e8e\u7b2c\u4e00\u4e2a\u95ee\u9898\u2014\u2014\u5982\u4f55\u8ba9\u6d41\u91cf\u7ecf\u8fc7\u4ee3\u7406\uff0c\u6700\u76f4\u63a5\u7684\u65b9\u6cd5\u662f\u5728\u8bbe\u5907\u7684WiFi\u8bbe\u7f6e\u4e2d\u624b\u52a8\u914d\u7f6eHTTP\u4ee3\u7406\uff0c\u5c06\u4ee3\u7406\u670d\u52a1\u5668\u6307\u5411\u8fd0\u884cBurp\u6216Yakit\u7684\u7535\u8111IP\u548c\u7aef\u53e3\uff08\u4f8b\u5982192.168.1.100:8080\uff09\u3002\u4f46\u5728\u67d0\u4e9bAPP\u4e2d\uff0c\u53ef\u80fd\u4f1a\u5ffd\u7565\u7cfb\u7edf\u4ee3\u7406\uff08\u4f8b\u5982\u4f7f\u7528OkHttp\u5e93\u65f6\u9ed8\u8ba4\u9075\u5faa\u4ee3\u7406\uff0c\u4f46\u90e8\u5206APP\u53ef\u80fd\u5f3a\u5236\u4f7f\u7528\u76f4\u8fde\uff09\uff0c\u8fd9\u65f6\u6211\u4eec\u53ef\u4ee5\u8003\u8651\u4f7f\u7528VPN\u8f6f\u4ef6\u5c06\u6d41\u91cf\u8f6c\u53d1\u5230\u6293\u5305\u5de5\u5177\uff0c\u6bd4\u5982\u4f7f\u7528Postern\uff08Android\uff09\u6216BProxy\u7b49\u5de5\u5177\u914d\u7f6eVPN\u8f6c\u53d1\u3002\u53e6\u4e00\u79cd\u65b9\u6848\u662f\u5728\u7535\u8111\u4e0a\u5f00\u4e00\u4e2a\u900f\u660e\u4ee3\u7406\uff0c\u901a\u8fc7ARP\u6b3a\u9a97\u6216\u8def\u7531\u8868\u5c06\u8bbe\u5907\u6d41\u91cf\u5168\u91cf\u8f6c\u53d1\uff0c\u4f46\u8fd9\u6bd4\u8f83\u590d\u6742\uff0c\u65e5\u5e38\u6d4b\u8bd5\u7528WiFi\u4ee3\u7406\u57fa\u672c\u591f\u7528\u3002<\/p>\n\n\n\n
\u7b2c\u4e8c\u4e2a\u95ee\u9898\u66f4\u6838\u5fc3\uff1a\u8ba9APP\u4fe1\u4efb\u6211\u4eec\u7684\u8bc1\u4e66\u3002\u5728Android\u4e0a\uff0c\u5982\u679cAPP\u7684targetSdkVersion\u4f4e\u4e8e24\uff08Android 6\u53ca\u4ee5\u4e0b\uff09\uff0c\u7528\u6237\u5b89\u88c5\u7684\u8bc1\u4e66\u9ed8\u8ba4\u5c31\u88ab\u7cfb\u7edf\u4fe1\u4efb\uff0c\u76f4\u63a5\u5b89\u88c5\u5373\u53ef\u3002\u4f46\u4eceAndroid 7\u5f00\u59cb\uff0c\u7cfb\u7edf\u4e0d\u518d\u4fe1\u4efb\u7528\u6237\u8bc1\u4e66\uff0c\u53ea\u6709\u5b89\u88c5\u5728\u7cfb\u7edf\u5206\u533a\u4e0b\u7684\u8bc1\u4e66\u624d\u88ab\u8ba4\u53ef\u3002\u89e3\u51b3\u65b9\u6848\u6709\u4e24\u79cd\uff1a\u4e00\u662f\u5c06\u8bbe\u5907root\uff0c\u7136\u540e\u628a\u6293\u5305\u5de5\u5177\u7684\u8bc1\u4e66\u63a8\u9001\u5230\u7cfb\u7edf\u8bc1\u4e66\u76ee\u5f55\uff08\/system\/etc\/security\/cacerts\/\uff09\u3002\u4e8c\u662f\u4f7f\u7528VirtualXposed\u7b49\u865a\u62df\u6846\u67b6\uff0c\u5728\u6846\u67b6\u5185\u8fd0\u884cAPP\uff0c\u5e76\u5b89\u88c5\u6a21\u5757\u5c06\u6293\u5305\u8bc1\u4e66\u6dfb\u52a0\u5230\u6846\u67b6\u7684\u4fe1\u4efb\u57df\u3002\u5bf9\u4e8eiOS\uff0c\u8d8a\u72f1\u8bbe\u5907\u53ef\u4ee5\u5b89\u88c5\u8bc1\u4e66\u5230\u7cfb\u7edf\u94a5\u5319\u4e32\uff0c\u5e76\u4f7f\u7528AppSync\u7b49\u7ed5\u8fc7\u7b7e\u540d\uff1b\u975e\u8d8a\u72f1\u8bbe\u5907\u5219\u9700\u8981\u501f\u52a9\u4ee3\u7406\u5de5\u5177\u5982Surge\u6216Quantumult X\u7684MITM\u529f\u80fd\uff0c\u5e76\u4fe1\u4efb\u5176\u63cf\u8ff0\u6587\u4ef6\u3002\u81f3\u4e8e\u8bc1\u4e66\u7ed1\u5b9a\uff08SSL Pinning\uff09\uff0c\u5c31\u9700\u8981\u66f4\u9ad8\u7ea7\u7684\u6ce8\u5165\u6280\u672f\uff0c\u6bd4\u5982\u7528Frida hook\u8bc1\u4e66\u6821\u9a8c\u51fd\u6570\uff0c\u6216\u8005\u4f7f\u7528Xposed\u6a21\u5757\uff08\u5982JustTrustMe\uff09\u4e00\u952e\u7ed5\u8fc7\u3002<\/p>\n\n\n\n
\u73b0\u5728\u6765\u770b\u5b9e\u9645\u5de5\u5177\u7684\u64cd\u4f5c\u3002Burp Suite\u5728\u79fb\u52a8\u7aef\u6293\u5305\u4e2d\u7684\u914d\u7f6e\u4e0eWeb\u7aef\u57fa\u672c\u4e00\u81f4\uff1a\u542f\u52a8Burp\uff0c\u5728Proxy -> Options\u4e2d\u786e\u8ba4\u4ee3\u7406\u76d1\u542c\u5730\u5740\u4e3a0.0.0.0:8080\uff0c\u8fd9\u6837\u5c40\u57df\u7f51\u5185\u7684\u8bbe\u5907\u624d\u80fd\u8bbf\u95ee\u3002\u7136\u540e\u5728\u624b\u673a\u4e0a\u8bbe\u7f6eWiFi\u4ee3\u7406\u4e3a\u7535\u8111IP\u548c8080\u7aef\u53e3\u3002\u63a5\u4e0b\u6765\u662f\u5173\u952e\u6b65\u9aa4\uff1a\u8ba9\u624b\u673a\u4fe1\u4efbBurp\u7684CA\u8bc1\u4e66\u3002\u7528\u624b\u673a\u6d4f\u89c8\u5668\u8bbf\u95eehttp:\/\/burp \uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u201cCA Certificate\u201d\u4e0b\u8f7d\u8bc1\u4e66\u3002\u5728Android\u4e0a\uff0c\u4e0b\u8f7d\u7684cacert.der\u6587\u4ef6\u9700\u8981\u5728\u8bbe\u7f6e\u4e2d\u201c\u4ece\u5b58\u50a8\u8bbe\u5907\u5b89\u88c5\u201d\u4e3aCA\u8bc1\u4e66\u3002\u4f46\u5982\u524d\u6240\u8ff0\uff0cAndroid 7+\u76f4\u63a5\u5b89\u88c5\u540e\u4ec5\u5bf9\u90e8\u5206APP\u751f\u6548\uff08\u90a3\u4e9b\u663e\u5f0f\u4fe1\u4efb\u7528\u6237\u8bc1\u4e66\u7684APP\uff09\uff0c\u5927\u591a\u6570APP\u4f9d\u7136\u4e0d\u8ba4\u3002\u6211\u4eec\u9700\u8981root\u8bbe\u5907\uff0c\u7136\u540e\u7528adb\u5c06\u8bc1\u4e66\u79fb\u5230\u7cfb\u7edf\u76ee\u5f55\u3002\u5177\u4f53\u547d\u4ee4\uff1a<\/p>\n\n\n\n
# \u5c06der\u683c\u5f0f\u8f6c\u6362\u4e3apem\nopenssl x509 -inform DER -in cacert.der -out burp.pem\n# \u91cd\u547d\u540d\u4e3a\u8bc1\u4e66\u7684\u54c8\u5e0c\u503c.0\nmv burp.pem `openssl x509 -inform PEM -subject_hash_old -in burp.pem |head -1`.0\n# \u6302\u8f7d\u7cfb\u7edf\u5206\u533a\u4e3a\u53ef\u8bfb\u5199\uff08\u5047\u8bbe\u5df2root\uff09\nadb root\nadb remount\n# \u63a8\u9001\u5230\u7cfb\u7edf\u8bc1\u4e66\u76ee\u5f55\nadb push <hash>.0 \/system\/etc\/security\/cacerts\/\n# \u4fee\u6539\u6743\u9650\nadb shell chmod 644 \/system\/etc\/security\/cacerts\/<hash>.0<\/code><\/pre>\n\n\n\n
\u4e4b\u540e\u91cd\u542f\u8bbe\u5907\uff0cBurp\u7684\u8bc1\u4e66\u5c31\u6210\u4e3a\u7cfb\u7edf\u8bc1\u4e66\uff0c\u6240\u6709APP\u90fd\u4f1a\u4fe1\u4efb\u3002<\/p>\n\n\n\n
Yakit\u7684\u914d\u7f6e\u7c7b\u4f3c\uff0c\u4f46Yakit\u63d0\u4f9b\u4e86\u66f4\u4fbf\u6377\u7684\u79fb\u52a8\u7aef\u6293\u5305\u8f85\u52a9\u529f\u80fd\u3002\u5728Yakit\u7684MITM\u754c\u9762\uff0c\u53ef\u4ee5\u5f00\u542f\u201c\u5168\u5c40\u4ee3\u7406\u201d\u5e76\u8bbe\u7f6e\u76d1\u542c\u5730\u5740\uff0c\u540c\u6837\u5728\u624b\u673a\u4e0a\u8bbe\u7f6e\u4ee3\u7406\u3002Yakit\u4e5f\u652f\u6301\u81ea\u52a8\u751f\u6210\u8bc1\u4e66\uff0c\u5e76\u63d0\u4f9b\u4e86\u8be6\u7ec6\u7684\u8bc1\u4e66\u5b89\u88c5\u6307\u5f15\u3002\u503c\u5f97\u4e00\u63d0\u7684\u662f\uff0cYakit\u5185\u7f6e\u4e86\u201c\u70ed\u52a0\u8f7d\u201d\u811a\u672c\u529f\u80fd\uff0c\u4f60\u53ef\u4ee5\u7f16\u5199Yak\u811a\u672c\u5728\u6d41\u91cf\u7ecf\u8fc7\u65f6\u52a8\u6001\u4fee\u6539\u8bf7\u6c42\u6216\u54cd\u5e94\uff0c\u8fd9\u5bf9\u4e8e\u5904\u7406\u67d0\u4e9bAPP\u7684\u7b7e\u540d\u6821\u9a8c\u6216\u52a0\u5bc6\u53c2\u6570\u975e\u5e38\u6709\u7528\u3002\u4f8b\u5982\uff0c\u4f60\u53ef\u4ee5\u5728\u811a\u672c\u91cc\u81ea\u52a8\u66ff\u6362\u8bf7\u6c42\u4e2d\u7684\u67d0\u4e2a\u5b57\u6bb5\uff0c\u800c\u4e0d\u5fc5\u624b\u52a8\u4fee\u6539\u6bcf\u4e2a\u5305\u3002<\/p>\n\n\n\n
Mermaid \u56fe\u8868\uff1aBurp vs Yakit \u5728\u79fb\u52a8\u7aef\u6293\u5305\u7684\u89e3\u51b3\u65b9\u6848\u5bf9\u6bd4<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u8fd9\u5f20\u56fe\u5bf9\u6bd4\u4e86Burp\u548cYakit\u5728\u79fb\u52a8\u7aef\u6293\u5305\u7684\u6269\u5c55\u80fd\u529b\u3002Burp\u4e3b\u8981\u901a\u8fc7\u624b\u52a8\u914d\u7f6e\u548c\u5916\u90e8\u5de5\u5177\uff08\u5982Frida\u3001Xposed\uff09\u7684\u7ec4\u5408\u6765\u7ed5\u8fc7\u9650\u5236\uff1bYakit\u9664\u4e86\u540c\u6837\u9700\u8981\u8bc1\u4e66\u5b89\u88c5\uff0c\u8fd8\u63d0\u4f9b\u4e86Yak\u811a\u672c\u5f15\u64ce\uff0c\u4f60\u53ef\u4ee5\u76f4\u63a5\u5728\u811a\u672c\u91cc\u5b9e\u73b0\u7c7b\u4f3cFrida\u7684Hook\u903b\u8f91\uff0c\u751a\u81f3\u8c03\u7528\u7cfb\u7edf\u547d\u4ee4\u6765\u8f85\u52a9\u6293\u5305\uff0c\u5c06\u591a\u4e2a\u6b65\u9aa4\u96c6\u6210\u5728\u4e00\u4e2a\u754c\u9762\u4e2d\u3002<\/p>\n\n\n\n
\u4e00\u4e2a\u5178\u578b\u573a\u666f\uff1a\u6d4b\u8bd5\u4e00\u4e2a\u91d1\u878dAPP\u7684\u8f6c\u8d26\u63a5\u53e3\uff0cAPP\u53ef\u80fd\u4f7f\u7528\u4e86\u8bc1\u4e66\u7ed1\u5b9a\u3002\u6211\u4eec\u5148\u7528Frida\u6765\u7ed5\u8fc7\u7ed1\u5b9a\u3002\u5047\u8bbe\u624b\u673a\u5df2root\u5e76\u5b89\u88c5\u4e86frida-server\u3002\u8fd0\u884c\u547d\u4ee4\uff1a<\/p>\n\n\n\n
frida -U -f com.example.bank -l frida-script.js --no-pause<\/code><\/pre>\n\n\n\n
\u5176\u4e2dfrida-script.js\u53ef\u4ee5\u662f\u5e38\u89c1\u7684\u7ed5\u8fc7\u8bc1\u4e66\u7ed1\u5b9a\u7684\u811a\u672c\uff0c\u6bd4\u5982\uff1a<\/p>\n\n\n\n
Java.perform(function() {\n    var TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl');\n    TrustManagerImpl.verifyChain.implementation = function(chain, authType, host, clientAuth, ocspData, tlsSctData) {\n        return chain; \/\/ \u76f4\u63a5\u8fd4\u56de\u539f\u59cb\u94fe\uff0c\u7ed5\u8fc7\u6821\u9a8c\n    };\n});<\/code><\/pre>\n\n\n\n
\u540c\u65f6\uff0c\u6211\u4eec\u8ba9Burp\u6216Yakit\u5904\u4e8e\u76d1\u542c\u72b6\u6001\uff0c\u624b\u673a\u4ee3\u7406\u6307\u5411\u7535\u8111\u3002\u8fd9\u6837\uff0c\u5f53APP\u53d1\u9001\u8bf7\u6c42\u65f6\uff0cFrida\u5df2\u7ecf\u4fee\u6539\u4e86\u8bc1\u4e66\u6821\u9a8c\u903b\u8f91\uff0cAPP\u4f1a\u63a5\u53d7Burp\u7684\u4f2a\u9020\u8bc1\u4e66\uff0c\u6d41\u91cf\u987a\u5229\u5230\u8fbe\u6293\u5305\u5de5\u5177\u3002\u6211\u4eec\u5c31\u80fd\u5728Burp\u4e2d\u770b\u5230\u660e\u6587\u7684\u8bf7\u6c42\u53c2\u6570\uff0c\u6bd4\u5982amount=1000&toAccount=123456<\/code>\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u4fee\u6539\u4e3aamount=1<\/code>\u518d\u91cd\u653e\uff0c\u89c2\u5bdf\u670d\u52a1\u5668\u662f\u5426\u6821\u9a8c\u3002<\/p>\n\n\n\n
\u6700\u5bb9\u6613\u8e29\u7684\u5751\u5305\u62ec\uff1a\u5fd8\u8bb0\u5173\u95ed\u624b\u673a\u7684VPN\u6216\u4ee3\u7406\u51b2\u7a81\uff0c\u5bfc\u81f4\u6d41\u91cf\u6ca1\u6709\u7ecf\u8fc7Burp\uff1b\u8bc1\u4e66\u5b89\u88c5\u540e\u5fd8\u8bb0\u91cd\u542f\u8bbe\u5907\uff0c\u65b0\u8bc1\u4e66\u672a\u751f\u6548\uff1b\u79fb\u52a8\u7aef\u4f7f\u7528\u6a21\u62df\u5668\u65f6\uff0c\u67d0\u4e9bAPP\u4f1a\u68c0\u6d4b\u6a21\u62df\u5668\u73af\u5883\u5e76\u62d2\u7edd\u8fd0\u884c\uff1bFrida\u811a\u672c\u6ca1\u6709\u6b63\u786e\u9644\u52a0\u8fdb\u7a0b\uff0c\u6216\u8005APP\u6709\u53cd\u8c03\u8bd5\u673a\u5236\u5bfc\u81f4\u5d29\u6e83\u3002\u9a8c\u8bc1\u65b9\u6cd5\u5f88\u7b80\u5355\uff1a\u5728Burp\u6216Yakit\u7684HTTP History\u4e2d\u80fd\u5426\u770b\u5230\u6765\u81eaAPP\u7684\u8bf7\u6c42\u3002\u5982\u679c\u80fd\u770b\u5230\u4f46\u8fde\u63a5\u5931\u8d25\uff0c\u53ef\u80fd\u662f\u8bc1\u4e66\u95ee\u9898\uff1b\u5982\u679c\u6839\u672c\u770b\u4e0d\u5230\u8bf7\u6c42\uff0c\u5219\u662f\u4ee3\u7406\u914d\u7f6e\u95ee\u9898\u3002<\/p>\n\n\n\n
\u4e0b\u4e00\u6b65\u64cd\u4f5c\u5efa\u8bae\u662f\u8054\u52a8Burp\u7684\u626b\u63cf\u529f\u80fd\u3002\u6293\u53d6\u5230APP\u7684API\u63a5\u53e3\u540e\uff0c\u53ef\u4ee5\u5c06\u8bf7\u6c42\u53d1\u9001\u5230Scanner\u8fdb\u884c\u6f0f\u6d1e\u626b\u63cf\uff0c\u6216\u8005\u5bfc\u51fa\u4e3a\u6587\u4ef6\u540e\u7528sqlmap\u6d4b\u8bd5\u6ce8\u5165\u3002\u5bf9\u4e8eYakit\uff0c\u53ef\u4ee5\u76f4\u63a5\u5728\u6d41\u91cf\u9875\u9762\u4e0a\u53f3\u952e\u9009\u62e9\u201c\u6f0f\u6d1e\u68c0\u6d4b\u201d\u6216\u201c\u7aef\u53e3\u626b\u63cf\u201d\uff0c\u5229\u7528\u5185\u7f6e\u7684POC\u63d2\u4ef6\u8fdb\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5\u3002<\/p>\n\n\n\n
\u6700\u540e\u662f\u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u5fc5\u987b\u7528Burp\uff1f\u5f53\u4f60\u9700\u8981\u5168\u9762\u3001\u6210\u719f\u7684\u79fb\u52a8\u7aef\u6d4b\u8bd5\u73af\u5883\uff0c\u5e76\u4e14\u613f\u610f\u914d\u5408Frida\/Xposed\u7b49\u5916\u90e8\u5de5\u5177\u8fdb\u884c\u6df1\u5ea6\u5b9a\u5236\u65f6\uff0cBurp\u4f9d\u7136\u662f\u9996\u9009\uff0c\u56e0\u4e3a\u5b83\u7684\u751f\u6001\u548c\u793e\u533a\u652f\u6301\u6700\u4e30\u5bcc\u3002\u4ec0\u4e48\u65f6\u5019Yakit\u591f\u7528\uff1f\u5982\u679c\u4f60\u5e0c\u671b\u5728\u4e00\u4e2a\u5de5\u5177\u5185\u5b8c\u6210\u6293\u5305\u3001\u811a\u672c\u7ed5\u8fc7\u548c\u6f0f\u6d1e\u9a8c\u8bc1\uff0c\u51cf\u5c11\u591a\u5de5\u5177\u5207\u6362\u7684\u6210\u672c\uff0cYakit\u662f\u66f4\u597d\u7684\u9009\u62e9\uff0c\u7279\u522b\u662f\u5b83\u7684Yak\u811a\u672c\u5f15\u64ce\u8ba9\u81ea\u52a8\u5316\u53d8\u5f97\u975e\u5e38\u7075\u6d3b\u3002\u5bf9\u4e8e\u7b80\u5355\u7684\u975e\u52a0\u56faAPP\uff0c\u751a\u81f3\u53ea\u7528Yakit\u7684MITM\u914d\u5408\u7cfb\u7edf\u8bc1\u4e66\u5b89\u88c5\u5c31\u8db3\u591f\u4e86\u3002\u4f46\u5728\u9762\u5bf9\u6709\u5f3a\u8bc1\u4e66\u7ed1\u5b9a\u548c\u53cd\u8c03\u8bd5\u7684APP\u65f6\uff0cBurp+Frida\u7684\u7ec4\u5408\u5f80\u5f80\u66f4\u7a33\u5b9a\uff0c\u56e0\u4e3aFrida\u7684Hook\u751f\u6001\u66f4\u6210\u719f\u3002\u603b\u4e4b\uff0c\u79fb\u52a8\u7aef\u6293\u5305\u662f\u5bf9Web\u6293\u5305\u6280\u672f\u7684\u5ef6\u4f38\u548c\u6df1\u5316\uff0c\u638c\u63e1\u8fd9\u4e9b\u6280\u5de7\u540e\uff0c\u4f60\u5c31\u80fd\u5bf9\u4efb\u4f55APP\u7684\u901a\u4fe1\u4e86\u5982\u6307\u638c\u3002<\/p>\n\n\n\n
\u4e24\u7bc7\u6293\u5305\u6280\u672f\u6559\u7a0b\u7684\u6838\u5fc3\u533a\u522b\u89e3\u6790<\/h2>\n\n\n\n
\u5728\u5206\u522b\u8bb2\u89e3\u4e86Web\u5e94\u7528\u548cAPP\u5e94\u7528\u7684\u6293\u5305\u6280\u672f\u4e4b\u540e\uff0c\u6211\u60f3\u548c\u4f60\u6df1\u5165\u804a\u804a\u8fd9\u4e24\u8005\u4e4b\u95f4\u7684\u672c\u8d28\u533a\u522b\u3002\u7406\u89e3\u8fd9\u4e9b\u5dee\u5f02\uff0c\u80fd\u5e2e\u4f60\u66f4\u6e05\u6670\u5730\u628a\u63e1\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u6d4b\u8bd5\u601d\u8def\uff0c\u800c\u4e0d\u662f\u7b80\u5355\u5730\u5957\u7528\u540c\u4e00\u5957\u65b9\u6cd5\u3002\u5b9e\u9645\u4e0a\uff0c\u4ece\u6d4f\u89c8\u5668\u5230APP\uff0c\u6293\u5305\u6280\u672f\u7ecf\u5386\u4e86\u4ece\u201c\u7b80\u5355\u914d\u7f6e\u201d\u5230\u201c\u590d\u6742\u5bf9\u6297\u201d\u7684\u6f14\u8fdb\uff0c\u8fd9\u79cd\u6f14\u8fdb\u80cc\u540e\u53cd\u6620\u7684\u662f\u5e94\u7528\u5b89\u5168\u6a21\u578b\u7684\u5347\u7ea7\u548c\u653b\u51fb\u9762\u7684\u8f6c\u79fb\u3002<\/p>\n\n\n\n
\u9996\u5148\u6700\u76f4\u89c2\u7684\u533a\u522b\u5728\u4e8e\u6293\u5305\u7684\u62d3\u6251\u7ed3\u6784<\/strong>\u3002Web\u5e94\u7528\u4e2d\uff0c\u6293\u5305\u5de5\u5177\u76f4\u63a5\u8fd0\u884c\u5728PC\u4e0a\uff0c\u6d4f\u89c8\u5668\u548c\u5de5\u5177\u5728\u540c\u4e00\u53f0\u673a\u5668\u6216\u540c\u4e00\u7f51\u7edc\u6bb5\uff0c\u4ee3\u7406\u914d\u7f6e\u53ea\u9700\u8981\u4fee\u6539\u6d4f\u89c8\u5668\u8bbe\u7f6e\uff0c\u751a\u81f3\u53ef\u4ee5\u7528\u6d4f\u89c8\u5668\u63d2\u4ef6\u81ea\u52a8\u5207\u6362\u3002\u6d41\u91cf\u8def\u5f84\u975e\u5e38\u77ed\uff1a\u6d4f\u89c8\u5668 -> 127.0.0.1:8080 -> \u4e92\u8054\u7f51\u3002\u4f46\u5728APP\u573a\u666f\u4e0b\uff0c\u6293\u5305\u5de5\u5177\u8fd0\u884c\u5728PC\u4e0a\uff0cAPP\u8fd0\u884c\u5728\u624b\u673a\u6216\u6a21\u62df\u5668\u4e0a\uff0c\u4e24\u8005\u901a\u8fc7WiFi\u6216USB\u8fde\u63a5\u3002\u6d41\u91cf\u8def\u5f84\u53d8\u6210\u4e86\uff1aAPP -> \u624b\u673a\u7cfb\u7edf\u7f51\u7edc\u5c42 -> WiFi\u8def\u7531\u5668 -> PC\u6293\u5305\u5de5\u5177 -> \u4e92\u8054\u7f51\u3002\u8fd9\u6761\u8def\u5f84\u4e0a\u591a\u4e86\u65e0\u7ebf\u4f20\u8f93\u548c\u7cfb\u7edf\u7f51\u7edc\u6808\u7684\u4ecb\u5165\uff0c\u610f\u5473\u7740\u6211\u4eec\u9700\u8981\u8003\u8651\u7f51\u7edc\u5ef6\u8fdf\u3001\u4fe1\u53f7\u5e72\u6270\uff0c\u4ee5\u53ca\u624b\u673a\u7cfb\u7edf\u5bf9\u4ee3\u7406\u7684\u7279\u6b8a\u5904\u7406\uff08\u6bd4\u5982Android\u7684VPN\u4ee3\u7406\u548cWiFi\u4ee3\u7406\u53ef\u80fd\u51b2\u7a81\uff09\u3002<\/p>\n\n\n\n
Mermaid \u56fe\u8868\uff1aWeb\u7aef\u4e0e\u79fb\u52a8\u7aef\u6293\u5305\u62d3\u6251\u5bf9\u6bd4
<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u8fd9\u5f20\u56fe\u91cc\uff0cWeb\u7aef\u7684\u7bad\u5934\u76f4\u63a5\u4ece\u6d4f\u89c8\u5668\u6307\u5411\u6293\u5305\u5de5\u5177\uff0c\u56e0\u4e3a\u4ee3\u7406\u662f\u672c\u5730\u7684\uff1b\u800c\u79fb\u52a8\u7aefAPP\u5fc5\u987b\u7ecf\u8fc7\u7cfb\u7edf\u7f51\u7edc\u5c42\u548c\u8def\u7531\u5668\uff0c\u7269\u7406\u8def\u5f84\u66f4\u957f\uff0c\u4e2d\u95f4\u73af\u8282\u66f4\u591a\u3002\u8fd9\u5c31\u89e3\u91ca\u4e86\u4e3a\u4ec0\u4e48\u79fb\u52a8\u7aef\u6293\u5305\u7ecf\u5e38\u9047\u5230\u4ee3\u7406\u4e0d\u751f\u6548\u3001\u8fde\u63a5\u8d85\u65f6\u7684\u95ee\u9898\u2014\u2014\u4efb\u4f55\u4e00\u4e2a\u4e2d\u95f4\u73af\u8282\u914d\u7f6e\u9519\u8bef\u90fd\u4f1a\u5bfc\u81f4\u5931\u8d25\u3002<\/p>\n\n\n\n
\u66f4\u6df1\u5c42\u7684\u533a\u522b\u5728\u4e8e\u8bc1\u4e66\u4fe1\u4efb\u94fe\u7684\u7ba1\u7406<\/strong>\u3002Web\u7aef\u6293\u5305\u65f6\uff0c\u6211\u4eec\u53ea\u9700\u8981\u628a\u6293\u5305\u5de5\u5177\u7684CA\u8bc1\u4e66\u5b89\u88c5\u5230\u64cd\u4f5c\u7cfb\u7edf\u7684\u53d7\u4fe1\u4efb\u6839\u8bc1\u4e66\u5217\u8868\uff0c\u6d4f\u89c8\u5668\u4f1a\u81ea\u52a8\u7ee7\u627f\u8fd9\u4e2a\u4fe1\u4efb\u3002\u56e0\u4e3a\u684c\u9762\u64cd\u4f5c\u7cfb\u7edf\uff08Windows\/macOS\/Linux\uff09\u5bf9\u7528\u6237\u5b89\u88c5\u8bc1\u4e66\u7684\u4fe1\u4efb\u7b56\u7565\u76f8\u5bf9\u5bbd\u677e\uff0c\u800c\u4e14\u6d4f\u89c8\u5668\u901a\u5e38\u4f1a\u8c03\u7528\u7cfb\u7edf\u8bc1\u4e66\u5b58\u50a8\u3002\u4f46\u79fb\u52a8\u7aef\u5b8c\u5168\u4e0d\u540c\uff0c\u4eceAndroid 7.0\uff08API 24\uff09\u5f00\u59cb\uff0cGoogle\u6539\u53d8\u4e86\u5b89\u5168\u7b56\u7565\uff1a\u7cfb\u7edf\u4e0d\u518d\u4fe1\u4efb\u7528\u6237\u5b89\u88c5\u7684\u8bc1\u4e66\uff0c\u53ea\u6709\u9884\u7f6e\u5728\u7cfb\u7edf\u5206\u533a\u7684\u8bc1\u4e66\u624d\u88ab\u8ba4\u53ef\u3002\u8fd9\u610f\u5473\u7740\u5373\u4f7f\u4f60\u5728\u624b\u673a\u4e0a\u901a\u8fc7\u201c\u4ece\u5b58\u50a8\u8bbe\u5907\u5b89\u88c5\u201d\u628aBurp\u7684\u8bc1\u4e66\u88c5\u8fdb\u53bb\uff0c\u5bf9\u5927\u591a\u6570APP\u6765\u8bf4\u5b83\u4f9d\u7136\u65e0\u6548\u3002iOS\u4e5f\u6709\u7c7b\u4f3c\u673a\u5236\uff0c\u4eceiOS 10\u5f00\u59cb\uff0c\u7528\u6237\u5b89\u88c5\u7684\u8bc1\u4e66\u9ed8\u8ba4\u5bf9\u7b2c\u4e09\u65b9APP\u4e0d\u53ef\u4fe1\uff0c\u9664\u975eAPP\u663e\u5f0f\u914d\u7f6e\u4e86\u5141\u8bb8\u7528\u6237\u8bc1\u4e66\u3002<\/p>\n\n\n\n
\u4e3a\u4ec0\u4e48\u79fb\u52a8\u64cd\u4f5c\u7cfb\u7edf\u8981\u8fd9\u4e48\u8bbe\u8ba1\uff1f\u56e0\u4e3a\u624b\u673a\u662f\u4e2a\u4eba\u8bbe\u5907\uff0c\u7528\u6237\u7ecf\u5e38\u8fde\u63a5\u516c\u5171WiFi\uff0c\u5982\u679cAPP\u968f\u610f\u4fe1\u4efb\u7528\u6237\u6dfb\u52a0\u7684\u8bc1\u4e66\uff0c\u653b\u51fb\u8005\u5f88\u5bb9\u6613\u901a\u8fc7\u793e\u4f1a\u5de5\u7a0b\u5b66\u8ba9\u7528\u6237\u5b89\u88c5\u6076\u610f\u8bc1\u4e66\uff0c\u7136\u540e\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\u6240\u4ee5\u64cd\u4f5c\u7cfb\u7edf\u6536\u7d27\u4fe1\u4efb\u7b56\u7565\uff0c\u672c\u8d28\u4e0a\u662f\u628a\u5b89\u5168\u8d23\u4efb\u4ece\u7528\u6237\u8f6c\u79fb\u5230\u4e86\u5f00\u53d1\u8005\u2014\u2014\u5f00\u53d1\u8005\u5fc5\u987b\u5728\u4ee3\u7801\u4e2d\u660e\u786e\u58f0\u660e\u662f\u5426\u4fe1\u4efb\u7528\u6237\u8bc1\u4e66\uff08\u901a\u8fc7networkSecurityConfig\uff09\uff0c\u6216\u8005\u66f4\u6fc0\u8fdb\u5730\u5b9e\u73b0\u8bc1\u4e66\u7ed1\u5b9a\u3002<\/p>\n\n\n\n
Mermaid \u56fe\u8868\uff1a\u8bc1\u4e66\u4fe1\u4efb\u7b56\u7565\u7684Web\u4e0e\u79fb\u52a8\u7aef\u5bf9\u6bd4<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u8fd9\u5f20\u56fe\u6e05\u6670\u5730\u5c55\u793a\u4e86\u79fb\u52a8\u7aef\u591a\u51fa\u6765\u7684\u4e24\u9053\u5173\u5361\u3002\u5de6\u4fa7Web\u7aef\u662f\u7ebf\u6027\u4fe1\u4efb\u94fe\uff0c\u5b89\u88c5\u5373\u4fe1\u4efb\uff1b\u53f3\u4fa7\u79fb\u52a8\u7aef\u51fa\u73b0\u4e86\u5206\u652f\uff0c\u7cfb\u7edf\u9ed8\u8ba4\u4e0d\u4fe1\u4efb\u7528\u6237\u8bc1\u4e66\uff08\u7ea2\u8272\uff09\uff0c\u53ea\u6709APP\u901a\u8fc7\u914d\u7f6e\u58f0\u660e\uff08\u4fe1\u4efb\u7528\u6237\u8bc1\u4e66\uff09\u6216\u8005\u7ed5\u5f00\u8bc1\u4e66\u7ed1\u5b9a\uff08\u7ea2\u8272\uff09\uff0c\u6d41\u91cf\u624d\u80fd\u901a\u8fc7\u3002\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u79fb\u52a8\u7aef\u6293\u5305\u7ecf\u5e38\u9700\u8981root\u3001\u8d8a\u72f1\u6216\u8005\u4f7f\u7528VirtualXposed\u2014\u2014\u6211\u4eec\u5fc5\u987b\u628a\u6293\u5305\u8bc1\u4e66\u585e\u8fdb\u7cfb\u7edf\u8bc1\u4e66\u5b58\u50a8\uff0c\u8ba9\u5b83\u4f2a\u88c5\u6210\u7cfb\u7edf\u9884\u88c5\u8bc1\u4e66\uff0c\u4ece\u800c\u7ed5\u8fc7APP\u7684\u9ed8\u8ba4\u4e0d\u4fe1\u4efb\u3002<\/p>\n\n\n\n
\u7b2c\u4e09\u4e2a\u5173\u952e\u533a\u522b\u662f\u53cd\u6293\u5305\u673a\u5236\u7684\u5bf9\u6297\u5f3a\u5ea6<\/strong>\u3002Web\u5e94\u7528\u5f88\u5c11\u4f1a\u4e3b\u52a8\u5bf9\u6297\u6293\u5305\uff0c\u56e0\u4e3a\u6d4f\u89c8\u5668\u73af\u5883\u662f\u76f8\u5bf9\u5f00\u653e\u7684\uff0c\u800c\u4e14\u5f00\u53d1\u8005\u4e5f\u77e5\u9053\u6d4b\u8bd5\u4eba\u5458\u4f1a\u4f7f\u7528\u5f00\u53d1\u8005\u5de5\u5177\u3002\u4f46APP\u4e0d\u540c\uff0c\u5c24\u5176\u91d1\u878d\u3001\u652f\u4ed8\u3001\u7248\u6743\u4fdd\u62a4\u7c7b\u7684APP\uff0c\u4f1a\u4e3b\u52a8\u68c0\u6d4b\u6293\u5305\u884c\u4e3a\u5e76\u91c7\u53d6\u53cd\u5236\u3002\u6700\u5178\u578b\u7684\u5c31\u662f\u8bc1\u4e66\u7ed1\u5b9a\uff08SSL Pinning\uff09\uff0c\u5b83\u5728\u4ee3\u7801\u4e2d\u786c\u7f16\u7801\u4e86\u670d\u52a1\u5668\u7684\u8bc1\u4e66\u6216\u516c\u94a5\uff0cAPP\u5728\u5efa\u7acbTLS\u8fde\u63a5\u65f6\u4e0d\u4ec5\u6821\u9a8c\u7cfb\u7edf\u8bc1\u4e66\u94fe\uff0c\u8fd8\u8981\u989d\u5916\u5bf9\u6bd4\u670d\u52a1\u5668\u8fd4\u56de\u7684\u8bc1\u4e66\u662f\u5426\u4e0e\u786c\u7f16\u7801\u503c\u5339\u914d\u3002\u5373\u4f7f\u4f60\u628a\u6293\u5305\u5de5\u5177\u8bc1\u4e66\u88c5\u8fdb\u7cfb\u7edf\u5b58\u50a8\uff0cAPP\u53d1\u73b0\u8bc1\u4e66\u6307\u7eb9\u5bf9\u4e0d\u4e0a\uff0c\u4f9d\u7136\u4f1a\u65ad\u5f00\u8fde\u63a5\u3002<\/p>\n\n\n\n
\u5bf9\u4ed8\u8bc1\u4e66\u7ed1\u5b9a\uff0cWeb\u7aef\u57fa\u672c\u4e0d\u9700\u8981\u8003\u8651\uff0c\u4f46\u79fb\u52a8\u7aef\u5fc5\u987b\u4f7f\u7528Hook\u6280\u672f\uff0c\u6bd4\u5982Frida\u6216Xposed\u3002\u6211\u4eec\u5728\u7b2c\u4e8c\u7bc7\u6587\u7ae0\u91cc\u6f14\u793a\u4e86\u7528Frida hook TrustManagerImpl.verifyChain\u65b9\u6cd5\uff0c\u76f4\u63a5\u8ba9APP\u8df3\u8fc7\u8bc1\u4e66\u6821\u9a8c\u3002\u8fd9\u79cd\u5bf9\u6297\u5df2\u7ecf\u8d85\u51fa\u4e86\u6293\u5305\u5de5\u5177\u672c\u8eab\u7684\u80fd\u529b\u8303\u56f4\uff0c\u9700\u8981\u5f15\u5165\u52a8\u6001 instrumentation \u5de5\u5177\u3002\u800cYakit\u7684\u4f18\u52bf\u5728\u4e8e\u53ef\u4ee5\u628a\u8fd9\u4e9b\u811a\u672c\u96c6\u6210\u5230\u6293\u5305\u6d41\u7a0b\u4e2d\uff0c\u8ba9\u4f60\u5728\u540c\u4e00\u4e2a\u754c\u9762\u5b8c\u6210\u6d41\u91cf\u6355\u83b7\u548c\u6ce8\u5165\u7ed5\u8fc7\u3002<\/p>\n\n\n\n
Mermaid \u56fe\u8868\uff1a\u53cd\u6293\u5305\u673a\u5236\u4e0e\u5bf9\u6297\u6280\u672f<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u8fd9\u5f20\u56fe\u5c55\u793a\u4e86\u53cd\u6293\u5305\u673a\u5236\u548c\u5bf9\u6297\u6280\u672f\u7684\u5bf9\u5e94\u5173\u7cfb\u3002\u5de6\u8fb9\u662fAPP\u53ef\u80fd\u4f7f\u7528\u7684\u4e09\u79cd\u53cd\u5236\u624b\u6bb5\uff1a\u8bc1\u4e66\u7ed1\u5b9a\u3001\u4ee3\u7406\u68c0\u6d4b\uff08\u6bd4\u5982\u8c03\u7528NetworkCapabilities.hasCapability\u68c0\u6d4b\u662f\u5426\u8bbe\u7f6e\u4e86\u4ee3\u7406\uff09\u3001\u73af\u5883\u68c0\u6d4b\uff08\u68c0\u6d4b\u662f\u5426root\uff09\u3002\u53f3\u8fb9\u662f\u5bf9\u5e94\u7684\u5bf9\u6297\u6280\u672f\uff1aFrida\u53ef\u4ee5\u52a8\u6001Hook\u4efb\u610f\u51fd\u6570\uff0cVirtualXposed\u80fd\u5728\u975eroot\u73af\u5883\u4e0b\u8fd0\u884cXposed\u6a21\u5757\uff0cJustTrustMe\u8fd9\u7c7b\u6a21\u5757\u4e13\u95e8\u9488\u5bf9\u5e38\u89c1\u7684\u8bc1\u4e66\u7ed1\u5b9a\u5e93\u8fdb\u884c\u7ed5\u8fc7\u3002Web\u7aef\u51e0\u4e4e\u6ca1\u6709\u8fd9\u7c7b\u5bf9\u6297\uff0c\u56e0\u4e3a\u6d4f\u89c8\u5668\u6ca1\u6709\u63d0\u4f9b\u8fd9\u4e9bAPI\u8ba9\u7f51\u9875\u68c0\u6d4b\u4ee3\u7406\u6216\u73af\u5883\u3002<\/p>\n\n\n\n
\u4ece\u5de5\u5177\u4f7f\u7528\u6a21\u5f0f<\/strong>\u6765\u770b\uff0cWeb\u7aef\u6293\u5305\u66f4\u4f9d\u8d56\u56fe\u5f62\u754c\u9762\u548c\u624b\u5de5\u64cd\u4f5c\u3002\u4f60\u7528Burp\u7684Proxy\u62e6\u622a\u8bf7\u6c42\uff0c\u7528Repeater\u624b\u5de5\u4fee\u6539\uff0c\u6574\u4e2a\u8fc7\u7a0b\u662f\u53ef\u89c6\u5316\u3001\u4ea4\u4e92\u5f0f\u7684\u3002\u800c\u79fb\u52a8\u7aef\u6293\u5305\u5f80\u5f80\u9700\u8981\u7ed3\u5408\u547d\u4ee4\u884c\u5de5\u5177\uff08adb\u3001frida\uff09\u548c\u811a\u672c\u7f16\u5199\uff0c\u81ea\u52a8\u5316\u7a0b\u5ea6\u66f4\u9ad8\u3002\u6bd4\u5982\u4f60\u5199\u4e00\u4e2aFrida\u811a\u672c\u6279\u91cf\u7ed5\u8fc7\u8bc1\u4e66\u7ed1\u5b9a\uff0c\u7136\u540e\u7528Python\u8c03\u7528Burp\u7684API\u81ea\u52a8\u6807\u8bb0\u8bf7\u6c42\uff0c\u6700\u540e\u751f\u6210\u6d4b\u8bd5\u62a5\u544a\u3002\u8fd9\u79cd\u201c\u6293\u5305 + Hook + \u81ea\u52a8\u5316\u201d\u7684\u7ec4\u5408\u62f3\uff0c\u5728\u79fb\u52a8\u7aef\u6d4b\u8bd5\u4e2d\u662f\u5e38\u6001\u3002<\/p>\n\n\n\n
Yakit\u5728\u79fb\u52a8\u7aef\u7684\u4f18\u52bf\u6070\u597d\u4f53\u73b0\u5728\u8fd9\u91cc\uff1a\u5b83\u5185\u7f6e\u4e86Yak\u811a\u672c\u5f15\u64ce\uff0c\u4f60\u53ef\u4ee5\u7528Yak\u8bed\u8a00\u7f16\u5199\u5305\u542bHook\u903b\u8f91\u7684\u811a\u672c\uff0c\u5728\u6d41\u91cf\u7ecf\u8fc7\u65f6\u52a8\u6001\u6267\u884c\u3002\u6bd4\u5982\u4f60\u53ef\u4ee5\u5728Yakit\u7684MITM\u9875\u9762\u52a0\u8f7d\u4e00\u4e2a\u811a\u672c\uff0c\u811a\u672c\u91cc\u8c03\u7528Frida\u9644\u52a0\u5230\u76ee\u6807APP\u8fdb\u7a0b\uff0c\u81ea\u52a8\u7ed5\u8fc7\u8bc1\u4e66\u7ed1\u5b9a\uff0c\u7136\u540e\u6240\u6709\u6d41\u91cf\u6b63\u5e38\u663e\u793a\u3002\u8fd9\u6bd4\u5728Burp\u548c\u547d\u4ee4\u884c\u4e4b\u95f4\u6765\u56de\u5207\u6362\u8981\u6d41\u7545\u5f97\u591a\u3002<\/p>\n\n\n\n
\u6700\u540e\u662f\u601d\u7ef4\u6a21\u5f0f\u7684\u533a\u522b<\/strong>\u3002Web\u7aef\u6293\u5305\u65f6\uff0c\u4f60\u7684\u89c6\u89d2\u662f\u201c\u9875\u9762-\u8bf7\u6c42-\u54cd\u5e94\u201d\uff0c\u601d\u8003\u7684\u662f\u53c2\u6570\u3001Cookie\u3001Session\u8fd9\u4e9b\u9ad8\u5c42\u6982\u5ff5\u3002\u79fb\u52a8\u7aef\u6293\u5305\u5219\u5fc5\u987b\u6df1\u5165\u5230\u7cfb\u7edf\u5c42\uff0c\u8003\u8651\u8fdb\u7a0b\u3001\u6743\u9650\u3001\u6587\u4ef6\u7cfb\u7edf\u3002\u4f60\u9700\u8981\u77e5\u9053APP\u7684\u5305\u540d\u662f\u4ec0\u4e48\uff0c\u5b83\u7684networkSecurityConfig\u6587\u4ef6\u653e\u5728\u54ea\u91cc\uff0c\u662f\u5426\u9700\u8981\u7ed5\u8fc7VPN\u68c0\u6d4b\u3002\u8fd9\u79cd\u4ece\u5e94\u7528\u5c42\u5230\u7cfb\u7edf\u5c42\u7684\u89c6\u89d2\u4e0b\u6c89\uff0c\u662fWeb\u5f00\u53d1\u8005\u8f6c\u5411\u79fb\u52a8\u5b89\u5168\u65f6\u5fc5\u987b\u8de8\u8d8a\u7684\u95e8\u69db\u3002<\/p>\n\n\n\n
\u603b\u7ed3\u4e00\u4e0b\u4e24\u7bc7\u6559\u7a0b\u7684\u6838\u5fc3\u533a\u522b\uff1a<\/p>\n\n\n\n
    \n
  • \u62d3\u6251\u7ed3\u6784<\/strong>\uff1aWeb\u7aef\u672c\u5730\u4ee3\u7406 vs \u79fb\u52a8\u7aef\u8de8\u8bbe\u5907\u7f51\u7edc\u8f6c\u53d1<\/li>\n\n\n\n
  • \u8bc1\u4e66\u4fe1\u4efb<\/strong>\uff1a\u7528\u6237\u8bc1\u4e66\u76f4\u63a5\u751f\u6548 vs \u9700\u8981\u7cfb\u7edf\u8bc1\u4e66\u6216\u7ed5\u8fc7\u7ed1\u5b9a<\/li>\n\n\n\n
  • \u5bf9\u6297\u5f3a\u5ea6<\/strong>\uff1a\u65e0\u5bf9\u6297\u6216\u5f31\u5bf9\u6297 vs \u8bc1\u4e66\u7ed1\u5b9a\u3001\u4ee3\u7406\u68c0\u6d4b\u7b49\u4e3b\u52a8\u9632\u5fa1<\/li>\n\n\n\n
  • \u5de5\u5177\u7ec4\u5408<\/strong>\uff1a\u5355\u4e00\u6293\u5305\u5de5\u5177 vs \u6293\u5305+Hook+\u81ea\u52a8\u5316\u6846\u67b6<\/li>\n\n\n\n
  • \u601d\u7ef4\u6df1\u5ea6<\/strong>\uff1a\u5e94\u7528\u5c42\u6d4b\u8bd5 vs \u7cfb\u7edf\u5c42\u653b\u9632<\/li>\n<\/ul>\n\n\n\n
    \u7406\u89e3\u8fd9\u4e9b\u533a\u522b\u540e\uff0c\u4f60\u518d\u770b\u5177\u4f53\u7684\u6293\u5305\u64cd\u4f5c\u5c31\u4e0d\u4f1a\u89c9\u5f97\u56f0\u60d1\u4e86\u3002\u6bd4\u5982\u4e3a\u4ec0\u4e48Web\u7aef\u90a3\u4e48\u7b80\u5355\uff0c\u79fb\u52a8\u7aef\u5374\u8981root\u3001\u88c5\u6846\u67b6\u3001\u5199\u811a\u672c\uff1f\u56e0\u4e3a\u79fb\u52a8\u7aef\u7684\u8bbe\u8ba1\u521d\u8877\u5c31\u662f\u963b\u6b62\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u800c\u6211\u4eec\u4f5c\u4e3a\u6d4b\u8bd5\u4eba\u5458\uff0c\u6b63\u662f\u5728\u6a21\u62df\u653b\u51fb\u8005\u7684\u89c6\u89d2\u7a81\u7834\u8fd9\u4e9b\u9632\u62a4\u3002\u5f53\u4f60\u638c\u63e1\u4e86Web\u548c\u79fb\u52a8\u7aef\u4e24\u79cd\u6293\u5305\u6280\u672f\uff0c\u4f60\u5c31\u62e5\u6709\u4e86\u4ece\u6d4f\u89c8\u5668\u5230APP\u3001\u4ece\u5e94\u7528\u5230\u7cfb\u7edf\u7684\u5b8c\u6574\u6d4b\u8bd5\u80fd\u529b\u3002<\/p>\n\n\n\n
    \u6293\u5305\u6280\u672f-PC\u7aef\u5e94\u7528-http\/s-Burp&Yakit<\/h2>\n\n\n\n
    \u4f5c\u4e3a\u5f00\u53d1\u8005\uff0c\u4f60\u80af\u5b9a\u5199\u8fc7 HTTP \u8bf7\u6c42\uff0c\u4e5f\u77e5\u9053\u5e94\u7528\u901a\u8fc7 SharedPreferences \u5b58\u4e86\u4e9b token\uff0c\u4f46\u5f53\u4f60\u62ff\u5230\u4e00\u4e2a\u522b\u4eba\u5f00\u53d1\u7684 PC \u8f6f\u4ef6\uff08\u6bd4\u5982\u6e38\u620f\u3001\u5373\u65f6\u901a\u8baf\u5de5\u5177\u3001\u67d0\u4e2a\u884c\u4e1a\u5ba2\u6237\u7aef\uff09\u65f6\uff0c\u4f60\u53ef\u80fd\u4f1a\u597d\u5947\uff1a\u5b83\u5230\u5e95\u5728\u540e\u53f0\u7ed9\u670d\u52a1\u5668\u53d1\u4e86\u4ec0\u4e48\uff1f\u6709\u6ca1\u6709\u4e0a\u4f20\u6211\u7684\u9690\u79c1\u6570\u636e\uff1f\u662f\u4e0d\u662f\u5728\u5077\u5077\u4e0b\u8f7d\u4e1c\u897f\uff1f\u8981\u56de\u7b54\u8fd9\u4e9b\u95ee\u9898\uff0c\u4f60\u5c31\u9700\u8981\u201c\u6293\u5305\u201d\u2014\u2014\u5728\u8f6f\u4ef6\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u88c5\u4e00\u4e2a\u201c\u76d1\u63a7\u6444\u50cf\u5934\u201d\uff0c\u628a\u53cc\u65b9\u7684\u901a\u4fe1\u5185\u5bb9\u539f\u539f\u672c\u672c\u5730\u8bb0\u5f55\u4e0b\u6765\u3002\u6293\u5305\u6280\u672f\u662f\u5b89\u5168\u5206\u6790\u3001\u63a5\u53e3\u9006\u5411\u3001\u8c03\u8bd5\u7f51\u7edc\u95ee\u9898\u7684\u57fa\u7840\uff0c\u4e5f\u662f\u4f60\u4ece\u201c\u4f1a\u5199\u4ee3\u7801\u201d\u8fdb\u9636\u5230\u201c\u80fd\u770b\u61c2\u4efb\u4f55\u5e94\u7528\u901a\u4fe1\u201d\u7684\u5173\u952e\u4e00\u6b65\u3002<\/p>\n\n\n\n
    \u6293\u5305\u5728\u6574\u4e2a\u7cfb\u7edf\u4e2d\u626e\u6f14\u4ec0\u4e48\u89d2\u8272\uff1f<\/h3>\n\n\n\n
    \u4efb\u4f55\u7f51\u7edc\u901a\u4fe1\u90fd\u9075\u5faa\u5ba2\u6237\u7aef\u2011\u670d\u52a1\u5668\u7684\u6a21\u578b\u3002\u6b63\u5e38\u60c5\u51b5\u4e0b\uff0c\u4f60\u7684 PC \u5e94\u7528\u76f4\u63a5\u4e0e\u8fdc\u7a0b\u670d\u52a1\u5668\u5efa\u7acb TCP \u8fde\u63a5\uff0c\u53d1\u9001 HTTP \u8bf7\u6c42\uff0c\u63a5\u6536\u54cd\u5e94\u3002\u6293\u5305\u5de5\u5177\u76f8\u5f53\u4e8e\u4e00\u4e2a\u201c\u4e2d\u95f4\u4eba\u201d\uff0c\u5b83\u628a\u81ea\u5df1\u4f2a\u88c5\u6210\u76ee\u6807\u670d\u52a1\u5668\u4e0e\u5ba2\u6237\u7aef\u901a\u4fe1\uff0c\u540c\u65f6\u53c8\u4f5c\u4e3a\u5ba2\u6237\u7aef\u4e0e\u771f\u5b9e\u670d\u52a1\u5668\u901a\u4fe1\uff0c\u4ece\u800c\u628a\u6574\u4e2a\u5bf9\u8bdd\u8fc7\u7a0b\u8f6c\u5f55\u4e0b\u6765\u3002\u4e3a\u4e86\u5b9e\u73b0\u8fd9\u4e00\u70b9\uff0c\u6293\u5305\u5de5\u5177\u5fc5\u987b\u5728\u64cd\u4f5c\u7cfb\u7edf\u5c42\u9762\u6216\u5e94\u7528\u5c42\u9762\u83b7\u5f97\u7f51\u7edc\u6d41\u91cf\u7684\u8f6c\u53d1\u6743\uff0c\u901a\u5e38\u662f\u4ee5\u201cHTTP \u4ee3\u7406\u201d\u7684\u5f62\u5f0f\u5b58\u5728\u3002\u5f53\u4f60\u5728\u7cfb\u7edf\u7f51\u7edc\u8bbe\u7f6e\u6216\u5e94\u7528\u4ee3\u7406\u8bbe\u7f6e\u91cc\u586b\u5165 127.0.0.1:8080<\/code> \u65f6\uff0c\u6240\u6709 HTTP \u548c HTTPS \u6d41\u91cf\u5c31\u4f1a\u88ab\u5148\u53d1\u9001\u5230\u6293\u5305\u5de5\u5177\uff0c\u518d\u7531\u5b83\u8f6c\u53d1\u51fa\u53bb\u3002\u8fd9\u6837\u4e00\u6765\uff0c\u6293\u5305\u5de5\u5177\u5c31\u80fd\u770b\u5230\u3001\u751a\u81f3\u4fee\u6539\u8bf7\u6c42\u548c\u54cd\u5e94\u7684\u5185\u5bb9\u3002<\/p>\n\n\n\n
    \u4e3a\u4ec0\u4e48\u9700\u8981\u8fd9\u79cd\u4e2d\u95f4\u4eba\u8bbe\u8ba1\uff1f\u5b83\u5177\u4f53\u600e\u4e48\u5de5\u4f5c\uff1f<\/h3>\n\n\n\n
    \u5bf9\u4e8e HTTP \u6d41\u91cf\uff0c\u4ee3\u7406\u5de5\u4f5c\u5f88\u7b80\u5355\uff1a\u5ba2\u6237\u7aef\u660e\u6587\u53d1\u9001\u8bf7\u6c42\uff0c\u4ee3\u7406\u539f\u6837\u8f6c\u53d1\uff0c\u540c\u65f6\u62f7\u8d1d\u4e00\u4efd\u4f9b\u4f60\u67e5\u770b\u3002\u4f46\u4eca\u5929\u7684\u7f51\u7edc\u51e0\u4e4e\u5168\u662f HTTPS\uff08HTTP over SSL\/TLS\uff09\uff0c\u6d41\u91cf\u662f\u52a0\u5bc6\u7684\uff0c\u4ee3\u7406\u5982\u679c\u53ea\u8f6c\u53d1\u5bc6\u6587\uff0c\u4f60\u770b\u5230\u7684\u53ea\u4f1a\u662f\u4e00\u5806\u4e71\u7801\u3002\u4e3a\u4e86\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff0c\u6293\u5305\u5de5\u5177\u91c7\u7528\u4e86\u201c\u4e2d\u95f4\u4eba\uff08MITM\uff0cMan-in-the-Middle\uff09\u201d\u6280\u672f\uff1a\u5f53\u5ba2\u6237\u7aef\u8bd5\u56fe\u4e0e\u670d\u52a1\u5668\u5efa\u7acb TLS \u8fde\u63a5\u65f6\uff0c\u6293\u5305\u5de5\u5177\u4f1a\u62e6\u622a\u8fd9\u4e2a\u8bf7\u6c42\uff0c\u7136\u540e\u81ea\u5df1\u751f\u6210\u4e00\u4e2a\u4f2a\u9020\u7684\u670d\u52a1\u5668\u8bc1\u4e66\uff0c\u5e76\u7528\u8fd9\u4e2a\u8bc1\u4e66\u4e0e\u5ba2\u6237\u7aef\u5b8c\u6210 TLS \u63e1\u624b\u3002\u540c\u65f6\uff0c\u6293\u5305\u5de5\u5177\u53c8\u4e0e\u771f\u5b9e\u7684\u670d\u52a1\u5668\u5efa\u7acb\u53e6\u4e00\u4e2a TLS \u8fde\u63a5\u3002\u8fd9\u6837\u4e00\u6765\uff0c\u5ba2\u6237\u7aef\u548c\u6293\u5305\u5de5\u5177\u4e4b\u95f4\u7684\u901a\u4fe1\u662f\u52a0\u5bc6\u7684\uff0c\u6293\u5305\u5de5\u5177\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u4e5f\u662f\u52a0\u5bc6\u7684\uff0c\u4f46\u6293\u5305\u5de5\u5177\u62e5\u6709\u4e24\u8fb9\u7684\u5bc6\u94a5\uff0c\u53ef\u4ee5\u5728\u4e2d\u95f4\u628a\u5bc6\u6587\u89e3\u5bc6\u6210\u660e\u6587\u540e\u518d\u91cd\u65b0\u52a0\u5bc6\u8f6c\u53d1\u3002\u4f60\u770b\u5230\u7684\uff0c\u5c31\u662f\u89e3\u5bc6\u540e\u7684\u660e\u6587\u7684 HTTP \u6d88\u606f\u3002<\/p>\n\n\n\n
    \u4e3a\u4e86\u8ba9\u5ba2\u6237\u7aef\u4fe1\u4efb\u4f2a\u9020\u7684\u8bc1\u4e66\uff0c\u4f60\u9700\u8981\u628a\u6293\u5305\u5de5\u5177\u81ea\u5df1\u751f\u6210\u7684 CA \u6839\u8bc1\u4e66\u5b89\u88c5\u5230\u64cd\u4f5c\u7cfb\u7edf\u7684\u201c\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u201d\u5217\u8868\u91cc\u3002\u8fd9\u6837\uff0c\u5f53\u6293\u5305\u5de5\u5177\u4e3a\u4efb\u610f\u57df\u540d\u7b7e\u53d1\u5373\u65f6\u8bc1\u4e66\u65f6\uff0c\u7cfb\u7edf\u5c31\u4f1a\u8ba4\u4e3a\u8fd9\u4e2a\u8bc1\u4e66\u662f\u5408\u6cd5\u7684\u3002\u6574\u4e2a\u8fc7\u7a0b\u5bf9\u5ba2\u6237\u7aef\u5e94\u7528\u662f\u900f\u660e\u7684\uff0c\u5b83\u4ee5\u4e3a\u81ea\u5df1\u6b63\u548c\u771f\u6b63\u7684\u670d\u52a1\u5668\u5b89\u5168\u901a\u4fe1\uff0c\u5176\u5b9e\u6240\u6709\u7684\u79d8\u5bc6\u90fd\u88ab\u4e2d\u95f4\u4eba\u770b\u5149\u4e86\u2014\u2014\u8fd9\u5c31\u662f\u4f60\u4e3b\u52a8\u6388\u6743\u7684\u201c\u76d1\u63a7\u6444\u50cf\u5934\u201d\u3002<\/p>\n\n\n\n
    Mermaid \u56fe\u8868\uff1aHTTPS \u4e2d\u95f4\u4eba\u6293\u5305\u539f\u7406<\/p>\n\n\n\n
    \"\"<\/div><\/figure>\n\n\n\n
    \u8fd9\u5f20\u56fe\u91cc\uff0c\u84dd\u8272\u65b9\u6846\u4ee3\u8868\u4e09\u4e2a\u89d2\u8272\uff1a\u4f60\u7684 PC \u5e94\u7528\u3001\u6293\u5305\u5de5\u5177\uff08Burp\/Yakit\uff09\u3001\u771f\u5b9e\u670d\u52a1\u5668\u3002\u7bad\u5934\u4e0a\u7684\u6570\u5b57\u5c55\u793a\u4e86\u6d88\u606f\u7684\u5148\u540e\u987a\u5e8f\u3002\u6700\u5173\u952e\u7684\u662f\u7b2c 3 \u6b65\uff1a\u6293\u5305\u5de5\u5177\u8fd4\u56de\u4e86\u4f2a\u9020\u7684\u8bc1\u4e66\uff0c\u800c\u4e0d\u662f\u771f\u5b9e\u670d\u52a1\u5668\u7684\u8bc1\u4e66\uff0c\u4f46\u56e0\u4e3a\u4f60\u7684\u7cfb\u7edf\u4fe1\u4efb\u4e86\u6293\u5305\u5de5\u5177\u7684 CA\uff0c\u6240\u4ee5\u5e94\u7528\u4e0d\u4f1a\u62a5\u9519\u3002\u7b2c 5 \u6b65\u548c\u7b2c 8 \u6b65\u662f\u6293\u5305\u5de5\u5177\u5185\u90e8\u7684\u5de5\u4f5c\uff0c\u5b83\u628a\u6570\u636e\u89e3\u5bc6\u6210\u660e\u6587\uff0c\u4f60\u53ef\u4ee5\u770b\u5230\u8bf7\u6c42\u5934\u3001\u8bf7\u6c42\u4f53\u3001\u54cd\u5e94\u5185\u5bb9\u3002\u6574\u4e2a\u8fc7\u7a0b\u5e94\u7528\u548c\u670d\u52a1\u5668\u90fd\u4ee5\u4e3a\u81ea\u5df1\u5728\u8fdb\u884c\u7aef\u5230\u7aef\u7684\u52a0\u5bc6\u901a\u4fe1\uff0c\u5b9e\u9645\u4e0a\u6240\u6709\u660e\u6587\u90fd\u88ab\u4f60\u638c\u63e1\u4e86\u3002<\/p>\n\n\n\n
    \u4e3b\u6d41\u6293\u5305\u5de5\u5177\uff1aBurp Suite \u4e0e Yakit<\/h3>\n\n\n\n
    \u76ee\u524d\u6700\u5e38\u7528\u7684\u6293\u5305\u5de5\u5177\uff0c\u4e00\u4e2a\u662f\u8001\u724c\u4e14\u529f\u80fd\u5f3a\u5927\u7684 Burp Suite\uff0c\u53e6\u4e00\u4e2a\u662f\u8fd1\u5e74\u5d1b\u8d77\u7684\u56fd\u4ea7\u96c6\u6210\u5de5\u5177 Yakit\u3002\u5b83\u4eec\u90fd\u652f\u6301 HTTP\/HTTPS \u7684\u62e6\u622a\u3001\u67e5\u770b\u3001\u4fee\u6539\u3001\u91cd\u653e\uff0c\u4e5f\u90fd\u80fd\u4f5c\u4e3a\u4ee3\u7406\u5de5\u4f5c\u3002Burp \u7684\u793e\u533a\u7248\u514d\u8d39\uff0c\u529f\u80fd\u5bf9\u4e8e\u6293\u5305\u548c\u5206\u6790\u5df2\u7ecf\u8db3\u591f\uff0c\u5b83\u7684 UI \u6bd4\u8f83\u4f20\u7edf\u4f46\u6781\u5176\u7a33\u5b9a\uff0c\u62e5\u6709\u5e9e\u5927\u7684\u63d2\u4ef6\u751f\u6001\u3002Yakit \u5219\u628a\u5f88\u591a\u5e38\u89c1\u7684\u5b89\u5168\u6d4b\u8bd5\u529f\u80fd\uff08\u6bd4\u5982\u7aef\u53e3\u626b\u63cf\u3001\u6f0f\u6d1e\u9a8c\u8bc1\uff09\u96c6\u6210\u5728\u4e00\u8d77\uff0c\u754c\u9762\u66f4\u73b0\u4ee3\u5316\uff0c\u64cd\u4f5c\u66f4\u7b26\u5408\u56fd\u5185\u5f00\u53d1\u8005\u7684\u4e60\u60ef\uff0c\u800c\u4e14\u5b83\u4e5f\u5b8c\u5168\u652f\u6301\u4f5c\u4e3a\u4ee3\u7406\u6293\u5305\uff0c\u5e76\u5185\u7f6e\u4e86\u7c7b\u4f3c Burp \u7684\u201cWeb Fuzzer\u201d\u7528\u4e8e\u91cd\u653e\u548c\u7206\u7834\u3002\u4e24\u8005\u7684\u6838\u5fc3\u6293\u5305\u80fd\u529b\u51e0\u4e4e\u6ca1\u6709\u5dee\u522b\uff0c\u4f60\u53ef\u4ee5\u6839\u636e\u4e2a\u4eba\u559c\u597d\u9009\u62e9\u3002\u5728\u540e\u7eed\u7684\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u4ee5 Burp \u4e3a\u4e3b\u8bb2\u89e3\uff0c\u56e0\u4e3a\u5b83\u7684\u914d\u7f6e\u6d41\u7a0b\u662f\u884c\u4e1a\u6807\u51c6\uff0c\u800c Yakit \u7684\u64cd\u4f5c\u51e0\u4e4e\u5b8c\u5168\u5bf9\u5e94\u3002<\/p>\n\n\n\n
    \u5178\u578b\u573a\u666f\uff1a\u5206\u6790 PC \u7aef\u5e94\u7528\u7684 API \u8bf7\u6c42<\/h3>\n\n\n\n
    \u5047\u8bbe\u4f60\u60f3\u5206\u6790\u201c\u7f51\u6613\u4e91\u97f3\u4e50\u201dPC \u5ba2\u6237\u7aef\u5728\u64ad\u653e\u6b4c\u66f2\u65f6\u8c03\u7528\u4e86\u54ea\u4e9b\u63a5\u53e3\uff0c\u6709\u6ca1\u6709\u4e0a\u62a5\u4f60\u7684\u542c\u6b4c\u5386\u53f2\u3002\u4e0b\u9762\u662f\u4e00\u5957\u5b8c\u6574\u4e14\u53ef\u590d\u5236\u7684\u6293\u5305\u914d\u7f6e\u6b65\u9aa4\u3002<\/p>\n\n\n\n
    \u7b2c\u4e00\u6b65\uff1a\u8bbe\u7f6e Burp \u4ee3\u7406\u76d1\u542c\u3002<\/strong> \u6253\u5f00 Burp\uff0c\u70b9\u51fb Proxy \u9009\u9879\u5361\uff0c\u518d\u70b9\u51fb Options\u3002\u5728 Proxy Listeners \u533a\u57df\uff0c\u70b9\u51fb Add\uff0c\u7ed1\u5b9a\u5730\u5740\u9009 127.0.0.1<\/code>\uff0c\u7aef\u53e3\u586b 8080<\/code>\uff0c\u52fe\u9009\u201cRunning\u201d\u542f\u7528\u3002\u8fd9\u6837 Burp \u5c31\u5728\u672c\u5730\u7684 8080 \u7aef\u53e3\u5f00\u542f\u4e86 HTTP \u4ee3\u7406\u670d\u52a1\u3002<\/p>\n\n\n\n
    \u7b2c\u4e8c\u6b65\uff1a\u5bfc\u51fa\u5e76\u5b89\u88c5 Burp \u7684 CA \u8bc1\u4e66\u3002<\/strong> \u4e3a\u4e86\u89e3\u5bc6 HTTPS\uff0c\u9700\u8981\u8ba9\u7cfb\u7edf\u4fe1\u4efb Burp \u7684\u6839\u8bc1\u4e66\u3002\u5728 Burp \u4e2d\uff0c\u70b9\u51fb Proxy \u9009\u9879\u5361\u4e0b\u7684 Intercept\uff0c\u786e\u4fdd\u62e6\u622a\u5173\u95ed\uff08Intercept is off\uff09\u3002\u7136\u540e\u8bbf\u95ee http:\/\/burp<\/code>\uff08\u76f4\u63a5\u5728\u6d4f\u89c8\u5668\u91cc\u6253\u5f00\uff09\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\u7684\u201cCA Certificate\u201d\u4e0b\u8f7d\u8bc1\u4e66\u6587\u4ef6 cacert.der<\/code>\u3002\u5bf9\u4e8e Windows\uff0c\u53cc\u51fb\u4e0b\u8f7d\u7684\u6587\u4ef6\uff0c\u70b9\u51fb\u201c\u5b89\u88c5\u8bc1\u4e66\u201d\uff0c\u9009\u62e9\u201c\u672c\u5730\u8ba1\u7b97\u673a\u201d\uff0c\u7136\u540e\u9009\u62e9\u201c\u5c06\u6240\u6709\u7684\u8bc1\u4e66\u90fd\u653e\u5165\u4e0b\u5217\u5b58\u50a8\u201d\uff0c\u70b9\u51fb\u201c\u6d4f\u89c8\u201d\u9009\u62e9\u201c\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u201d\uff0c\u5b8c\u6210\u5bfc\u5165\u3002\u5bf9\u4e8e macOS\uff0c\u6253\u5f00\u201c\u94a5\u5319\u4e32\u8bbf\u95ee\u201d\uff0c\u5c06\u8bc1\u4e66\u62d6\u5165\u201c\u7cfb\u7edf\u201d\u94a5\u5319\u4e32\uff0c\u7136\u540e\u53cc\u51fb\u8bc1\u4e66\uff0c\u5728\u201c\u4fe1\u4efb\u201d\u4e2d\u9009\u62e9\u201c\u59cb\u7ec8\u4fe1\u4efb\u201d\u3002\u8fd9\u4e00\u6b65\u81f3\u5173\u91cd\u8981\uff0c\u5982\u679c\u8bc1\u4e66\u6ca1\u6709\u6b63\u786e\u5b89\u88c5\uff0cHTTPS \u6d41\u91cf\u4f1a\u5931\u8d25\uff0c\u5e94\u7528\u53ef\u80fd\u62a5\u7f51\u7edc\u9519\u8bef\u3002<\/p>\n\n\n\n
    \u7b2c\u4e09\u6b65\uff1a\u914d\u7f6e PC \u5e94\u7528\u7684\u4ee3\u7406\u3002<\/strong> \u6700\u7b80\u5355\u7684\u65b9\u6cd5\u662f\u8bbe\u7f6e\u7cfb\u7edf\u5168\u5c40\u4ee3\u7406\u3002Windows \u6253\u5f00\u201c\u8bbe\u7f6e\u201d \u2192 \u201c\u7f51\u7edc\u548c\u4e92\u8054\u7f51\u201d \u2192 \u201c\u4ee3\u7406\u201d\uff0c\u5f00\u542f\u201c\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u201d\uff0c\u5730\u5740\u586b 127.0.0.1<\/code>\uff0c\u7aef\u53e3 8080<\/code>\u3002macOS \u5728\u201c\u7cfb\u7edf\u504f\u597d\u8bbe\u7f6e\u201d \u2192 \u201c\u7f51\u7edc\u201d \u2192 \u201c\u9ad8\u7ea7\u201d \u2192 \u201c\u4ee3\u7406\u201d\u4e2d\uff0c\u52fe\u9009\u201cWeb \u4ee3\u7406\uff08HTTP\uff09\u201d\u548c\u201c\u5b89\u5168 Web \u4ee3\u7406\uff08HTTPS\uff09\u201d\uff0c\u90fd\u586b\u5165 127.0.0.1:8080<\/code>\u3002\u8bbe\u7f6e\u540e\uff0c\u51e0\u4e4e\u6240\u6709\u8d70\u7cfb\u7edf\u4ee3\u7406\u7684\u5e94\u7528\u90fd\u4f1a\u628a\u6d41\u91cf\u53d1\u7ed9 Burp\u3002\u4f46\u6709\u4e9b PC \u5e94\u7528\u4e0d\u8d70\u7cfb\u7edf\u4ee3\u7406\uff08\u6bd4\u5982\u5b83\u4eec\u81ea\u5df1\u5b9e\u73b0\u4e86 HTTP \u6808\uff0c\u4e0d\u8bfb\u53d6\u7cfb\u7edf\u8bbe\u7f6e\uff09\uff0c\u8fd9\u65f6\u4f60\u9700\u8981\u4f7f\u7528\u5f3a\u5236\u4ee3\u7406\u5de5\u5177\uff0c\u6bd4\u5982 Proxifier \u6216 ProxyCap\uff0c\u5b83\u4eec\u53ef\u4ee5\u5f3a\u5236\u5c06\u6307\u5b9a\u8fdb\u7a0b\u7684\u6240\u6709 TCP \u6d41\u91cf\u8f6c\u53d1\u5230\u4f60\u7684\u4ee3\u7406\u7aef\u53e3\u3002<\/p>\n\n\n\n
    \u7b2c\u56db\u6b65\uff1a\u9a8c\u8bc1\u6293\u5305\u662f\u5426\u6210\u529f\u3002<\/strong> \u7528\u6d4f\u89c8\u5668\u8bbf\u95ee\u4e00\u4e2a HTTPS \u7f51\u7ad9\uff0c\u6bd4\u5982 https:\/\/www.baidu.com<\/code>\u3002\u5982\u679c Burp \u7684 Proxy \u4e0b\u7684 HTTP history \u91cc\u51fa\u73b0\u4e86\u767e\u5ea6\u7684\u8bf7\u6c42\uff0c\u5e76\u4e14\u4f60\u80fd\u770b\u5230\u8bf7\u6c42\u548c\u54cd\u5e94\u7684\u660e\u6587\uff0c\u8bf4\u660e\u8bc1\u4e66\u5b89\u88c5\u6210\u529f\uff0c\u4ee3\u7406\u5de5\u4f5c\u6b63\u5e38\u3002\u63a5\u4e0b\u6765\uff0c\u542f\u52a8\u7f51\u6613\u4e91\u97f3\u4e50\uff0c\u6267\u884c\u4e00\u4e9b\u64cd\u4f5c\uff08\u5982\u641c\u7d22\u3001\u64ad\u653e\uff09\uff0c\u89c2\u5bdf Burp \u91cc\u4e0d\u65ad\u51fa\u73b0\u7684\u8bf7\u6c42\uff0c\u4f60\u5c31\u53ef\u4ee5\u5206\u6790\u8fd9\u4e9b\u8bf7\u6c42\u7684 URL\u3001\u53c2\u6570\u548c\u8fd4\u56de\u7684 JSON \u6570\u636e\u4e86\u3002<\/p>\n\n\n\n
    \u7b2c\u4e94\u6b65\uff08\u53ef\u9009\uff09\uff1a\u7528\u4ee3\u7801\u6d4b\u8bd5\u4ee3\u7406\u8fde\u901a\u6027\u3002<\/strong> \u5982\u679c\u4f60\u719f\u6089 Python\uff0c\u53ef\u4ee5\u7528 requests \u5e93\u901a\u8fc7 Burp \u4ee3\u7406\u53d1\u9001\u8bf7\u6c42\uff0c\u4ee5\u786e\u8ba4\u4f60\u7684\u4ee3\u7801\u4e5f\u80fd\u88ab\u6293\u5305\u3002\u4e0b\u9762\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u793a\u4f8b\uff1a<\/p>\n\n\n\n
    import requests\n\n# \u8bbe\u7f6e\u4ee3\u7406\uff0c\u6307\u5411 Burp \u7684\u76d1\u542c\u5730\u5740\nproxies = {\n    'http': 'http:\/\/127.0.0.1:8080',\n    'https': 'http:\/\/127.0.0.1:8080'\n}\n\n# \u56e0\u4e3a\u4f7f\u7528\u4e86\u81ea\u7b7e\u540d\u8bc1\u4e66\uff0c\u9700\u8981\u5173\u95ed\u8bc1\u4e66\u9a8c\u8bc1\uff0c\u5426\u5219\u4f1a\u629b\u51fa SSL \u9519\u8bef\nresponse = requests.get('https:\/\/www.baidu.com', proxies=proxies, verify=False)\n\nprint(response.status_code)\nprint(response.text[:200])  # \u6253\u5370\u524d 200 \u4e2a\u5b57\u7b26<\/code><\/pre>\n\n\n\n
      \n
    • proxies<\/code> \u5b57\u5178\u5b9a\u4e49\u4e86 HTTP \u548c HTTPS \u7684\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u90fd\u6307\u5411\u672c\u5730\u7684 8080 \u7aef\u53e3\u3002<\/li>\n\n\n\n
    • verify=False<\/code> \u544a\u8bc9 requests \u4e0d\u8981\u9a8c\u8bc1\u670d\u52a1\u5668\u7684 SSL \u8bc1\u4e66\uff0c\u56e0\u4e3a\u6211\u4eec\u6b63\u5728\u7528\u4e2d\u95f4\u4eba\u8bc1\u4e66\uff0c\u9ed8\u8ba4\u9a8c\u8bc1\u4f1a\u5931\u8d25\u3002\u5728\u5b9e\u9645\u6293\u5305\u5206\u6790\u65f6\uff0c\u8fd9\u4e2a\u9009\u9879\u662f\u5fc5\u8981\u7684\u3002<\/li>\n\n\n\n
    • \u8fd0\u884c\u8fd9\u6bb5\u4ee3\u7801\uff0c\u4f60\u4f1a\u5728 Burp \u7684 HTTP history \u91cc\u770b\u5230\u4e00\u6761\u5bf9 www.baidu.com<\/code> \u7684\u8bf7\u6c42\uff0c\u5e76\u4e14\u53ef\u4ee5\u67e5\u770b\u5230\u5b8c\u6574\u7684\u8bf7\u6c42\u5934\u548c\u54cd\u5e94\u4f53\u3002\u8fd9\u8bc1\u660e\u4e86\u5373\u4f7f\u662f\u4f60\u81ea\u5df1\u5199\u7684\u7a0b\u5e8f\uff0c\u53ea\u8981\u914d\u7f6e\u4e86\u4ee3\u7406\uff0c\u6d41\u91cf\u4e5f\u4f1a\u88ab\u62e6\u622a\u3002<\/li>\n<\/ul>\n\n\n\n
      \u6700\u5bb9\u6613\u8e29\u7684\u5751\u4ee5\u53ca\u6b63\u786e\u505a\u6cd5<\/h3>\n\n\n\n
      \u5751 1\uff1a\u8bc1\u4e66\u672a\u6b63\u786e\u5b89\u88c5\u6216\u5b89\u88c5\u540e\u672a\u91cd\u542f\u5e94\u7528\u3002<\/strong> \u5f88\u591a\u65b0\u624b\u5728 Burp \u91cc\u5bfc\u51fa\u4e86\u8bc1\u4e66\uff0c\u4e5f\u53cc\u51fb\u5b89\u88c5\u4e86\uff0c\u4f46\u6293\u53d6 HTTPS \u65f6\u4ecd\u7136\u770b\u5230\u7684\u662f\u4e71\u7801\u6216\u8fde\u63a5\u5931\u8d25\u3002\u539f\u56e0\u53ef\u80fd\u662f\u5b89\u88c5\u5230\u4e86\u201c\u5f53\u524d\u7528\u6237\u201d\u5b58\u50a8\u800c\u4e0d\u662f\u201c\u672c\u5730\u8ba1\u7b97\u673a\u201d\uff0c\u6216\u8005\u5e94\u7528\uff08\u5c24\u5176\u662f\u5df2\u7ecf\u8fd0\u884c\u7684\u5e94\u7528\uff09\u6ca1\u6709\u91cd\u65b0\u52a0\u8f7d\u7cfb\u7edf\u8bc1\u4e66\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u52a1\u5fc5\u5b89\u88c5\u5230\u201c\u672c\u5730\u8ba1\u7b97\u673a\u201d\u7684\u53d7\u4fe1\u4efb\u6839\u5b58\u50a8\uff0c\u5b89\u88c5\u540e\u91cd\u542f<\/strong>\u4f60\u8981\u6293\u5305\u7684\u5e94\u7528\uff0c\u751a\u81f3\u91cd\u542f\u64cd\u4f5c\u7cfb\u7edf\u786e\u4fdd\u8bc1\u4e66\u7f13\u5b58\u5237\u65b0\u3002\u4e4b\u540e\u53ef\u4ee5\u7528\u6d4f\u89c8\u5668\u518d\u6b21\u9a8c\u8bc1\u3002<\/p>\n\n\n\n
      \u5751 2\uff1a\u5e94\u7528\u4e0d\u8d70\u7cfb\u7edf\u4ee3\u7406\u3002<\/strong> \u8fd9\u662f\u6293 PC \u7aef\u5e94\u7528\u6700\u5e38\u89c1\u7684\u62e6\u8def\u864e\u3002\u6d4f\u89c8\u5668\u4f1a\u81ea\u52a8\u4f7f\u7528\u7cfb\u7edf\u4ee3\u7406\uff0c\u4f46\u5f88\u591a PC \u8f6f\u4ef6\uff08\u7279\u522b\u662f\u6e38\u620f\u3001\u8001\u65e7\u8f6f\u4ef6\uff09\u65e0\u89c6\u7cfb\u7edf\u8bbe\u7f6e\uff0c\u76f4\u63a5\u53d1\u8d77\u8fde\u63a5\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u4f7f\u7528 Proxifier \u8fd9\u7c7b\u5f3a\u5236\u4ee3\u7406\u5de5\u5177\uff0c\u5b83\u53ef\u4ee5\u6355\u83b7\u6307\u5b9a\u8fdb\u7a0b\u7684\u6240\u6709 TCP \u6d41\u91cf\uff08\u65e0\u8bba\u662f\u5426\u652f\u6301\u4ee3\u7406\uff09\uff0c\u5e76\u8f6c\u53d1\u5230\u4f60\u7684\u4ee3\u7406\u7aef\u53e3\u3002Proxifier \u7684\u914d\u7f6e\u5f88\u7b80\u5355\uff1a\u6dfb\u52a0\u4ee3\u7406\u670d\u52a1\u5668\uff08127.0.0.1:8080\uff0c\u534f\u8bae HTTPS\uff09\uff0c\u7136\u540e\u8bbe\u7f6e\u89c4\u5219\u8ba9\u76ee\u6807\u8fdb\u7a0b\u5f3a\u5236\u8d70\u8fd9\u4e2a\u4ee3\u7406\u3002<\/p>\n\n\n\n
      \u5751 3\uff1a\u5e94\u7528\u4f7f\u7528\u4e86\u8bc1\u4e66\u56fa\u5b9a\uff08Certificate Pinning\uff09\u3002<\/strong> \u6709\u4e9b\u5b89\u5168\u6027\u8f83\u9ad8\u7684\u5e94\u7528\u4f1a\u5728\u4ee3\u7801\u91cc\u786c\u7f16\u7801\u670d\u52a1\u5668\u7684\u8bc1\u4e66\u516c\u94a5\u6216\u8bc1\u4e66\uff0c\u5982\u679c\u4e2d\u95f4\u4eba\u6362\u6210\u4e86\u81ea\u5df1\u7684\u8bc1\u4e66\uff0c\u5e94\u7528\u4f1a\u76f4\u63a5\u62d2\u7edd\u8fde\u63a5\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u8fd9\u65f6\u7b80\u5355\u7684\u6293\u5305\u5c31\u4e0d\u591f\u4e86\uff0c\u4f60\u9700\u8981\u5bf9\u5e94\u7528\u8fdb\u884c\u9006\u5411\u5de5\u7a0b\uff0cHook \u6389\u9a8c\u8bc1\u8bc1\u4e66\u7684\u4ee3\u7801\uff0c\u6216\u8005\u4f7f\u7528 Frida\u3001Xposed \u7b49\u6846\u67b6\u7ed5\u8fc7 pinning\u3002\u4e0d\u8fc7\u8fd9\u8d85\u51fa\u4e86\u672c\u6587\u7684\u5165\u95e8\u8303\u56f4\uff0c\u4f60\u53ea\u9700\u8981\u77e5\u9053\u5b58\u5728\u8fd9\u79cd\u53cd\u6293\u5305\u673a\u5236\uff0c\u78b0\u5230\u65f6\u610f\u8bc6\u5230\u4e0d\u662f\u4f60\u7684\u914d\u7f6e\u95ee\u9898\uff0c\u800c\u662f\u9700\u8981\u66f4\u9ad8\u7ea7\u7684\u6280\u672f\u3002<\/p>\n\n\n\n
      \u9a8c\u8bc1\u65b9\u6cd5<\/strong>\uff1a\u9664\u4e86\u7528\u6d4f\u89c8\u5668\u6d4b\u8bd5\uff0c\u4f60\u4e5f\u53ef\u4ee5\u5728\u547d\u4ee4\u884c\u4f7f\u7528 curl<\/code> \u6d4b\u8bd5\u4ee3\u7406\uff1acurl -x http:\/\/127.0.0.1:8080 https:\/\/www.baidu.com -v<\/code>\uff0c\u5982\u679c\u8fd4\u56de\u6b63\u5e38\u9875\u9762\uff0c\u4e14 Burp \u91cc\u6709\u8bb0\u5f55\uff0c\u8bc1\u660e\u4ee3\u7406\u901a\u8def\u6ca1\u95ee\u9898\u3002\u5982\u679c\u5e94\u7528\u65e0\u6cd5\u8054\u7f51\uff0c\u5148\u6682\u65f6\u5173\u95ed\u4ee3\u7406\u770b\u770b\u662f\u4e0d\u662f\u5e94\u7528\u672c\u8eab\u7f51\u7edc\u95ee\u9898\u3002<\/p>\n\n\n\n
      \u4e0b\u4e00\u6b65\u64cd\u4f5c\u5efa\u8bae<\/strong>\uff1a\u5f53\u4f60\u6210\u529f\u6293\u5230\u5305\u4e4b\u540e\uff0c\u5c31\u53ef\u4ee5\u5229\u7528 Burp \u6216 Yakit \u7684\u66f4\u591a\u529f\u80fd\u4e86\u3002\u6bd4\u5982\u7528 Repeater \u6a21\u5757\u4fee\u6539\u8bf7\u6c42\u53c2\u6570\uff0c\u91cd\u653e\u8bf7\u6c42\u6765\u6d4b\u8bd5\u63a5\u53e3\u7684\u5065\u58ee\u6027\uff1b\u7528 Intruder \u8fdb\u884c\u7b80\u5355\u7684\u66b4\u529b\u731c\u89e3\uff1b\u6216\u8005\u628a\u6d41\u91cf\u4fdd\u5b58\u4e0b\u6765\uff0c\u4f5c\u4e3a API \u6587\u6863\u7684\u53c2\u8003\u3002\u4f60\u4e5f\u53ef\u4ee5\u5728 Yakit \u91cc\u4f7f\u7528\u201cWeb Fuzzer\u201d\u6765\u5bf9\u6293\u5230\u7684\u8bf7\u6c42\u8fdb\u884c\u53d8\u5f02\u548c\u6d4b\u8bd5\u3002\u8fd9\u4e9b\u662f\u540e\u7eed\u5b89\u5168\u6d4b\u8bd5\u7684\u57fa\u7840\u3002<\/p>\n\n\n\n
      \u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u5fc5\u987b\u7528\u6293\u5305\uff1f\u4ec0\u4e48\u65f6\u5019\u66ff\u4ee3\u65b9\u6848\u591f\u7528\uff1f<\/h3>\n\n\n\n
      \u5fc5\u987b\u7528\u6293\u5305\u7684\u573a\u666f<\/strong>\uff1a\u5f53\u4f60\u9700\u8981\u5206\u6790\u4e00\u4e2a\u4f60\u6ca1\u6709\u6e90\u4ee3\u7801\u7684 PC \u5e94\u7528\u3001\u9700\u8981\u8c03\u8bd5\u7b2c\u4e09\u65b9\u670d\u52a1\u7684 API\u3001\u6000\u7591\u8f6f\u4ef6\u5b58\u5728\u6076\u610f\u884c\u4e3a\u3001\u6216\u8005\u8fdb\u884c\u5b89\u5168\u5ba1\u8ba1\u65f6\uff0c\u6293\u5305\u662f\u552f\u4e00\u80fd\u76f4\u63a5\u770b\u5230\u660e\u6587\u901a\u4fe1\u5185\u5bb9\u7684\u65b9\u6cd5\u3002\u5b83\u4e5f\u662f\u5b66\u4e60\u4ed6\u4eba\u4f18\u79c0 API \u8bbe\u8ba1\u7684\u6700\u4f73\u9014\u5f84\u3002<\/p>\n\n\n\n
      \u66ff\u4ee3\u65b9\u6848\u4f55\u65f6\u591f\u7528<\/strong>\uff1a\u5982\u679c\u4f60\u53ea\u9700\u8981\u8c03\u8bd5\u81ea\u5df1\u5f00\u53d1\u7684\u5e94\u7528\uff0c\u90a3\u4e48\u6d4f\u89c8\u5668\u5f00\u53d1\u8005\u5de5\u5177\u3001Android Studio \u7684 Network Profiler \u6216\u8005 iOS \u7684 Charles \u96c6\u6210\u5f80\u5f80\u66f4\u65b9\u4fbf\uff0c\u56e0\u4e3a\u4e0d\u9700\u8981\u64cd\u5fc3\u8bc1\u4e66\u548c\u4ee3\u7406\u3002\u5982\u679c\u4f60\u53ea\u662f\u60f3\u76d1\u63a7\u672c\u673a\u7f51\u7edc\u6d41\u91cf\u800c\u4e0d\u5173\u5fc3 HTTPS \u5185\u5bb9\uff0cWireshark \u53ef\u4ee5\u6355\u83b7\u6240\u6709\u6570\u636e\u5305\uff0c\u4f46\u65e0\u6cd5\u76f4\u63a5\u770b\u5230\u52a0\u5bc6\u540e\u7684\u660e\u6587\u3002\u5982\u679c\u4f60\u53ea\u9700\u8981\u77e5\u9053\u67d0\u4e2a\u8bf7\u6c42\u662f\u5426\u53d1\u51fa\uff0c\u7cfb\u7edf\u81ea\u5e26\u7684\u4efb\u52a1\u7ba1\u7406\u5668\u6216\u8d44\u6e90\u76d1\u89c6\u5668\u4e5f\u80fd\u770b\u7f51\u7edc\u8fde\u63a5\uff0c\u4f46\u770b\u4e0d\u5230\u5177\u4f53\u5185\u5bb9\u3002<\/p>\n\n\n\n
      \u603b\u7684\u6765\u8bf4\uff0c\u6293\u5305\u6280\u672f\u662f\u79fb\u52a8\u548c PC \u53cc\u7aef\u5b89\u5168\u5206\u6790\u7684\u57fa\u77f3\uff0c\u638c\u63e1\u4e86\u5b83\uff0c\u4f60\u5c31\u62e5\u6709\u4e86\u201c\u770b\u89c1\u201d\u4efb\u4f55\u5e94\u7528\u7f51\u7edc\u884c\u4e3a\u7684\u80fd\u529b\uff0c\u8fd9\u662f\u4ece\u201c\u5e94\u7528\u5f00\u53d1\u8005\u201d\u8fc8\u5411\u201c\u5b89\u5168\u7814\u7a76\u8005\u201d\u7684\u91cd\u8981\u4e00\u6b65\u3002\u5e0c\u671b\u8fd9\u7bc7\u6559\u7a0b\u80fd\u5e2e\u4f60\u987a\u5229\u5f00\u542f\u6293\u5305\u4e4b\u65c5\u3002<\/p>\n\n\n\n
      \u6293\u5305\u6280\u672f-WX\u5c0f\u7a0b\u5e8f-http\/s-Burp&Yakit<\/h2>\n\n\n\n
      \u5f53\u4f60\u638c\u63e1\u4e86 PC \u7aef\u5e94\u7528\u7684\u6293\u5305\u4e4b\u540e\uff0c\u81ea\u7136\u4f1a\u60f3\u628a\u624b\u4f38\u5411\u66f4\u5c01\u95ed\u3001\u66f4\u8f7b\u91cf\u7684\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u3002\u5c0f\u7a0b\u5e8f\u8fd0\u884c\u5728\u5fae\u4fe1\u7684\u6c99\u76d2\u73af\u5883\u91cc\uff0c\u4f60\u6ca1\u529e\u6cd5\u50cf\u63a7\u5236\u666e\u901a\u5e94\u7528\u90a3\u6837\u76f4\u63a5\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\u8ba9\u5b83\u4e56\u4e56\u628a\u6d41\u91cf\u9001\u8fc7\u6765\uff0c\u800c\u4e14\u5fae\u4fe1\u672c\u8eab\u5bf9\u7f51\u7edc\u8bf7\u6c42\u505a\u4e86\u5f88\u591a\u5c01\u88c5\uff0c\u4f20\u7edf\u7684\u5168\u5c40\u4ee3\u7406\u65b9\u5f0f\u8981\u4e48\u5931\u6548\uff0c\u8981\u4e48\u4f1a\u5e72\u6270\u5fae\u4fe1\u7684\u6b63\u5e38\u4f7f\u7528\u3002\u4f46\u5c0f\u7a0b\u5e8f\u7684\u63a5\u53e3\u5f80\u5f80\u627f\u8f7d\u7740\u6838\u5fc3\u4e1a\u52a1\u6570\u636e\u2014\u2014\u7535\u5546\u7684\u4e0b\u5355\u63a5\u53e3\u3001\u5de5\u5177\u7c7b\u7684\u67e5\u8be2\u63a5\u53e3\u3001\u6e38\u620f\u7684\u6392\u884c\u699c\u63a5\u53e3\uff0c\u5b66\u4f1a\u6293\u5c0f\u7a0b\u5e8f\u7684\u5305\uff0c\u610f\u5473\u7740\u4f60\u80fd\u770b\u900f\u8fd9\u4e9b\u9690\u85cf\u5728\u804a\u5929\u9762\u677f\u80cc\u540e\u7684\u79d8\u5bc6\u3002<\/p>\n\n\n\n
      \u5c0f\u7a0b\u5e8f\u6293\u5305\u7684\u672c\u8d28\u96be\u9898\u4e0e\u89e3\u51b3\u65b9\u6848<\/h3>\n\n\n\n
      \u5c0f\u7a0b\u5e8f\u6293\u5305\u548c PC \u5e94\u7528\u6293\u5305\u5728\u5e95\u5c42\u539f\u7406\u4e0a\u5b8c\u5168\u4e00\u81f4\uff1a\u90fd\u662f\u901a\u8fc7\u4e2d\u95f4\u4eba\u6280\u672f\u89e3\u5bc6 HTTPS\uff0c\u901a\u8fc7\u4ee3\u7406\u8f6c\u53d1\u6d41\u91cf\u3002\u4f46\u5c0f\u7a0b\u5e8f\u591a\u4e86\u4e00\u5c42\u5fae\u4fe1\u5916\u58f3\uff0c\u5b83\u4e0d\u50cf\u666e\u901a\u5e94\u7528\u90a3\u6837\u4f1a\u8bfb\u53d6\u64cd\u4f5c\u7cfb\u7edf\u7684\u4ee3\u7406\u8bbe\u7f6e\u3002\u5982\u679c\u4f60\u76f4\u63a5\u628a\u7cfb\u7edf\u4ee3\u7406\u6307\u5411 Burp\uff0c\u5fae\u4fe1\u4e3b\u7a0b\u5e8f\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u8fde\u63a5\u4ee3\u7406\uff0c\u4f46\u5c0f\u7a0b\u5e8f\u8fdb\u7a0b\u6839\u672c\u4e0d\u7406\u8fd9\u4e00\u5957\uff0c\u5bfc\u81f4\u4f60\u4ec0\u4e48\u90fd\u6293\u4e0d\u5230\u3002\u89e3\u51b3\u601d\u8def\u4e0d\u662f\u8ba9\u5c0f\u7a0b\u5e8f\u201c\u4e3b\u52a8\u201d\u8d70\u4ee3\u7406\uff0c\u800c\u662f\u201c\u5f3a\u5236\u201d\u5b83\u8d70\u4ee3\u7406\u2014\u2014\u8fd9\u5c31\u9700\u8981\u7528\u5230\u4e00\u4e2a\u53eb Proxifier \u7684\u5de5\u5177\u3002Proxifier \u5de5\u4f5c\u5728\u7cfb\u7edf\u5e95\u5c42\uff0c\u5b83\u53ef\u4ee5\u6355\u83b7\u6307\u5b9a\u8fdb\u7a0b\u7684\u6240\u6709\u7f51\u7edc\u8fde\u63a5\uff0c\u4e0d\u7ba1\u8fd9\u4e2a\u8fdb\u7a0b\u662f\u5426\u652f\u6301\u4ee3\u7406\uff0c\u90fd\u53ef\u4ee5\u628a\u6d41\u91cf\u91cd\u5b9a\u5411\u5230\u4f60\u8bbe\u5b9a\u7684 HTTP\/HTTPS \u4ee3\u7406\u670d\u52a1\u5668\u4e0a\u3002\u6240\u4ee5\u5c0f\u7a0b\u5e8f\u6293\u5305\u7684\u7ecf\u5178\u7ec4\u5408\u662f\uff1aBurp\/Yakit \u505a\u4ee3\u7406\u548c\u4e2d\u95f4\u4eba\u89e3\u5bc6 + Proxifier \u505a\u6d41\u91cf\u5f3a\u5236\u8f6c\u53d1\u3002<\/p>\n\n\n\n
      Mermaid \u56fe\u8868\uff1a\u5c0f\u7a0b\u5e8f\u6293\u5305\u6574\u4f53\u67b6\u6784<\/p>\n\n\n\n
      \"\"<\/div><\/figure>\n\n\n\n
      \u8fd9\u5f20\u56fe\u5c55\u793a\u4e86\u4e09\u4e2a\u6838\u5fc3\u7ec4\u4ef6\u7684\u534f\u4f5c\u5173\u7cfb\u3002\u5de6\u4fa7\u7684\u201c\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u8fdb\u7a0b\u201d\u662f\u4f60\u60f3\u76d1\u63a7\u7684\u76ee\u6807\uff0c\u5b83\u5c1d\u8bd5\u8fde\u63a5\u7f51\u7edc\u65f6\uff0cProxifier \u4f1a\u62e6\u622a\u8fd9\u4e2a\u52a8\u4f5c\uff08\u7bad\u59341\uff09\uff0c\u5e76\u6839\u636e\u4f60\u8bbe\u5b9a\u7684\u89c4\u5219\uff08\u6bd4\u5982\u8fdb\u7a0b\u540d\u5339\u914d\uff09\u628a\u6d41\u91cf\u8f6c\u7ed9 Burp \u6216 Yakit\uff08\u7bad\u59342\uff09\u3002\u4e2d\u95f4\u7684\u6293\u5305\u5de5\u5177\u65e2\u505a\u4ee3\u7406\u53c8\u505a\u4e2d\u95f4\u4eba\u89e3\u5bc6\uff0c\u4f60\u53ef\u4ee5\u5728\u8fd9\u91cc\u770b\u5230\u660e\u6587\u7684\u8bf7\u6c42\u548c\u54cd\u5e94\uff08\u7bad\u59343\u548c6\uff09\u3002\u6700\u540e\u6293\u5305\u5de5\u5177\u628a\u8bf7\u6c42\u53d1\u5f80\u771f\u5b9e\u7684\u670d\u52a1\u5668\uff08\u7bad\u59344\uff09\uff0c\u5e76\u628a\u670d\u52a1\u5668\u7684\u54cd\u5e94\u6cbf\u539f\u8def\u8fd4\u56de\uff08\u7bad\u59347\u548c8\uff09\u3002\u6574\u4e2a\u94fe\u6761\u4e2d\uff0c\u5c0f\u7a0b\u5e8f\u8fdb\u7a0b\u5e76\u4e0d\u77e5\u9053\u81ea\u5df1\u88ab\u201c\u62d0\u201d\u5230\u4e86\u4ee3\u7406\u4e0a\uff0c\u5b83\u4ee5\u4e3a\u81ea\u5df1\u5728\u548c\u5fae\u4fe1\u670d\u52a1\u5668\u76f4\u63a5\u901a\u4fe1\u3002<\/p>\n\n\n\n
      \u6838\u5fc3\u5de5\u5177\u94fe\uff1aProxifier + Burp\/Yakit \u7684\u914d\u7f6e\u5b9e\u6218<\/h3>\n\n\n\n
      \u5148\u8bf4 Proxifier \u7684\u914d\u7f6e\u3002\u6253\u5f00 Proxifier\uff0c\u7b2c\u4e00\u6b65\u662f\u8bbe\u7f6e\u4ee3\u7406\u670d\u52a1\u5668\u3002\u70b9\u51fb\u201c\u914d\u7f6e\u6587\u4ef6\u201d->\u201c\u4ee3\u7406\u670d\u52a1\u5668\u201d\uff0c\u6dfb\u52a0\u4e00\u4e2a\u65b0\u7684\u4ee3\u7406\uff0c\u5730\u5740\u586b 127.0.0.1\uff0c\u7aef\u53e3\u586b\u4f60 Burp \u6216 Yakit \u7684\u76d1\u542c\u7aef\u53e3\uff08\u6bd4\u5982 Burp \u9ed8\u8ba4 8080\uff0cYakit \u9ed8\u8ba4 8083\uff09\uff0c\u534f\u8bae\u9009\u62e9 HTTPS\u3002\u4e3a\u4ec0\u4e48\u8981\u9009 HTTPS\uff1f\u56e0\u4e3a Burp \u548c Yakit \u7684\u4ee3\u7406\u867d\u7136\u63a5\u6536\u7684\u662f HTTP \u6d41\u91cf\uff0c\u4f46\u5b83\u4eec\u80fd\u5904\u7406 CONNECT \u65b9\u6cd5\u5efa\u7acb\u7684 HTTPS \u96a7\u9053\uff0c\u9009 HTTPS \u534f\u8bae\u662f\u4e3a\u4e86\u8ba9 Proxifier \u77e5\u9053\u8fd9\u662f\u4e00\u4e2a\u652f\u6301 CONNECT \u7684\u4ee3\u7406\u3002\u7b2c\u4e8c\u6b65\u662f\u6700\u5173\u952e\u7684\uff1a\u8bbe\u7f6e\u4ee3\u7406\u89c4\u5219\u3002\u70b9\u51fb\u201c\u914d\u7f6e\u6587\u4ef6\u201d->\u201c\u4ee3\u7406\u89c4\u5219\u201d\uff0c\u6dfb\u52a0\u4e00\u6761\u65b0\u89c4\u5219\u3002\u540d\u79f0\u968f\u4fbf\u586b\uff0c\u6bd4\u5982\u201cWeChatApp\u201d\u3002\u5728\u201c\u5e94\u7528\u7a0b\u5e8f\u201d\u4e00\u680f\uff0c\u4f60\u9700\u8981\u6307\u5b9a\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u7684\u8fdb\u7a0b\u540d\u3002Windows \u4e0b\u901a\u5e38\u662f WeChatAppEx.exe<\/code>\uff0c\u4f60\u53ef\u4ee5\u6253\u5f00\u4efb\u52a1\u7ba1\u7406\u5668\uff0c\u5c55\u5f00\u5fae\u4fe1\u7684\u8fdb\u7a0b\u6811\uff0c\u627e\u5230\u8fd0\u884c\u4e2d\u7684\u5c0f\u7a0b\u5e8f\u5bf9\u5e94\u7684\u8fdb\u7a0b\u540d\u786e\u8ba4\u3002Mac \u4e0b\u7684\u8def\u5f84\u6bd4\u8f83\u590d\u6742\uff0c\u901a\u5e38\u662f\u4e00\u4e2a\u540d\u4e3a WeChatAppEx Helper<\/code> \u6216 Mini Program.app<\/code> \u7684\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u4f4d\u7f6e\u53ef\u80fd\u5728 \/Applications\/WeChat.app\/Contents\/MacOS\/WeChatAppEx.app\/Contents\/Frameworks\/...<\/code> \u4e0b\uff0c\u9700\u8981\u4f60\u5230\u5bf9\u5e94\u76ee\u5f55\u4e0b\u627e\u5230\u5b83\u3002\u5728\u89c4\u5219\u7684\u52a8\u4f5c\u4e2d\uff0c\u9009\u62e9\u521a\u624d\u6dfb\u52a0\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u7136\u540e\u70b9\u51fb\u786e\u5b9a\u3002\u914d\u7f6e\u5b8c\u6210\u540e\uff0cProxifier \u7684\u4e3b\u754c\u9762\u4f1a\u663e\u793a\u8fde\u63a5\u65e5\u5fd7\uff0c\u5982\u679c\u770b\u5230\u6709\u6765\u81ea WeChatAppEx.exe<\/code> \u7684\u8fde\u63a5\u88ab\u8f6c\u53d1\u5230\u4e86 127.0.0.1:8080\uff0c\u5c31\u8bf4\u660e\u5f3a\u5236\u4ee3\u7406\u751f\u6548\u4e86\u3002<\/p>\n\n\n\n
      \u63a5\u4e0b\u6765\u662f Burp \u6216 Yakit \u7684\u914d\u7f6e\uff0c\u8fd9\u90e8\u5206\u548c\u4f60\u4e4b\u524d\u6293 PC \u5e94\u7528\u65f6\u4e00\u6a21\u4e00\u6837\u3002\u6253\u5f00 Burp\uff0c\u786e\u4fdd Proxy \u4e0b\u7684 Listeners \u4e2d\u6709\u4e00\u4e2a\u7ed1\u5b9a\u5230 127.0.0.1:8080 \u7684\u6b63\u5728\u8fd0\u884c\u7684\u76d1\u542c\u5668\u3002Yakit \u5219\u662f\u5728\u201cMITM \u52ab\u6301\u201d\u9875\u9762\uff0c\u70b9\u51fb\u201c\u542f\u52a8\u201d\uff0c\u9ed8\u8ba4\u76d1\u542c 127.0.0.1:8083\u3002\u8bc1\u4e66\u7684\u5b89\u88c5\u4e5f\u662f\u540c\u7406\uff0c\u4f60\u9700\u8981\u628a Burp \u6216 Yakit \u7684 CA \u8bc1\u4e66\u4e0b\u8f7d\u4e0b\u6765\uff0c\u5b89\u88c5\u5230\u64cd\u4f5c\u7cfb\u7edf\u7684\u201c\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u201d\u91cc\uff0c\u5426\u5219 HTTPS \u6d41\u91cf\u4f1a\u89e3\u5bc6\u5931\u8d25\u3002\u8fd9\u4e00\u6b65\u505a\u5b8c\u4e4b\u540e\uff0c\u53ef\u4ee5\u7528\u6d4f\u89c8\u5668\u8bbf\u95ee https:\/\/www.baidu.com \u6d4b\u8bd5\u4e00\u4e0b\uff0c\u5982\u679c\u80fd\u6293\u5230\u5305\u4e14\u770b\u5230\u660e\u6587\uff0c\u8bf4\u660e\u8bc1\u4e66\u548c\u4ee3\u7406\u90fd\u6b63\u5e38\u3002<\/p>\n\n\n\n
      Mermaid \u56fe\u8868\uff1aProxifier \u89c4\u5219\u914d\u7f6e\u6d41\u7a0b<\/p>\n\n\n\n
      \"\"<\/div><\/figure>\n\n\n\n
      \u8fd9\u5f20\u56fe\u6d53\u7f29\u4e86\u914d\u7f6e Proxifier \u7684\u6838\u5fc3\u6b65\u9aa4\u3002\u5148\u4ece\u5b9a\u4f4d\u5c0f\u7a0b\u5e8f\u8fdb\u7a0b\u540d\u5f00\u59cb\uff0c\u7136\u540e\u914d\u7f6e\u4ee3\u7406\u670d\u52a1\u5668\u548c\u89c4\u5219\uff0c\u6700\u540e\u901a\u8fc7\u65e5\u5fd7\u9a8c\u8bc1\u3002\u5982\u679c\u65e5\u5fd7\u91cc\u6ca1\u6709\u663e\u793a\u8f6c\u53d1\uff0c\u6700\u5e38\u89c1\u7684\u539f\u56e0\u662f\u8fdb\u7a0b\u540d\u5199\u9519\u4e86\uff0c\u6bd4\u5982\u4f60\u5199\u7684\u662f WeChat.exe<\/code> \u4f46\u5c0f\u7a0b\u5e8f\u5b9e\u9645\u8fd0\u884c\u5728 WeChatAppEx.exe<\/code> \u4e0b\uff0c\u90a3\u5c31\u65e0\u6cd5\u5339\u914d\u3002\u53e6\u5916\u6ce8\u610f\uff0c\u6709\u4e9b\u5c0f\u7a0b\u5e8f\u53ef\u80fd\u4f1a\u6709\u591a\u4e2a\u8f85\u52a9\u8fdb\u7a0b\uff0c\u4f60\u9700\u8981\u628a\u76f8\u5173\u7684\u90fd\u52a0\u8fdb\u89c4\u5219\uff0c\u6216\u8005\u5e72\u8106\u89c4\u5219\u91cc\u53ea\u5199\u8fdb\u7a0b\u540d\uff0c\u8ba9 Proxifier \u6309\u540d\u79f0\u5339\u914d\u3002<\/p>\n\n\n\n
      \u9ad8\u9636\u573a\u666f\uff1a\u5728\u6a21\u62df\u5668\u4e2d\u6293\u5c0f\u7a0b\u5e8f\u5305<\/h3>\n\n\n\n
      \u9664\u4e86 PC \u7aef\uff0c\u4f60\u6709\u65f6\u5019\u53ef\u80fd\u9700\u8981\u5728\u5b89\u5353\u6a21\u62df\u5668\u91cc\u5206\u6790\u5c0f\u7a0b\u5e8f\uff0c\u56e0\u4e3a\u79fb\u52a8\u7aef\u7684\u5c0f\u7a0b\u5e8f\u529f\u80fd\u66f4\u5168\uff0c\u800c\u4e14\u53ef\u4ee5\u7ed5\u8fc7 PC \u5fae\u4fe1\u7684\u4e00\u4e9b\u9650\u5236\u3002\u5728\u6a21\u62df\u5668\u4e2d\u6293\u5305\uff0c\u601d\u8def\u53c8\u4e0d\u4e00\u6837\u4e86\uff1a\u4f60\u9700\u8981\u8ba9\u6a21\u62df\u5668\u901a\u8fc7\u4ee3\u7406\u8fde\u63a5\u5230 PC \u4e0a\u7684 Burp\/Yakit\u3002\u4f46\u5b89\u5353\u4ece 7.0 \u5f00\u59cb\uff0c\u9ed8\u8ba4\u4e0d\u518d\u4fe1\u4efb\u7528\u6237\u5b89\u88c5\u7684\u8bc1\u4e66\uff0c\u6240\u4ee5\u4f60\u5b89\u88c5\u7684\u7528\u6237\u8bc1\u4e66\u5bf9\u5c0f\u7a0b\u5e8f\u65e0\u6548\uff0c\u5fc5\u987b\u628a\u6293\u5305\u5de5\u5177\u7684\u8bc1\u4e66\u5b89\u88c5\u5230\u7cfb\u7edf\u8bc1\u4e66\u76ee\u5f55\u3002\u8fd9\u9700\u8981\u6a21\u62df\u5668\u6709 root \u6743\u9650\u3002<\/p>\n\n\n\n
      \u4ee5\u96f7\u7535\u6216\u591c\u795e\u6a21\u62df\u5668\u4e3a\u4f8b\uff0c\u9996\u5148\u5728 Yakit \u91cc\u4e0b\u8f7d\u8bc1\u4e66\uff08\u683c\u5f0f\u9009 .crt.pem\uff09\uff0c\u7136\u540e\u7528 OpenSSL \u8ba1\u7b97\u8bc1\u4e66\u7684 hash \u503c\uff1aopenssl x509 -inform PEM -subject_hash_old -in \u4f60\u7684\u8bc1\u4e66.crt.pem<\/code>\uff0c\u4f60\u4f1a\u5f97\u5230\u4e00\u4e32 hash\uff0c\u6bd4\u5982 38555061<\/code>\u3002\u628a\u8bc1\u4e66\u91cd\u547d\u540d\u4e3a 38555061.0<\/code>\u3002\u63a5\u7740\u7528 adb \u8fde\u63a5\u6a21\u62df\u5668\uff0c\u5148\u4ee5\u8bfb\u5199\u65b9\u5f0f\u6302\u8f7d\u7cfb\u7edf\u5206\u533a\uff1aadb shell mount -o remount,rw \/system<\/code>\uff0c\u7136\u540e\u628a\u91cd\u547d\u540d\u540e\u7684\u8bc1\u4e66\u6587\u4ef6 push \u5230 \/system\/etc\/security\/cacerts\/<\/code> \u76ee\u5f55\u4e0b\uff0c\u5e76\u4fee\u6539\u6743\u9650\u4e3a 644\uff1achmod 644 \/system\/etc\/security\/cacerts\/38555061.0<\/code>\u3002\u6700\u540e\u91cd\u542f\u6a21\u62df\u5668\u3002\u6b64\u65f6\u4f60\u518d\u6253\u5f00\u6a21\u62df\u5668\u91cc\u7684\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\uff0cYakit \u91cc\u5c31\u80fd\u770b\u5230\u89e3\u5bc6\u540e\u7684 HTTPS \u6d41\u91cf\u4e86\u3002\u8fd9\u4e2a\u65b9\u6cd5\u7684\u539f\u7406\u662f\u628a Yakit \u7684\u8bc1\u4e66\u4f2a\u88c5\u6210\u7cfb\u7edf\u9884\u88c5\u8bc1\u4e66\uff0c\u7ed5\u8fc7\u5b89\u5353\u7684\u8bc1\u4e66\u4fe1\u4efb\u673a\u5236\u3002<\/p>\n\n\n\n
      \u5de5\u5177\u94fe\u7684\u6269\u5c55\uff1aBurp \u4e0e Yakit \u7684\u8054\u52a8<\/h3>\n\n\n\n
      \u5f53\u4f60\u719f\u6089\u4e86 Burp \u548c Yakit \u5404\u81ea\u7684\u64cd\u4f5c\u540e\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u628a\u5b83\u4eec\u4e32\u8054\u8d77\u6765\uff0c\u53d1\u6325\u5404\u81ea\u7684\u4f18\u52bf\u3002Burp \u7684\u5f3a\u9879\u662f\u624b\u52a8\u6d4b\u8bd5\u3001\u8bf7\u6c42\u91cd\u653e\u3001\u63d2\u4ef6\u751f\u6001\uff0cYakit \u7684\u5f3a\u9879\u662f\u81ea\u52a8\u5316\u6f0f\u6d1e\u626b\u63cf\u3001\u6d41\u91cf\u5206\u6790\u3001\u5185\u7f6e\u7684\u5404\u7c7b\u5b89\u5168\u63d2\u4ef6\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u201c\u4e0b\u6e38\u4ee3\u7406\u201d\u7684\u65b9\u5f0f\u8ba9\u5b83\u4eec\u534f\u540c\u5de5\u4f5c\u3002\u4f8b\u5982\uff0c\u8ba9 Proxifier \u628a\u6d41\u91cf\u8f6c\u53d1\u7ed9 Burp\uff088080 \u7aef\u53e3\uff09\uff0c\u7136\u540e\u5728 Burp \u7684\u914d\u7f6e\u91cc\u8bbe\u7f6e\u4e0a\u6e38\u4ee3\u7406\u6307\u5411 Yakit\uff08\u6bd4\u5982 Yakit \u76d1\u542c 8083 \u7aef\u53e3\uff09\u3002\u8fd9\u6837\u6d41\u91cf\u8def\u5f84\u5c31\u53d8\u6210\u4e86\uff1a\u5c0f\u7a0b\u5e8f -> Proxifier -> Burp -> Yakit -> \u771f\u5b9e\u670d\u52a1\u5668\u3002\u8fd4\u56de\u7684\u54cd\u5e94\u4e5f\u4f1a\u539f\u8def\u8fd4\u56de\u3002Burp \u548c Yakit \u90fd\u80fd\u770b\u5230\u6d41\u91cf\uff0c\u4f60\u53ef\u4ee5\u5728 Burp \u91cc\u624b\u52a8\u5206\u6790\u548c\u91cd\u653e\uff0c\u540c\u65f6 Yakit \u5728\u540e\u53f0\u81ea\u52a8\u8fdb\u884c\u6f0f\u6d1e\u626b\u63cf\uff0c\u4e92\u4e0d\u5e72\u6270\u3002\u914d\u7f6e Burp \u7684\u4e0a\u6e38\u4ee3\u7406\u5728 \u201cUser options\u201d -> \u201cConnections\u201d -> \u201cUpstream Proxy Servers\u201d \u91cc\uff0c\u6dfb\u52a0\u4e00\u6761\u89c4\u5219\uff0c\u76ee\u6807\u4e3b\u673a\u586b *<\/code>\uff0c\u4ee3\u7406\u4e3b\u673a\u586b 127.0.0.1<\/code>\uff0c\u7aef\u53e3\u586b 8083\u3002<\/p>\n\n\n\n
      Mermaid \u56fe\u8868\uff1aBurp \u4e0e Yakit \u8054\u52a8\u67b6\u6784<\/p>\n\n\n\n
      \"\"<\/div><\/figure>\n\n\n\n
      \u8fd9\u5f20\u56fe\u6e05\u6670\u5730\u5c55\u793a\u4e86\u8054\u52a8\u65f6\u7684\u6570\u636e\u6d41\u5411\u3002Burp \u5728\u8fd9\u91cc\u65e2\u5145\u5f53\u4e86 Proxifier \u7684\u76ee\u6807\u4ee3\u7406\uff0c\u53c8\u628a\u81ea\u5df1\u53d8\u6210\u4e86 Yakit \u7684\u5ba2\u6237\u7aef\u3002\u5bf9\u4e8e Proxifier \u6765\u8bf4\uff0c\u5b83\u53ea\u8ba4\u8bc6 Burp\uff1b\u5bf9\u4e8e Yakit \u6765\u8bf4\uff0c\u5b83\u770b\u5230\u7684\u6240\u6709\u8bf7\u6c42\u90fd\u6765\u81ea Burp\u3002\u8fd9\u79cd\u4e32\u8054\u65b9\u5f0f\u4e0d\u4f1a\u4e22\u5931\u4efb\u4f55\u6570\u636e\uff0c\u800c\u4e14\u4e24\u4e2a\u5de5\u5177\u90fd\u80fd\u72ec\u7acb\u5de5\u4f5c\uff0c\u5927\u5927\u63d0\u5347\u4e86\u6d4b\u8bd5\u6548\u7387\u3002<\/p>\n\n\n\n
      \u6700\u5bb9\u6613\u8e29\u7684\u5751\u548c\u9a8c\u8bc1\u65b9\u6cd5<\/h3>\n\n\n\n
      \u5c0f\u7a0b\u5e8f\u6293\u5305\u6700\u5927\u7684\u5751\u662f\u6d41\u91cf\u6839\u672c\u6ca1\u6709\u8fdb\u5165 Proxifier\u3002\u5f88\u591a\u4eba\u914d\u7f6e\u5b8c\u89c4\u5219\u540e\u53d1\u73b0 Burp \u91cc\u7a7a\u7a7a\u5982\u4e5f\uff0c\u5c31\u5f00\u59cb\u6000\u7591\u8bc1\u4e66\u95ee\u9898\u3002\u5176\u5b9e\u9996\u5148\u8981\u68c0\u67e5 Proxifier \u7684\u65e5\u5fd7\u7a97\u53e3\uff0c\u770b\u6709\u6ca1\u6709 WeChatAppEx.exe<\/code> \u7684\u8fde\u63a5\u8bb0\u5f55\u3002\u5982\u679c\u65e5\u5fd7\u4e00\u7247\u7a7a\u767d\uff0c\u8bf4\u660e\u89c4\u5219\u91cc\u7684\u8fdb\u7a0b\u540d\u6ca1\u5bf9\u4e0a\uff0c\u6216\u8005\u5c0f\u7a0b\u5e8f\u6839\u672c\u6ca1\u542f\u52a8\u3002\u6b63\u786e\u7684\u505a\u6cd5\u662f\uff1a\u5148\u6253\u5f00\u4efb\u52a1\u7ba1\u7406\u5668\uff0c\u627e\u5230\u5c0f\u7a0b\u5e8f\u8fdb\u7a0b\uff0c\u8bb0\u4e0b\u5168\u540d\uff0c\u7136\u540e\u5728 Proxifier \u89c4\u5219\u91cc\u7cbe\u786e\u586b\u5199\u3002\u5982\u679c\u8fdb\u7a0b\u540d\u540e\u9762\u6709\u8def\u5f84\uff0c\u4f60\u4e5f\u53ef\u4ee5\u76f4\u63a5\u586b *WeChatAppEx*<\/code> \u7528\u901a\u914d\u7b26\u5339\u914d\u3002<\/p>\n\n\n\n
      \u53e6\u4e00\u4e2a\u5e38\u89c1\u5751\u662f\u8bc1\u4e66\u5b89\u88c5\u540e\u4ecd\u7136\u65e0\u6cd5\u89e3\u5bc6\uff0c\u8868\u73b0\u4e3a\u5c0f\u7a0b\u5e8f\u52a0\u8f7d\u5931\u8d25\u6216\u767d\u5c4f\u3002\u8fd9\u662f\u56e0\u4e3a\u67d0\u4e9b\u5c0f\u7a0b\u5e8f\u53ef\u80fd\u4f7f\u7528\u4e86\u8bc1\u4e66\u56fa\u5b9a\uff08Certificate Pinning\uff09\u6280\u672f\uff0c\u6216\u8005\u7cfb\u7edf\u65f6\u95f4\u4e0d\u5bf9\u5bfc\u81f4\u8bc1\u4e66\u9a8c\u8bc1\u5931\u8d25\u3002\u6392\u67e5\u65b9\u6cd5\u662f\u5148\u7528\u6d4f\u89c8\u5668\u6d4b\u8bd5\u6293\u5305\u5de5\u5177\u80fd\u5426\u6b63\u5e38\u5de5\u4f5c\uff0c\u5982\u679c\u6d4f\u89c8\u5668\u53ef\u4ee5\u800c\u5c0f\u7a0b\u5e8f\u4e0d\u884c\uff0c\u90a3\u5f88\u53ef\u80fd\u5c31\u662f\u8bc1\u4e66\u56fa\u5b9a\u7684\u95ee\u9898\uff0c\u9700\u8981\u914d\u5408 Xposed \u6216 Frida \u8fdb\u884c\u7ed5\u8fc7\uff0c\u8fd9\u5c5e\u4e8e\u8fdb\u9636\u5185\u5bb9\u3002\u5982\u679c\u6d4f\u89c8\u5668\u4e5f\u4e0d\u884c\uff0c\u8bf7\u68c0\u67e5\u8bc1\u4e66\u662f\u5426\u771f\u7684\u5b89\u88c5\u5230\u4e86\u201c\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u201d\uff0c\u4ee5\u53ca\u6293\u5305\u5de5\u5177\u662f\u5426\u5f00\u542f\u4e86\u62e6\u622a\u6a21\u5f0f\u5bfc\u81f4\u8bf7\u6c42\u6302\u8d77\u3002<\/p>\n\n\n\n
      \u9a8c\u8bc1\u662f\u5426\u6210\u529f\u6293\u5230\u5305\u7684\u6700\u7b80\u5355\u65b9\u6cd5\u662f\u5728\u5c0f\u7a0b\u5e8f\u91cc\u6267\u884c\u4e00\u4e2a\u641c\u7d22\u64cd\u4f5c\uff0c\u7136\u540e\u5728 Burp \u7684 HTTP history \u91cc\u8fc7\u6ee4 servicewechat.com<\/code> \u6216\u8005\u5c0f\u7a0b\u5e8f\u7684\u4e1a\u52a1\u57df\u540d\uff08\u6bd4\u5982 api.shop.com<\/code>\uff09\uff0c\u770b\u662f\u5426\u6709\u5bf9\u5e94\u7684 POST \u6216 GET \u8bf7\u6c42\u51fa\u73b0\u3002\u5982\u679c\u80fd\u770b\u5230\u8bf7\u6c42\u7684 URL\u3001\u53c2\u6570\u548c\u8fd4\u56de\u7684 JSON\uff0c\u8bf4\u660e\u6293\u5305\u5b8c\u5168\u6210\u529f\u3002<\/p>\n\n\n\n
      \u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u5fc5\u987b\u7528\u8fd9\u79cd\u7ec4\u5408\uff1f\u66ff\u4ee3\u65b9\u6848\u591f\u7528\u5417\uff1f<\/h3>\n\n\n\n
      \u5f53\u4f60\u9700\u8981\u6df1\u5ea6\u5206\u6790\u5c0f\u7a0b\u5e8f\u7684\u63a5\u53e3\u534f\u8bae\u3001\u6570\u636e\u683c\u5f0f\u3001\u6216\u8005\u8fdb\u884c\u5b89\u5168\u6d4b\u8bd5\u65f6\uff0cProxifier + Burp\/Yakit \u7684\u7ec4\u5408\u662f\u5fc5\u7ecf\u4e4b\u8def\uff0c\u56e0\u4e3a\u53ea\u6709\u8fd9\u6837\u624d\u80fd\u5b8c\u6574\u5730\u770b\u5230\u6240\u6709 HTTPS \u6d41\u91cf\u3002\u4f46\u5982\u679c\u4f60\u53ea\u662f\u7c97\u7565\u5730\u60f3\u77e5\u9053\u5c0f\u7a0b\u5e8f\u8c03\u7528\u4e86\u54ea\u4e9b\u57df\u540d\uff0c\u5fae\u4fe1\u5f00\u53d1\u8005\u5de5\u5177\u81ea\u5e26\u7684\u201c\u7f51\u7edc\u8c03\u8bd5\u201d\u529f\u80fd\u5c31\u591f\u7528\u4e86\uff0c\u5b83\u4e0d\u9700\u8981\u914d\u7f6e\u4ee3\u7406\uff0c\u76f4\u63a5\u5c31\u80fd\u770b\u5230\u8bf7\u6c42\u5217\u8868\uff0c\u4e0d\u8fc7\u5b83\u53ea\u80fd\u7528\u4e8e\u4f60\u81ea\u5df1\u5f00\u53d1\u7684\u5c0f\u7a0b\u5e8f\uff0c\u65e0\u6cd5\u5206\u6790\u522b\u4eba\u7684\u7ebf\u4e0a\u5c0f\u7a0b\u5e8f\u3002\u5982\u679c\u4f60\u662f\u5728\u624b\u673a\u4e0a\u4e34\u65f6\u770b\u4e00\u773c\u5c0f\u7a0b\u5e8f\u7684\u8bf7\u6c42\uff0c\u4e14\u624b\u673a\u5df2 root\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u7528 Postern \u914d\u5408 Burp \u505a VPN \u4ee3\u7406\uff0c\u4f46\u914d\u7f6e\u66f4\u590d\u6742\u4e14\u5bb9\u6613\u53d7\u7cfb\u7edf\u9650\u5236\u3002<\/p>\n\n\n\n
      \u603b\u7684\u6765\u8bf4\uff0c\u9488\u5bf9\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u7684\u6293\u5305\uff0c\u672c\u8d28\u662f\u201c\u8fdb\u7a0b\u7ea7\u5f3a\u5236\u4ee3\u7406\u201d\u4e0e\u201c\u4e2d\u95f4\u4eba\u89e3\u5bc6\u201d\u7684\u7ec4\u5408\uff0c\u5b83\u6bd4\u666e\u901a PC \u5e94\u7528\u6293\u5305\u591a\u4e86\u4e00\u5c42 Proxifier \u7684\u914d\u7f6e\uff0c\u4f46\u4e00\u65e6\u638c\u63e1\uff0c\u4f60\u5c31\u80fd\u89e3\u9501\u5bf9\u6240\u6709\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u7f51\u7edc\u901a\u4fe1\u7684\u76d1\u63a7\u80fd\u529b\u3002<\/p>\n\n\n\n
      \u6293\u5305\u6280\u672f-\u8f6f\u4ef6\u8054\u52a8-http\/s-Proxifier<\/h2>\n\n\n\n
      \u5f53\u4f60\u5df2\u7ecf\u719f\u6089\u4e86 Burp \u6216 Yakit \u7684\u57fa\u672c\u7528\u6cd5\uff0c\u80fd\u901a\u8fc7\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\u6293\u53d6\u6d4f\u89c8\u5668\u548c\u5927\u90e8\u5206 PC \u5e94\u7528\u7684\u6d41\u91cf\u540e\uff0c\u5f88\u5feb\u4f1a\u9047\u5230\u4e00\u4e2a\u5c34\u5c2c\u7684\u5c40\u9762\uff1a\u4f60\u60f3\u5206\u6790\u7684\u67d0\u4e2a\u6e38\u620f\u3001\u67d0\u4e2a\u8001\u65e7\u7684\u4f01\u4e1a\u8f6f\u4ef6\u3001\u751a\u81f3\u662f\u547d\u4ee4\u884c\u7684 curl \u8bf7\u6c42\uff0c\u65e0\u8bba\u4f60\u600e\u4e48\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\uff0c\u5b83\u4eec\u5c31\u662f\u65e0\u52a8\u4e8e\u8877\uff0c\u6d41\u91cf\u4f9d\u7136\u76f4\u63a5\u53d1\u5f80\u670d\u52a1\u5668\u3002\u8fd9\u65f6\u5019\uff0c\u4f60\u5c31\u9700\u8981\u4e00\u4e2a\u201c\u4ea4\u901a\u8b66\u5bdf\u201d\u7ad9\u5728\u7cfb\u7edf\u7684\u7f51\u7edc\u8def\u53e3\uff0c\u5f3a\u5236\u628a\u6307\u5b9a\u8f66\u8f86\uff08\u8fdb\u7a0b\u7684\u6d41\u91cf\uff09\u5f15\u5bfc\u5230\u4f60\u8bbe\u5b9a\u7684\u4ee3\u7406\u901a\u9053\u4e0a\u3002\u8fd9\u4e2a\u89d2\u8272\u5c31\u662f Proxifier\u3002\u5b83\u5e76\u4e0d\u5173\u5fc3\u6d41\u91cf\u662f HTTP \u8fd8\u662f HTTPS\uff0c\u4e5f\u4e0d\u505a\u89e3\u5bc6\uff0c\u5b83\u53ea\u505a\u4e00\u4ef6\u4e8b\uff1a\u628a\u8fdb\u7a0b\u7684\u6240\u6709 TCP \u8fde\u63a5\u91cd\u5b9a\u5411\u5230\u6307\u5b9a\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u8ba9\u539f\u672c\u201c\u770b\u4e0d\u89c1\u201d\u7684\u6d41\u91cf\u73b0\u51fa\u539f\u5f62\u3002Proxifier \u662f\u4f60\u6253\u901a\u4ece\u201c\u53ea\u80fd\u6293\u7cfb\u7edf\u4ee3\u7406\u6d41\u91cf\u201d\u5230\u201c\u80fd\u6293\u4efb\u610f\u8fdb\u7a0b\u6d41\u91cf\u201d\u8fd9\u4e00\u5173\u7684\u5173\u952e\u5de5\u5177\u3002<\/p>\n\n\n\n
      Proxifier \u5728\u6574\u4e2a\u6293\u5305\u4f53\u7cfb\u4e2d\u7684\u4f4d\u7f6e<\/h3>\n\n\n\n
      \u6b63\u5e38\u7684\u7f51\u7edc\u6d41\u7a0b\u4e2d\uff0c\u4e00\u4e2a\u8fdb\u7a0b\u5982\u679c\u60f3\u901a\u8fc7\u4ee3\u7406\u8bbf\u95ee\u7f51\u7edc\uff0c\u5b83\u5fc5\u987b\u81ea\u5df1\u5b9e\u73b0\u4ee3\u7406\u534f\u8bae\uff08\u6bd4\u5982 HTTP CONNECT\uff09\uff0c\u6216\u8005\u8bfb\u53d6\u64cd\u4f5c\u7cfb\u7edf\u7684\u4ee3\u7406\u8bbe\u7f6e\u3002\u4f46\u5f88\u591a\u7a0b\u5e8f\u51fa\u4e8e\u6027\u80fd\u6216\u517c\u5bb9\u6027\u8003\u8651\uff0c\u5b8c\u5168\u5ffd\u7565\u4e86\u7cfb\u7edf\u4ee3\u7406\uff0c\u76f4\u63a5\u53d1\u8d77\u539f\u59cb TCP \u8fde\u63a5\u3002Proxifier \u4f4d\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\u4e0e\u5e94\u7528\u7a0b\u5e8f\u4e4b\u95f4\uff0c\u5b83\u901a\u8fc7\u6ce8\u5165\u9a71\u52a8\u6216 Hook \u7cfb\u7edf\u7f51\u7edc API\uff08\u5982 Windows \u7684 Winsock\uff09\uff0c\u62e6\u622a\u8fdb\u7a0b\u53d1\u8d77\u7684 TCP \u8fde\u63a5\u8bf7\u6c42\u3002\u5f53\u5b83\u53d1\u73b0\u67d0\u4e2a\u8fdb\u7a0b\u7b26\u5408\u4f60\u8bbe\u5b9a\u7684\u89c4\u5219\u65f6\uff0c\u5c31\u4f1a\u628a\u8fd9\u4e2a\u8fde\u63a5\u7684\u539f\u59cb\u76ee\u6807\u5730\u5740\uff08\u6bd4\u5982\u771f\u5b9e\u670d\u52a1\u5668\u7684 IP \u548c\u7aef\u53e3\uff09\u5c01\u88c5\u8d77\u6765\uff0c\u7136\u540e\u91cd\u65b0\u8fde\u63a5\u5230\u4f60\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff08\u6bd4\u5982 Burp \u7684 127.0.0.1:8080\uff09\uff0c\u5e76\u544a\u8bc9\u4ee3\u7406\u201c\u8bf7\u5e2e\u6211\u8fde\u63a5\u5230\u539f\u59cb\u76ee\u6807\u201d\u3002\u4e4b\u540e\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u771f\u5b9e\u670d\u52a1\u5668\u5efa\u7acb\u8fde\u63a5\uff0c\u6570\u636e\u5c31\u5728\u8fd9\u6761\u94fe\u8def\u4e0a\u53cc\u5411\u4f20\u8f93\u3002\u6574\u4e2a\u8fc7\u7a0b\u5bf9\u76ee\u6807\u8fdb\u7a0b\u5b8c\u5168\u900f\u660e\uff0c\u5b83\u6839\u672c\u4e0d\u77e5\u9053\u81ea\u5df1\u7684\u6d41\u91cf\u88ab\u62d0\u4e86\u4e00\u4e2a\u5f2f\u3002<\/p>\n\n\n\n
      Mermaid \u56fe\u8868\uff1aProxifier \u5f3a\u5236\u8f6c\u53d1\u539f\u7406<\/p>\n\n\n\n
      \"\"<\/div><\/figure>\n\n\n\n
      \u8fd9\u5f20\u56fe\u91cc\uff0c\u4e0a\u534a\u90e8\u5206\u662f\u8fdb\u7a0b\u539f\u672c\u7684\u884c\u4e3a\uff1a\u8c03\u7528\u7cfb\u7edf\u7684 connect<\/code> \u51fd\u6570\u60f3\u8fde\u63a5\u76ee\u6807\u670d\u52a1\u5668\u3002\u4e2d\u95f4\u7684 Proxifier \u6a21\u5757\u62e6\u622a\u4e86\u8fd9\u4e2a\u8c03\u7528\uff08\u865a\u7ebf\u7bad\u5934\u8868\u793a\u62e6\u622a\uff09\uff0c\u7136\u540e\u6539\u53d8\u4e86\u8fde\u63a5\u7684\u76ee\u6807\u5730\u5740\uff0c\u6539\u4e3a\u8fde\u63a5\u4f60\u7684\u6293\u5305\u4ee3\u7406\u3002\u4ee3\u7406\u518d\u4e0e\u771f\u5b9e\u670d\u52a1\u5668\u901a\u4fe1\u3002\u6ce8\u610f\u7bad\u5934 2 \u548c 3\uff0c\u8fd9\u662f Proxifier \u6700\u6838\u5fc3\u7684\u5de5\u4f5c\uff1a\u5b83\u4fdd\u5b58\u4e86\u539f\u59cb\u76ee\u6807\u7684\u4fe1\u606f\uff0c\u901a\u8fc7\u4ee3\u7406\u534f\u8bae\u544a\u8bc9\u4ee3\u7406\u5e94\u8be5\u53bb\u8fde\u63a5\u8c01\u3002\u540e\u7eed\u7684\u6570\u636e\u4f20\u8f93\u4e5f\u7ecf\u8fc7 Proxifier \u7684\u4e2d\u8f6c\uff0c\u4f46\u5bf9\u8fdb\u7a0b\u6765\u8bf4\uff0c\u5b83\u4ece\u5934\u5230\u5c3e\u53ea\u77e5\u9053\u81ea\u5df1\u8fde\u63a5\u4e86\u67d0\u4e2a IP \u5e76\u6536\u5230\u4e86\u6570\u636e\uff0c\u5e76\u4e0d\u77e5\u9053\u6570\u636e\u5176\u5b9e\u7ed5\u8fc7\u4e86\u76f4\u63a5\u8def\u5f84\u3002<\/p>\n\n\n\n
      Proxifier \u7684\u6838\u5fc3\u80fd\u529b\u4e0e\u540c\u7c7b\u5de5\u5177\u5bf9\u6bd4<\/h3>\n\n\n\n
      Proxifier \u662f\u76ee\u524d Windows \u5e73\u53f0\u4e0b\u6700\u6210\u719f\u7684\u5f3a\u5236\u4ee3\u7406\u5de5\u5177\uff0c\u5b83\u7684\u6838\u5fc3\u80fd\u529b\u5305\u62ec\uff1a\u652f\u6301 HTTP\u3001HTTPS\u3001SOCKS \u7b49\u591a\u79cd\u4ee3\u7406\u534f\u8bae\uff1b\u53ef\u4ee5\u6839\u636e\u8fdb\u7a0b\u540d\u3001IP \u8303\u56f4\u3001\u7aef\u53e3\u7b49\u6761\u4ef6\u7075\u6d3b\u5b9a\u4e49\u89c4\u5219\uff1b\u652f\u6301\u4ee3\u7406\u94fe\uff08\u591a\u4e2a\u4ee3\u7406\u4e32\u8054\uff09\uff1b\u62e5\u6709\u8be6\u7ec6\u7684\u8fde\u63a5\u65e5\u5fd7\uff0c\u65b9\u4fbf\u8c03\u8bd5\u3002\u5b83\u7684\u540c\u7c7b\u5de5\u5177\u6709 ProxyCap\u3001SocksCap\u3001Redir\uff08Linux \u4e0b\u7684 tsocks\uff09\u7b49\u3002ProxyCap \u529f\u80fd\u7c7b\u4f3c\uff0c\u4f46\u914d\u7f6e\u7a0d\u663e\u590d\u6742\uff1bSocksCap \u8f83\u8001\uff0c\u53ea\u652f\u6301 SOCKS \u4ee3\u7406\uff1bLinux \u4e0b\u901a\u5e38\u4f7f\u7528 tsocks<\/code> \u6216 proxychains<\/code> \u8fd9\u7c7b\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u5b83\u4eec\u901a\u8fc7\u9884\u52a0\u8f7d\u5e93\u5b9e\u73b0\u7c7b\u4f3c\u6548\u679c\u3002Proxifier \u7684\u4f18\u52bf\u5728\u4e8e\u56fe\u5f62\u5316\u754c\u9762\u3001\u89c4\u5219\u7ba1\u7406\u6e05\u6670\u3001\u4ee5\u53ca\u5bf9 Windows \u5e73\u53f0\u7684\u826f\u597d\u652f\u6301\u3002\u5bf9\u4e8e\u65b0\u624b\uff0cProxifier \u662f\u5b66\u4e60\u5f3a\u5236\u4ee3\u7406\u6982\u5ff5\u7684\u6700\u4f73\u5de5\u5177\uff0c\u5b83\u7684\u65e5\u5fd7\u80fd\u8ba9\u4f60\u76f4\u89c2\u5730\u770b\u5230\u6bcf\u4e00\u4e2a\u8fde\u63a5\u662f\u5982\u4f55\u88ab\u5904\u7406\u7684\u3002<\/p>\n\n\n\n
      \u5178\u578b\u573a\u666f\uff1a\u8ba9\u4efb\u610f\u8f6f\u4ef6\u4e56\u4e56\u8d70 Burp \u4ee3\u7406<\/h3>\n\n\n\n
      \u5047\u8bbe\u4f60\u60f3\u5206\u6790\u4e00\u4e2a\u7f51\u7edc\u6e38\u620f\uff08\u6bd4\u5982\u300a\u82f1\u96c4\u8054\u76df\u300b\uff09\u7684\u767b\u5f55\u534f\u8bae\uff0c\u4f46\u5b83\u6839\u672c\u4e0d\u8bfb\u7cfb\u7edf\u4ee3\u7406\u8bbe\u7f6e\u3002\u4e0b\u9762\u662f\u4e00\u5957\u5b8c\u6574\u7684 Proxifier + Burp \u914d\u7f6e\u6b65\u9aa4\u3002<\/p>\n\n\n\n
      \u7b2c\u4e00\u6b65\uff1a\u786e\u8ba4 Burp \u6b63\u5728\u76d1\u542c\u3002<\/strong> \u6253\u5f00 Burp\uff0c\u786e\u4fdd Proxy -> Options \u91cc\u6709\u4e00\u4e2a\u76d1\u542c\u5668\u7ed1\u5b9a\u5230 127.0.0.1:8080\uff0c\u5e76\u4e14\u662f Running \u72b6\u6001\u3002\u6682\u65f6\u53ef\u4ee5\u5173\u95ed Intercept \u4ee5\u514d\u8bf7\u6c42\u88ab\u6302\u8d77\u3002<\/p>\n\n\n\n
      \u7b2c\u4e8c\u6b65\uff1a\u914d\u7f6e Proxifier \u7684\u4ee3\u7406\u670d\u52a1\u5668\u3002<\/strong> \u6253\u5f00 Proxifier\uff0c\u70b9\u51fb\u201c\u914d\u7f6e\u6587\u4ef6\u201d->\u201c\u4ee3\u7406\u670d\u52a1\u5668\u201d\u3002\u5728\u5f39\u51fa\u7684\u7a97\u53e3\u4e2d\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\uff0c\u5730\u5740\u586b 127.0.0.1\uff0c\u7aef\u53e3\u586b 8080\uff0c\u534f\u8bae\u9009\u62e9\u201cHTTPS\u201d\u3002\u8fd9\u91cc\u9009 HTTPS \u662f\u56e0\u4e3a Burp \u652f\u6301 CONNECT \u65b9\u6cd5\u5efa\u7acb\u96a7\u9053\uff0c\u5bf9\u4e8e\u6240\u6709\u53d1\u5411 Burp \u7684\u6d41\u91cf\uff0cProxifier \u90fd\u4f1a\u7528 CONNECT \u65b9\u6cd5\u544a\u8bc9 Burp \u8981\u8fde\u63a5\u7684\u771f\u5b9e\u76ee\u6807\u3002\u5982\u679c\u4f60\u9009 HTTP\uff0cProxifier \u53ea\u4f1a\u8f6c\u53d1\u7eaf\u7cb9\u7684 HTTP \u8bf7\u6c42\uff0c\u5bf9\u4e8e HTTPS \u6d41\u91cf\u4f1a\u5931\u8d25\u3002\u70b9\u51fb\u201c\u786e\u5b9a\u201d\u540e\uff0c\u53ef\u4ee5\u70b9\u51fb\u201c\u68c0\u67e5\u201d\u6309\u94ae\u6d4b\u8bd5\u8fde\u901a\u6027\uff0cProxifier \u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8fd9\u4e2a\u4ee3\u7406\u8bbf\u95ee\u4e00\u4e2a\u6d4b\u8bd5\u7f51\u7ad9\uff0c\u5982\u679c\u6210\u529f\u4f1a\u63d0\u793a\u201c\u4ee3\u7406\u670d\u52a1\u5668\u5de5\u4f5c\u6b63\u5e38\u201d\u3002<\/p>\n\n\n\n
      \u7b2c\u4e09\u6b65\uff1a\u914d\u7f6e\u4ee3\u7406\u89c4\u5219\u3002<\/strong> \u70b9\u51fb\u201c\u914d\u7f6e\u6587\u4ef6\u201d->\u201c\u4ee3\u7406\u89c4\u5219\u201d\u3002\u9ed8\u8ba4\u6709\u4e00\u6761\u201clocalhost\u201d\u7684\u89c4\u5219\u662f\u201c\u76f4\u63a5\u8fde\u63a5\u201d\uff0c\u907f\u514d\u4ee3\u7406\u5de5\u5177\u672c\u8eab\u88ab\u81ea\u5df1\u8f6c\u53d1\u3002\u70b9\u51fb\u201c\u6dfb\u52a0\u201d\u65b0\u5efa\u89c4\u5219\u3002\u540d\u79f0\u586b\u5199\u201cGame\u201d\u3002\u5728\u201c\u5e94\u7528\u7a0b\u5e8f\u201d\u4e00\u680f\uff0c\u4f60\u9700\u8981\u6307\u5b9a\u76ee\u6807\u6e38\u620f\u7684\u8fdb\u7a0b\u540d\u3002\u6700\u7b80\u5355\u7684\u529e\u6cd5\u662f\u5728\u6e38\u620f\u8fd0\u884c\u65f6\u6253\u5f00\u4efb\u52a1\u7ba1\u7406\u5668\uff0c\u627e\u5230\u5bf9\u5e94\u7684 .exe<\/code> \u6587\u4ef6\uff0c\u628a\u5b8c\u6574\u8fdb\u7a0b\u540d\u590d\u5236\u8fc7\u6765\uff0c\u6bd4\u5982 LeagueClient.exe<\/code>\u3002\u5982\u679c\u4e0d\u786e\u5b9a\uff0c\u53ef\u4ee5\u7528\u901a\u914d\u7b26 *League*<\/code> \u5339\u914d\u3002\u52a8\u4f5c\u9009\u62e9\u201c\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u201d\uff0c\u5e76\u9009\u4e2d\u521a\u624d\u6dfb\u52a0\u7684 127.0.0.1:8080\u3002\u70b9\u51fb\u786e\u5b9a\u3002\u5982\u679c\u4f60\u60f3\u540c\u65f6\u6293\u53d6\u6240\u6709\u8d70\u8fd9\u4e2a\u4ee3\u7406\u7684\u6d41\u91cf\uff0c\u4e5f\u53ef\u4ee5\u5efa\u4e00\u6761\u9ed8\u8ba4\u89c4\u5219\uff0c\u628a\u201c\u9ed8\u8ba4\u201d\u7684\u52a8\u4f5c\u6539\u6210\u4f7f\u7528\u4ee3\u7406\uff0c\u4f46\u8fd9\u6837\u53ef\u80fd\u4f1a\u628a\u7cfb\u7edf\u670d\u52a1\u4e5f\u8f6c\u53d1\u8fc7\u53bb\uff0c\u5bfc\u81f4\u7f51\u7edc\u5f02\u5e38\uff0c\u6240\u4ee5\u5efa\u8bae\u53ea\u9488\u5bf9\u7279\u5b9a\u8fdb\u7a0b\u3002<\/p>\n\n\n\n
      \u7b2c\u56db\u6b65\uff1a\u9a8c\u8bc1\u914d\u7f6e\u662f\u5426\u751f\u6548\u3002<\/strong> \u786e\u4fdd Proxifier \u6b63\u5728\u8fd0\u884c\uff0c\u7136\u540e\u542f\u52a8\u6e38\u620f\uff0c\u6267\u884c\u767b\u5f55\u64cd\u4f5c\u3002\u89c2\u5bdf Proxifier \u4e3b\u754c\u9762\u4e0b\u65b9\u7684\u201c\u65e5\u5fd7\u201d\u7a97\u53e3\uff0c\u4f60\u5e94\u8be5\u80fd\u770b\u5230\u6765\u81ea\u6e38\u620f\u8fdb\u7a0b\u7684\u8fde\u63a5\u8bb0\u5f55\uff0c\u72b6\u6001\u4e3a\u201c\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u201d\uff0c\u76ee\u6807\u5730\u5740\u662f\u6e38\u620f\u670d\u52a1\u5668\u7684 IP \u548c\u7aef\u53e3\u3002\u540c\u65f6\u6253\u5f00 Burp \u7684 HTTP history\uff0c\u5982\u679c\u6e38\u620f\u4f7f\u7528\u4e86 HTTPS\uff0c\u4f60\u5e94\u8be5\u80fd\u770b\u5230 CONNECT \u96a7\u9053\u548c\u540e\u7eed\u7684\u52a0\u5bc6\u6d41\u91cf\uff0c\u5e76\u4e14\u56e0\u4e3a Burp \u7684\u8bc1\u4e66\u5df2\u5b89\u88c5\uff0c\u8fd9\u4e9b HTTPS \u6d41\u91cf\u4f1a\u88ab\u89e3\u5bc6\u6210\u660e\u6587\u663e\u793a\u5728 history \u91cc\u3002\u5982\u679c Burp \u91cc\u53ea\u770b\u5230 CONNECT \u800c\u6ca1\u6709\u540e\u7eed\u7684\u8bf7\u6c42\uff0c\u8bf4\u660e\u8bc1\u4e66\u53ef\u80fd\u672a\u6b63\u786e\u5b89\u88c5\uff0c\u6216\u8005\u6e38\u620f\u4f7f\u7528\u4e86\u8bc1\u4e66\u56fa\u5b9a\u3002<\/p>\n\n\n\n
      \u7b2c\u4e94\u6b65\uff08\u53ef\u9009\uff09\uff1a\u9ad8\u7ea7\u89c4\u5219\u4e0e\u6392\u9664\u3002<\/strong> \u6709\u65f6\u5019\u6e38\u620f\u53ef\u80fd\u4f1a\u6709\u591a\u4e2a\u8fdb\u7a0b\u534f\u540c\u5de5\u4f5c\uff0c\u6bd4\u5982\u4e00\u4e2a\u542f\u52a8\u5668\u3001\u4e00\u4e2a\u4e3b\u6e38\u620f\u8fdb\u7a0b\u3001\u4e00\u4e2a\u53cd\u4f5c\u5f0a\u8fdb\u7a0b\u3002\u4f60\u53ef\u4ee5\u5728\u89c4\u5219\u91cc\u6dfb\u52a0\u591a\u4e2a\u8fdb\u7a0b\u540d\uff0c\u7528\u5206\u53f7\u9694\u5f00\uff0c\u6216\u8005\u4f7f\u7528\u901a\u914d\u7b26\u3002\u8fd8\u53ef\u4ee5\u8bbe\u7f6e\u67d0\u4e9b IP \u6216\u7aef\u53e3\u4e0d\u8d70\u4ee3\u7406\uff0c\u6bd4\u5982\u6e38\u620f\u66f4\u65b0\u670d\u52a1\u5668\u8d70\u76f4\u8fde\u907f\u514d\u5f71\u54cd\u66f4\u65b0\u901f\u5ea6\u3002Proxifier \u7684\u89c4\u5219\u652f\u6301\u6309\u201c\u5e94\u7528\u7a0b\u5e8f\u201d\u3001\u201c\u76ee\u6807\u4e3b\u673a\u201d\u3001\u201c\u76ee\u6807\u7aef\u53e3\u201d\u591a\u91cd\u6761\u4ef6\u7ec4\u5408\uff0c\u975e\u5e38\u7075\u6d3b\u3002<\/p>\n\n\n\n
      Mermaid \u56fe\u8868\uff1aProxifier \u89c4\u5219\u914d\u7f6e\u6d41\u7a0b\u56fe<\/p>\n\n\n\n
      \"\"<\/div><\/figure>\n\n\n\n
      \u8fd9\u5f20\u56fe\u628a\u914d\u7f6e\u8fc7\u7a0b\u6309\u987a\u5e8f\u5217\u51fa\uff0c\u4ece\u786e\u5b9a\u8fdb\u7a0b\u540d\u5f00\u59cb\uff0c\u5230\u6d4b\u8bd5\u4ee3\u7406\u3001\u5efa\u89c4\u5219\u3001\u9a8c\u8bc1\u3002\u5173\u952e\u70b9\u662f\u8fdb\u7a0b\u540d\u5fc5\u987b\u7cbe\u786e\u5339\u914d\uff0c\u4ee5\u53ca\u4ee3\u7406\u534f\u8bae\u8981\u9009 HTTPS\u3002\u65e5\u5fd7\u7a97\u53e3\u662f\u4f60\u6392\u67e5\u95ee\u9898\u7684\u7b2c\u4e00\u624b\u8d44\u6599\uff0c\u5982\u679c\u770b\u5230\u201c\u76f4\u63a5\u8fde\u63a5\u201d\u800c\u4e0d\u662f\u201c\u901a\u8fc7\u4ee3\u7406\u201d\uff0c\u8bf4\u660e\u89c4\u5219\u6ca1\u6709\u5339\u914d\u4e0a\u3002<\/p>\n\n\n\n
      Proxifier \u4e0e Burp\u3001Yakit \u7684\u8054\u52a8\u8fdb\u9636<\/h3>\n\n\n\n
      \u5f53\u4f60\u638c\u63e1\u4e86\u57fa\u672c\u7684 Proxifier \u4f7f\u7528\u540e\uff0c\u53ef\u4ee5\u8fdb\u4e00\u6b65\u5229\u7528\u5b83\u7684\u201c\u4ee3\u7406\u94fe\u201d\u529f\u80fd\u5b9e\u73b0\u66f4\u590d\u6742\u7684\u6d41\u91cf\u7ba1\u7406\u3002\u6bd4\u5982\u4f60\u60f3\u540c\u65f6\u7528 Burp \u7684\u624b\u52a8\u6d4b\u8bd5\u529f\u80fd\u548c Yakit \u7684\u81ea\u52a8\u5316\u626b\u63cf\u529f\u80fd\uff0c\u53ef\u4ee5\u628a Proxifier \u7684\u6d41\u91cf\u5148\u53d1\u7ed9 Burp\uff0c\u7136\u540e\u8ba9 Burp \u628a\u6d41\u91cf\u8f6c\u53d1\u7ed9 Yakit\u3002\u914d\u7f6e\u65b9\u6cd5\uff1a\u5728 Burp \u7684 User options -> Connections -> Upstream Proxy Servers \u4e2d\uff0c\u6dfb\u52a0\u4e00\u6761\u89c4\u5219\uff0c\u76ee\u6807\u4e3b\u673a\u586b *<\/code>\uff0c\u4ee3\u7406\u4e3b\u673a\u586b 127.0.0.1\uff0c\u7aef\u53e3\u586b Yakit \u7684\u76d1\u542c\u7aef\u53e3\uff08\u5982 8083\uff09\u3002\u7136\u540e\u5728 Proxifier \u91cc\u628a\u4ee3\u7406\u670d\u52a1\u5668\u8bbe\u7f6e\u4e3a Burp \u7684 8080\u3002\u8fd9\u6837\u6d41\u91cf\u8def\u5f84\u5c31\u662f\uff1a\u76ee\u6807\u8fdb\u7a0b -> Proxifier -> Burp -> Yakit -> \u771f\u5b9e\u670d\u52a1\u5668\u3002Burp \u548c Yakit \u90fd\u80fd\u770b\u5230\u5e76\u5904\u7406\u6d41\u91cf\u3002\u5982\u679c\u4f60\u60f3\u8ba9\u7279\u5b9a\u8fdb\u7a0b\u7ed5\u8fc7 Yakit \u53ea\u8d70 Burp\uff0c\u6216\u8005\u7ed5\u8fc7\u6574\u4e2a\u4ee3\u7406\uff0c\u4e5f\u53ef\u4ee5\u5728 Proxifier \u91cc\u8bbe\u7f6e\u591a\u6761\u89c4\u5219\uff0c\u4f18\u5148\u7ea7\u4ece\u4e0a\u5230\u4e0b\u5339\u914d\u3002<\/p>\n\n\n\n
      \u6700\u5bb9\u6613\u8e29\u7684\u5751\u53ca\u6b63\u786e\u505a\u6cd5<\/h3>\n\n\n\n
      \u5751 1\uff1a\u4ee3\u7406\u534f\u8bae\u9009\u9519\u4e3a HTTP\u3002<\/strong> \u8fd9\u662f\u6700\u5e38\u89c1\u7684\u65b0\u624b\u9519\u8bef\u3002\u5982\u679c\u9009\u6210 HTTP\uff0cProxifier \u53ea\u4f1a\u628a\u53d1\u5f80 HTTP \u7aef\u53e3\u7684\u6d41\u91cf\uff08\u5982 80\uff09\u7528\u666e\u901a HTTP \u4ee3\u7406\u65b9\u5f0f\u8f6c\u53d1\uff0c\u800c\u5bf9\u4e8e HTTPS \u6d41\u91cf\uff08443\uff09\u5219\u4f1a\u5c1d\u8bd5\u7528 HTTP \u4ee3\u7406\u7684 CONNECT \u65b9\u6cd5\u5417\uff1f\u5b9e\u9645\u4e0a\u9009 HTTP \u65f6\uff0cProxifier \u5bf9\u6240\u6709 TCP \u8fde\u63a5\u90fd\u4f1a\u7528 HTTP \u4ee3\u7406\u534f\u8bae\uff0c\u4e5f\u5c31\u662f\u53d1\u9001 CONNECT \u8bf7\u6c42\uff0c\u8fd9\u5176\u5b9e\u662f\u53ef\u4ee5\u7684\uff0c\u4f46\u95ee\u9898\u5728\u4e8e\u5f88\u591a\u8001\u65e7\u7684\u4ee3\u7406\u670d\u52a1\u5668\uff08\u6216\u914d\u7f6e\u4e0d\u5f53\u7684\u4ee3\u7406\uff09\u53ef\u80fd\u4e0d\u652f\u6301 CONNECT \u5230\u975e 443 \u7aef\u53e3\uff0c\u6216\u8005\u5ba2\u6237\u7aef\u5bf9 CONNECT \u54cd\u5e94\u7684\u89e3\u6790\u6709\u5dee\u5f02\u3002\u7a33\u59a5\u7684\u505a\u6cd5\u662f\u9009 HTTPS\uff0c\u5b83\u660e\u786e\u544a\u8bc9 Proxifier \u8fd9\u662f\u4e00\u4e2a\u652f\u6301 CONNECT \u96a7\u9053\u7684\u4ee3\u7406\uff0c\u517c\u5bb9\u6027\u6700\u597d\u3002<\/p>\n\n\n\n
      \u5751 2\uff1a\u8fdb\u7a0b\u540d\u6ca1\u5199\u5bf9\u3002<\/strong> \u5f88\u591a\u6e38\u620f\u6216\u8f6f\u4ef6\u6709\u591a\u4e2a\u8fdb\u7a0b\uff0c\u6bd4\u5982\u4e3b\u7a0b\u5e8f\u53eb game.exe<\/code>\uff0c\u4f46\u7f51\u7edc\u901a\u4fe1\u53ef\u80fd\u5728\u4e00\u4e2a\u53eb game_network.exe<\/code> \u7684\u5b50\u8fdb\u7a0b\u91cc\u3002\u5982\u679c\u4f60\u53ea\u6293\u4e86\u4e3b\u7a0b\u5e8f\uff0c\u53ef\u80fd\u8fd8\u662f\u770b\u4e0d\u5230\u6d41\u91cf\u3002\u6b63\u786e\u505a\u6cd5\u662f\u5148\u7528 Process Monitor \u6216\u4efb\u52a1\u7ba1\u7406\u5668\u89c2\u5bdf\u54ea\u4e2a\u8fdb\u7a0b\u771f\u6b63\u5728\u5efa\u7acb\u7f51\u7edc\u8fde\u63a5\u3002Proxifier \u672c\u8eab\u4e5f\u6709\u65e5\u5fd7\uff0c\u4f60\u53ef\u4ee5\u5148\u4e0d\u52a0\u89c4\u5219\uff0c\u8ba9\u6240\u6709\u6d41\u91cf\u90fd\u76f4\u8fde\uff0c\u7136\u540e\u67e5\u770b\u65e5\u5fd7\u91cc\u76ee\u6807\u8fdb\u7a0b\u7684\u8fde\u63a5\u8bb0\u5f55\uff0c\u627e\u5230\u51c6\u786e\u7684\u8fdb\u7a0b\u540d\uff0c\u518d\u9488\u5bf9\u6027\u5efa\u89c4\u5219\u3002<\/p>\n\n\n\n
      \u5751 3\uff1aProxifier \u548c\u6293\u5305\u5de5\u5177\u7684\u4ee3\u7406\u7aef\u53e3\u51b2\u7a81\u3002<\/strong> \u5982\u679c\u4f60\u5f00\u4e86\u591a\u4e2a\u4ee3\u7406\u5de5\u5177\uff08\u6bd4\u5982\u540c\u65f6\u5f00\u4e86 Burp \u548c Fiddler\uff09\uff0c\u53ef\u80fd\u5176\u4e2d\u4e00\u4e2a\u5360\u7528\u4e86 8080 \u7aef\u53e3\uff0c\u5bfc\u81f4 Proxifier \u8fde\u63a5\u5931\u8d25\u3002\u68c0\u67e5\u7aef\u53e3\u5360\u7528\u60c5\u51b5\uff0c\u6216\u8005\u7ed9 Proxifier \u7684\u4ee3\u7406\u670d\u52a1\u5668\u914d\u7f6e\u6b63\u786e\u7684\u7aef\u53e3\u3002<\/p>\n\n\n\n
      \u9a8c\u8bc1\u65b9\u6cd5<\/strong>\uff1a\u9664\u4e86\u770b Proxifier \u65e5\u5fd7\uff0c\u8fd8\u53ef\u4ee5\u5728\u76ee\u6807\u8f6f\u4ef6\u91cc\u6267\u884c\u4e00\u4e2a\u4f60\u5df2\u77e5\u7684\u7f51\u7edc\u64cd\u4f5c\uff0c\u6bd4\u5982\u767b\u5f55\uff0c\u7136\u540e\u53bb\u6293\u5305\u5de5\u5177\u91cc\u6309\u65f6\u95f4\u6392\u5e8f\uff0c\u770b\u662f\u5426\u6709\u65b0\u7684\u8bf7\u6c42\u51fa\u73b0\u3002\u5982\u679c Proxifier \u65e5\u5fd7\u663e\u793a\u8f6c\u53d1\u6210\u529f\u4f46 Burp \u91cc\u6ca1\u6709\uff0c\u90a3\u95ee\u9898\u5728 Burp \u6216\u8bc1\u4e66\u4e0a\uff1b\u5982\u679c Proxifier \u65e5\u5fd7\u91cc\u6839\u672c\u6ca1\u6709\u8be5\u8fdb\u7a0b\u7684\u8fde\u63a5\uff0c\u90a3\u5c31\u662f\u89c4\u5219\u95ee\u9898\u3002\u4e00\u4e2a\u5e38\u7528\u7684\u6d4b\u8bd5\u5de5\u5177\u662f telnet<\/code> \u6216 Test-NetConnection<\/code>\uff08PowerShell\uff09\uff0c\u4f60\u53ef\u4ee5\u5728\u547d\u4ee4\u884c\u6267\u884c telnet www.baidu.com 80<\/code>\uff0c\u5982\u679c Proxifier \u89c4\u5219\u4e2d\u5305\u542b\u4e86 telnet.exe<\/code>\uff0c\u4f60\u5e94\u8be5\u80fd\u5728\u65e5\u5fd7\u91cc\u770b\u5230\u8fd9\u4e2a\u8fde\u63a5\u88ab\u8f6c\u53d1\u3002<\/p>\n\n\n\n
      \u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u5fc5\u987b\u7528 Proxifier\uff1f\u66ff\u4ee3\u65b9\u6848\u6709\u54ea\u4e9b\uff1f<\/h3>\n\n\n\n
      \u5fc5\u987b\u7528 Proxifier \u7684\u573a\u666f<\/strong>\uff1a\u5f53\u4f60\u9700\u8981\u5206\u6790\u4e00\u4e2a\u4f60\u65e0\u6cd5\u4fee\u6539\u6e90\u4ee3\u7801\u7684\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u3001\u6e38\u620f\u3001\u8001\u65e7\u5e94\u7528\uff0c\u800c\u4e14\u5b83\u5b8c\u5168\u4e0d\u9075\u5faa\u7cfb\u7edf\u4ee3\u7406\u8bbe\u7f6e\u65f6\uff0cProxifier \u662f\u552f\u4e00\u80fd\u5f3a\u5236\u6293\u53d6\u5176\u6d41\u91cf\u7684\u65b9\u5f0f\u3002\u5b83\u4e5f\u662f\u5b89\u5168\u5206\u6790\u4eba\u5458\u5728\u9762\u5bf9\u672a\u77e5\u8f6f\u4ef6\u65f6\u7684\u6807\u51c6\u5de5\u5177\uff0c\u56e0\u4e3a\u4f60\u53ef\u4ee5\u7cbe\u786e\u63a7\u5236\u53ea\u8f6c\u53d1\u76ee\u6807\u8fdb\u7a0b\u7684\u6d41\u91cf\uff0c\u4e0d\u5f71\u54cd\u5176\u4ed6\u7f51\u7edc\u8fde\u63a5\u3002<\/p>\n\n\n\n
      \u66ff\u4ee3\u65b9\u6848\u4f55\u65f6\u591f\u7528<\/strong>\uff1a<\/p>\n\n\n\n
        \n
      • \u5982\u679c\u4f60\u53ea\u9700\u8981\u6293\u53d6\u6d4f\u89c8\u5668\u7684\u6d41\u91cf\uff0c\u7cfb\u7edf\u4ee3\u7406 + \u6d4f\u89c8\u5668\u63d2\u4ef6\uff08\u5982 SwitchyOmega\uff09\u5c31\u8db3\u591f\u4e86\uff0c\u4e0d\u9700\u8981 Proxifier\u3002<\/li>\n\n\n\n
      • \u5982\u679c\u4f60\u5728 Linux \u6216 macOS \u4e0b\uff0c\u53ef\u4ee5\u4f7f\u7528 proxychains<\/code> \u547d\u4ee4\u542f\u52a8\u76ee\u6807\u7a0b\u5e8f\uff0c\u5b83\u901a\u8fc7\u9884\u52a0\u8f7d\u5e93\u5b9e\u73b0\u7c7b\u4f3c\u529f\u80fd\uff0c\u4f46\u9700\u8981\u6bcf\u6b21\u90fd\u5728\u547d\u4ee4\u884c\u4e2d\u542f\u52a8\uff0c\u4e0d\u9002\u5408\u5df2\u8fd0\u884c\u7684\u8fdb\u7a0b\u3002<\/li>\n\n\n\n
      • \u5982\u679c\u4f60\u9700\u8981\u6293\u53d6\u6574\u4e2a\u7cfb\u7edf\u6240\u6709\u6d41\u91cf\uff08\u5305\u62ec\u7cfb\u7edf\u670d\u52a1\uff09\uff0c\u53ef\u4ee5\u4f7f\u7528 VPN \u7c7b\u5de5\u5177\uff08\u5982 Proxifier \u5176\u5b9e\u4e5f\u7b97\u4e00\u79cd\uff0c\u4f46 VPN \u4f1a\u5168\u5c40\u8f6c\u53d1\uff09\uff0c\u4f46 VPN \u65e0\u6cd5\u7cbe\u7ec6\u63a7\u5236\u8fdb\u7a0b\uff0c\u4e14\u914d\u7f6e\u590d\u6742\u3002<\/li>\n\n\n\n
      • \u5982\u679c\u4f60\u81ea\u5df1\u5f00\u53d1\u8f6f\u4ef6\uff0c\u53ef\u4ee5\u5728\u4ee3\u7801\u91cc\u663e\u5f0f\u8bbe\u7f6e\u4ee3\u7406\uff0c\u6839\u672c\u4e0d\u9700\u8981 Proxifier\u3002<\/li>\n<\/ul>\n\n\n\n
        \u603b\u4e4b\uff0cProxifier \u662f\u6293\u5305\u5de5\u5177\u7bb1\u91cc\u7684\u4e00\u628a\u201c\u4e07\u80fd\u6273\u624b\u201d\uff0c\u5b83\u8ba9\u4f60\u6446\u8131\u4e86\u5bf9\u76ee\u6807\u8f6f\u4ef6\u81ea\u8eab\u4ee3\u7406\u80fd\u529b\u7684\u4f9d\u8d56\uff0c\u5c06\u6293\u5305\u7684\u4e3b\u52a8\u6743\u5b8c\u5168\u638c\u63e1\u5728\u81ea\u5df1\u624b\u4e2d\u3002\u638c\u63e1\u4e86\u5b83\uff0c\u4f60\u5c31\u80fd\u4ece\u5bb9\u5e94\u5bf9\u5404\u79cd\u201c\u987d\u56fa\u201d\u7684 PC \u5e94\u7528\uff0c\u4e3a\u540e\u7eed\u66f4\u6df1\u5165\u7684\u5b89\u5168\u5206\u6790\u94fa\u5e73\u9053\u8def\u3002<\/p>\n\n\n\n
        \u6293\u5305\u6280\u672f-\u901a\u7528\u65b9\u6848-http\/s-Reqable<\/h2>\n\n\n\n
        \u5f53\u4f60\u5df2\u7ecf\u8d70\u8fc7\u4e86\u7528 Burp \u6293 PC \u5e94\u7528\u3001\u7528 Proxifier \u5f3a\u5236\u5b9a\u5411\u3001\u7528\u7ec4\u5408\u62f3\u6293\u5c0f\u7a0b\u5e8f\u8fd9\u4e00\u8def\uff0c\u5de5\u5177\u7bb1\u91cc\u5df2\u7ecf\u6512\u4e86\u4e0d\u5c11\u5229\u5668\u3002\u4f46\u6bcf\u6b21\u6362\u4e2a\u573a\u666f\u5c31\u8981\u6362\u5957\u5de5\u5177\uff0c\u6709\u65f6\u5019\u4f60\u53ea\u662f\u60f3\u5feb\u901f\u770b\u4e00\u773c\u67d0\u4e2a App \u7684\u63a5\u53e3\u8fd4\u56de\u4e86\u4ec0\u4e48 JSON\uff0c\u6216\u8005\u4e34\u65f6\u60f3\u91cd\u53d1\u4e00\u4e2a\u8bf7\u6c42\u6539\u4e2a\u53c2\u6570\uff0c\u6253\u5f00 Burp \u8fd9\u79cd\u201c\u91cd\u578b\u6b66\u5668\u201d\u603b\u89c9\u5f97\u6709\u70b9\u6740\u9e21\u7528\u725b\u5200\u3002\u66f4\u91cd\u8981\u7684\u662f\uff0c\u4f60\u80af\u5b9a\u9047\u5230\u8fc7\u8fd9\u79cd\u9700\u6c42\uff1a\u6293\u5230\u5305\u4e4b\u540e\uff0c\u60f3\u76f4\u63a5\u628a\u8fd9\u4e2a\u8bf7\u6c42\u8f6c\u6210\u6d4b\u8bd5\u7528\u4f8b\uff0c\u6216\u8005\u60f3\u5bf9\u7279\u5b9a\u8bf7\u6c42\u81ea\u52a8\u505a\u4e00\u4e9b\u4fee\u6539\uff08\u6bd4\u5982\u7ed9\u6bcf\u4e2a\u8bf7\u6c42\u52a0\u4e2a token\uff09\uff0cBurp \u91cc\u8981\u4e48\u9700\u8981\u88c5\u63d2\u4ef6\uff0c\u8981\u4e48\u5f97\u5199\u590d\u6742\u7684\u6b63\u5219\u3002\u8fd9\u65f6\uff0c\u4e00\u4e2a\u53eb Reqable \u7684\u5de5\u5177\u5c31\u8d70\u8fdb\u4e86\u89c6\u91ce\u2014\u2014\u5b83\u628a\u81ea\u5df1\u5b9a\u4f4d\u6210\u201c\u901a\u7528\u65b9\u6848\u201d\uff0c\u8bd5\u56fe\u5728\u4e00\u4e2a\u8f6f\u4ef6\u91cc\u641e\u5b9a\u6293\u5305\u3001\u8c03\u8bd5\u3001\u91cd\u53d1\u3001\u811a\u672c\u5904\u7406\u8fd9\u6574\u5957\u6d41\u7a0b\uff0c\u800c\u4e14\u8de8\u5e73\u53f0\u652f\u6301 Windows\u3001Mac\u3001Linux \u751a\u81f3\u624b\u673a\u7aef\u3002<\/p>\n\n\n\n
        Reqable \u5728\u6574\u4e2a\u6293\u5305\u4f53\u7cfb\u4e2d\u7684\u5b9a\u4f4d<\/h3>\n\n\n\n
        Reqable \u7684\u524d\u8eab\u662f\u5b89\u5353\u4e0a\u77e5\u540d\u7684\u6293\u5305\u5de5\u5177 HttpCanary\uff0c\u4f5c\u8005\u628a\u5b83\u91cd\u5199\u6210\u4e86\u4e00\u4e2a\u5168\u5e73\u53f0\u4ea7\u54c1\u3002\u5b83\u548c Burp\u3001Yakit \u6700\u5927\u7684\u533a\u522b\u5728\u4e8e\uff1aBurp \u662f\u4e13\u4e1a\u5b89\u5168\u6d4b\u8bd5\u5e73\u53f0\uff0c\u529f\u80fd\u5f3a\u5927\u4f46\u5b66\u4e60\u66f2\u7ebf\u9661\u5ced\uff1bYakit \u662f\u96c6\u6210\u5316\u5b89\u5168\u5de5\u5177\uff0c\u5f3a\u8c03\u81ea\u52a8\u5316\uff1b\u800c Reqable \u66f4\u8d34\u8fd1\u201c\u5f00\u53d1\u8005\u53cb\u597d\u201d\uff0c\u5b83\u628a\u81ea\u5df1\u5305\u88c5\u6210\u4e00\u4e2a HTTP \u8c03\u8bd5\u5de5\u5177\uff0c\u6838\u5fc3\u4f7f\u7528\u573a\u666f\u662f\u5f00\u53d1\u3001\u6d4b\u8bd5\u3001\u8c03\u8bd5\u8fc7\u7a0b\u4e2d\u7684\u6293\u5305\u5206\u6790\u4e0e\u63a5\u53e3\u9a8c\u8bc1\u3002\u4f60\u53ef\u4ee5\u628a\u5b83\u7406\u89e3\u6210 Fiddler \u548c Charles \u7684\u73b0\u4ee3\u66ff\u4ee3\u54c1\uff0c\u4f46\u53c8\u52a0\u4e0a\u4e86 Postman \u90a3\u6837\u7684 API \u6d4b\u8bd5\u529f\u80fd\u3002\u5728\u6293\u5305\u5c42\u9762\uff0c\u5b83\u540c\u6837\u57fa\u4e8e\u4e2d\u95f4\u4eba\uff08MITM\uff09\u539f\u7406\uff0c\u9700\u8981\u5b89\u88c5 CA \u8bc1\u4e66\u3001\u8bbe\u7f6e\u4ee3\u7406\uff1b\u4f46\u5728\u529f\u80fd\u8bbe\u8ba1\u4e0a\uff0c\u5b83\u628a\u201c\u67e5\u770b\u8bf7\u6c42\u201d\u201c\u4fee\u6539\u8bf7\u6c42\u201d\u201c\u91cd\u653e\u8bf7\u6c42\u201d\u201c\u7f16\u5199\u811a\u672c\u201d\u8fd9\u51e0\u4e2a\u73af\u8282\u65e0\u7f1d\u8854\u63a5\u8d77\u6765\uff0c\u8ba9\u4f60\u4e0d\u9700\u8981\u5728\u591a\u4e2a\u5de5\u5177\u4e4b\u95f4\u6765\u56de\u5207\u6362\u3002<\/p>\n\n\n\n
        Mermaid \u56fe\u8868\uff1aReqable \u5728\u5f00\u53d1\u8005\u5de5\u5177\u94fe\u4e2d\u7684\u4f4d\u7f6e<\/p>\n\n\n\n
        \"\"<\/div><\/figure>\n\n\n\n
        \u8fd9\u5f20\u56fe\u628a Reqable \u653e\u5728\u6293\u5305\u5de5\u5177\u5bb6\u65cf\u91cc\u505a\u5bf9\u6bd4\u3002Burp \u548c Yakit \u66f4\u504f\u5b89\u5168\u6d4b\u8bd5\uff0c\u529f\u80fd\u56f4\u7ed5\u6f0f\u6d1e\u6316\u6398\u5c55\u5f00\uff1bFiddler \u548c Charles \u662f\u8001\u724c\u6293\u5305\u5de5\u5177\uff0c\u529f\u80fd\u4e13\u4e00\u4f46\u76f8\u5bf9\u9648\u65e7\uff1bReqable \u5219\u5728\u4fdd\u6301\u6293\u5305\u6838\u5fc3\u80fd\u529b\u7684\u540c\u65f6\uff0c\u878d\u5165\u4e86 API \u6d4b\u8bd5\u548c\u811a\u672c\u6269\u5c55\uff0c\u8ba9\u81ea\u5df1\u6210\u4e3a\u201c\u5f00\u53d1\u8005\u65e5\u5e38\u4f34\u4fa3\u201d\u3002\u4e0b\u534a\u90e8\u5206\u5217\u51fa\u4e86\u5b83\u7684\u4e09\u4e2a\u6838\u5fc3\u80fd\u529b\u6a21\u5757\uff0c\u4ee5\u53ca\u5bf9\u5e94\u7684\u9002\u7528\u573a\u666f\u2014\u2014\u5f53\u4f60\u5904\u4e8e\u5f00\u53d1\u8c03\u8bd5\u3001\u6570\u636e\u9a8c\u8bc1\u3001\u5feb\u901f\u9006\u5411\u8fd9\u4e9b\u9700\u8981\u201c\u8f7b\u91cf\u7ea7\u4ecb\u5165\u201d\u7684\u573a\u666f\u65f6\uff0cReqable \u5f80\u5f80\u6bd4 Burp \u66f4\u987a\u624b\u3002<\/p>\n\n\n\n
        \u4e3a\u4ec0\u4e48\u8bf4\u5b83\u662f\u201c\u901a\u7528\u65b9\u6848\u201d\uff1f\u5b83\u7684\u5de5\u4f5c\u539f\u7406<\/h3>\n\n\n\n
        Reqable \u7684\u901a\u7528\u6027\u4f53\u73b0\u5728\u51e0\u4e2a\u5c42\u9762\uff1a\u7b2c\u4e00\uff0c\u5b83\u652f\u6301 HTTP\/1.x\u3001HTTP\/2\uff0c\u751a\u81f3\u5f00\u59cb\u652f\u6301 HTTP\/3\uff08QUIC\uff09\uff0c\u8fd9\u610f\u5473\u7740\u65e0\u8bba\u4f60\u9762\u5bf9\u7684\u63a5\u53e3\u534f\u8bae\u591a\u65b0\uff0c\u5b83\u57fa\u672c\u90fd\u80fd\u5904\u7406\u3002\u7b2c\u4e8c\uff0c\u5b83\u5185\u7f6e\u4e86\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u9ed8\u8ba4\u76d1\u542c 127.0.0.1:9000<\/code>\uff08\u7aef\u53e3\u53ef\u5728\u8bbe\u7f6e\u91cc\u6539\uff09\uff0c\u53ef\u4ee5\u540c\u65f6\u63a5\u53d7 HTTP\u3001HTTPS\u3001SOCKS \u4ee3\u7406\u8bf7\u6c42\u3002\u7b2c\u4e09\uff0c\u5b83\u63d0\u4f9b\u4e86\u201c\u4e00\u952e\u5b89\u88c5\u8bc1\u4e66\u201d\u7684\u5f15\u5bfc\u6d41\u7a0b\uff0c\u6781\u5927\u964d\u4f4e\u4e86\u65b0\u624b\u914d\u7f6e\u95e8\u69db\u3002<\/p>\n\n\n\n
        \u5b83\u7684\u5de5\u4f5c\u539f\u7406\u548c Burp \u4e00\u6837\u662f\u6807\u51c6\u7684 MITM\uff1a\u542f\u52a8\u540e\u5f00\u542f\u672c\u5730\u4ee3\u7406\uff0c\u4f60\u5728\u7cfb\u7edf\u6216\u8bbe\u5907\u91cc\u628a\u4ee3\u7406\u6307\u5411 Reqable \u7684\u7aef\u53e3\uff0c\u6240\u6709\u6d41\u91cf\u5148\u7ecf\u8fc7\u5b83\u3002\u5982\u679c\u8bf7\u6c42\u662f HTTPS\uff0cReaqble \u4f1a\u7528\u81ea\u5df1\u751f\u6210\u7684 CA \u8bc1\u4e66\u4e0e\u5ba2\u6237\u7aef\u63e1\u624b\uff0c\u540c\u65f6\u4e0e\u771f\u5b9e\u670d\u52a1\u5668\u5efa\u7acb\u53e6\u4e00\u4e2a TLS \u8fde\u63a5\uff0c\u4ece\u800c\u89e3\u5bc6\u6d41\u91cf\u8ba9\u4f60\u770b\u5230\u660e\u6587\u3002\u4f46 Reqable \u5728\u8bbe\u8ba1\u4e0a\u6709\u4e00\u4e2a\u548c Burp \u4e0d\u540c\u7684\u54f2\u5b66\uff1a\u5b83\u9ed8\u8ba4\u4e0d\u62e6\u622a\u8bf7\u6c42\uff08Intercept \u9ed8\u8ba4\u5173\u95ed\uff09\uff0c\u800c\u662f\u628a\u6240\u6709\u6d41\u91cf\u5b9e\u65f6\u5c55\u793a\u5728\u5217\u8868\u91cc\uff0c\u4f60\u968f\u65f6\u53ef\u4ee5\u70b9\u8fdb\u53bb\u770b\u8be6\u60c5\u3002\u8fd9\u79cd\u201c\u88ab\u52a8\u76d1\u542c\u201d\u7684\u6a21\u5f0f\u66f4\u7b26\u5408\u5f00\u53d1\u8c03\u8bd5\u7684\u4e60\u60ef\u2014\u2014\u4f60\u53ea\u662f\u60f3\u89c2\u5bdf\u6570\u636e\uff0c\u800c\u4e0d\u662f\u4e00\u5f00\u59cb\u5c31\u60f3\u7be1\u6539\u5b83\u3002<\/p>\n\n\n\n
        \u4e3a\u4ec0\u4e48\u8fd9\u6837\u8bbe\u8ba1\uff1f\u56e0\u4e3a Reqable \u7684\u5178\u578b\u7528\u6237\u662f\u5f00\u53d1\u8005\u548c\u6d4b\u8bd5\u4eba\u5458\uff0c\u4ed6\u4eec\u9996\u8981\u9700\u6c42\u662f\u201c\u770b\u6e05\u695a\u63a5\u53e3\u8fd4\u56de\u4e86\u4ec0\u4e48\u201d\uff0c\u7136\u540e\u624d\u662f\u201c\u6539\u70b9\u4ec0\u4e48\u8bd5\u8bd5\u201d\u3002\u800c Burp \u7684\u5b89\u5168\u6d4b\u8bd5\u573a\u666f\u91cc\uff0c\u62e6\u622a\u548c\u4fee\u6539\u5f80\u5f80\u662f\u7b2c\u4e00\u6b65\u3002\u8fd9\u79cd\u8bbe\u8ba1\u4e0a\u7684\u5fae\u5999\u5dee\u5f02\uff0c\u51b3\u5b9a\u4e86 Reqable \u7684\u4e0a\u624b\u4f53\u9a8c\u66f4\u5e73\u6ed1\u3002<\/p>\n\n\n\n
        Mermaid \u56fe\u8868\uff1aReqable \u6293\u5305\u6570\u636e\u6d41<\/p>\n\n\n\n
        \"\"<\/div><\/figure>\n\n\n\n
        \u8fd9\u5f20\u56fe\u5c55\u793a\u4e86 Reqable \u5185\u90e8\u7684\u51e0\u4e2a\u5173\u952e\u73af\u8282\u3002\u7bad\u5934 2 \u4ee3\u8868\u5b83\u4f1a\u628a\u6d41\u91cf\u5b9e\u65f6\u5c55\u793a\u5728\u754c\u9762\u4e0a\uff0c\u8ba9\u4f60\u770b\u5230\u539f\u59cb\u8bf7\u6c42\u548c\u54cd\u5e94\u3002\u7bad\u5934 3 \u548c 4 \u4ee3\u8868\u5982\u679c\u542f\u7528\u4e86\u811a\u672c\u529f\u80fd\uff0c\u8bf7\u6c42\u548c\u54cd\u5e94\u5728\u8f6c\u53d1\u524d\u540e\u4f1a\u88ab Python \u811a\u672c\u5904\u7406\uff0c\u4f60\u53ef\u4ee5\u5728\u811a\u672c\u91cc\u4fee\u6539\u4efb\u610f\u5b57\u6bb5\u3002\u8fd9\u79cd\u67b6\u6784\u7684\u597d\u5904\u662f\u201c\u89c2\u5bdf\u201d\u548c\u201c\u4fee\u6539\u201d\u89e3\u8026\uff1a\u5373\u4f7f\u4e0d\u5199\u811a\u672c\uff0c\u4f60\u4e5f\u80fd\u6b63\u5e38\u6293\u5305\uff1b\u5199\u4e86\u811a\u672c\uff0c\u5c31\u80fd\u5b9e\u73b0\u81ea\u52a8\u5316\u5904\u7406\uff0c\u6bd4\u5982\u81ea\u52a8\u7ed9\u8bf7\u6c42\u52a0\u8ba4\u8bc1\u5934\u3001\u66ff\u6362\u54cd\u5e94\u91cc\u7684\u67d0\u4e9b\u5b57\u6bb5\u3002<\/p>\n\n\n\n
        \u6838\u5fc3\u529f\u80fd\u89e3\u6790\u4e0e\u5de5\u5177\u5bf9\u6bd4<\/h3>\n\n\n\n
        Reqable \u548c Burp\u3001Yakit \u7684\u5dee\u5f02\uff0c\u53ef\u4ee5\u4ece\u4e0b\u9762\u8fd9\u4e2a\u8868\u683c\u770b\u5f97\u66f4\u6e05\u695a\uff1a<\/p>\n\n\n\n
        \u7ef4\u5ea6<\/strong><\/th>Reqable<\/strong><\/th>Burp Suite<\/strong><\/th>Yakit<\/strong><\/th><\/tr><\/thead>
        \u6838\u5fc3\u5b9a\u4f4d<\/strong><\/td>HTTP \u5f00\u53d1\u8c03\u8bd5 + API \u6d4b\u8bd5<\/td>Web \u5b89\u5168\u6d4b\u8bd5\u5e73\u53f0<\/td>\u96c6\u6210\u5316\u5b89\u5168\u5de5\u5177<\/td><\/tr>
        \u4e0a\u624b\u96be\u5ea6<\/strong><\/td>\u4f4e\uff0cUI \u73b0\u4ee3\uff0c\u5f15\u5bfc\u6e05\u6670<\/td>\u4e2d\u9ad8\uff0c\u754c\u9762\u4f20\u7edf<\/td>\u4e2d\uff0c\u529f\u80fd\u96c6\u6210\u5ea6\u9ad8<\/td><\/tr>
        \u811a\u672c\u6269\u5c55<\/strong><\/td>Python \u811a\u672c\uff0c\u652f\u6301 onRequest\/onResponse \u94a9\u5b50<\/td>Java \u63d2\u4ef6\uff08\u6269\u5c55\u6027\u5f3a\u4f46\u95e8\u69db\u9ad8\uff09<\/td>\u5185\u7f6e\u5927\u91cf Poc \u548c\u63d2\u4ef6<\/td><\/tr>
        \u8de8\u5e73\u53f0<\/strong><\/td>Windows\/macOS\/Linux\/\u79fb\u52a8\u7aef<\/td>Windows\/Linux\/macOS\uff08\u9700 Java\uff09<\/td>Windows\/macOS\/Linux<\/td><\/tr>
        API \u6d4b\u8bd5<\/strong><\/td>\u5185\u7f6e\u7c7b\u4f3c Postman \u7684\u8bf7\u6c42\u7f16\u8f91\u5668<\/td>\u9700\u914d\u5408 Repeater \u624b\u52a8\u7ec4\u88c5<\/td>\u63d0\u4f9b Web Fuzzer<\/td><\/tr>
        \u534f\u540c\u6293\u5305<\/strong><\/td>\u624b\u673a\u626b\u7801\u8fde\u63a5\u684c\u9762\u7aef\uff0c\u65e0\u9700\u914d\u4ee3\u7406<\/td>\u9700\u624b\u52a8\u8bbe\u4ee3\u7406<\/td>\u9700\u624b\u52a8\u8bbe\u4ee3\u7406<\/td><\/tr>
        \u5178\u578b\u573a\u666f<\/strong><\/td>\u5f00\u53d1\u8c03\u8bd5\u3001\u63a5\u53e3\u9a8c\u8bc1\u3001\u9006\u5411\u5206\u6790<\/td>\u6f0f\u6d1e\u6316\u6398\u3001\u6e17\u900f\u6d4b\u8bd5<\/td>\u81ea\u52a8\u5316\u626b\u63cf\u3001\u6e17\u900f\u6d4b\u8bd5<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
        \u4ece\u8fd9\u4e2a\u5bf9\u6bd4\u80fd\u770b\u51fa\uff0cReqable \u7684\u201c\u901a\u7528\u65b9\u6848\u201d\u5b9a\u4f4d\u5176\u5b9e\u662f\u5728\u201c\u5f00\u53d1\u8c03\u8bd5\u201d\u8fd9\u4e2a\u7ec6\u5206\u9886\u57df\u91cc\u505a\u5230\u4e86\u4e00\u7ad9\u5f0f\u8986\u76d6\u3002\u5b83\u4e0d\u50cf Burp \u90a3\u6837\u4e3a\u5b89\u5168\u6d4b\u8bd5\u800c\u751f\uff0c\u4f46\u5982\u679c\u4f60\u53ea\u662f\u8981\u201c\u6293\u4e2a\u5305\u770b\u770b\u63a5\u53e3\u201d\uff0c\u5b83\u6bd4 Burp \u8f7b\u5f97\u591a\uff1b\u5982\u679c\u4f60\u9700\u8981\u201c\u6539\u4e2a\u5305\u518d\u53d1\u4e00\u6b21\u201d\uff0c\u5b83\u5185\u7f6e\u7684\u8bf7\u6c42\u7f16\u8f91\u5668\u548c\u91cd\u653e\u529f\u80fd\u6bd4 Fiddler \u987a\u624b\uff1b\u5982\u679c\u4f60\u719f\u6089 Python\uff0c\u5b83\u7684\u811a\u672c\u529f\u80fd\u751a\u81f3\u53ef\u4ee5\u8ba9\u4f60\u5b9e\u73b0\u4e00\u4e9b\u81ea\u52a8\u5316\u6d4b\u8bd5\u903b\u8f91\u3002<\/p>\n\n\n\n
        \u5178\u578b\u573a\u666f\u914d\u7f6e\uff1a\u4ece\u96f6\u5f00\u59cb\u7528 Reqable \u6293\u5305<\/h3>\n\n\n\n
        \u5047\u8bbe\u4f60\u73b0\u5728\u60f3\u5206\u6790\u4e00\u4e2a\u5b89\u5353 App \u7684\u767b\u5f55\u63a5\u53e3\uff0c\u6216\u8005\u53ea\u662f\u60f3\u770b\u770b\u67d0\u4e2a\u7f51\u9875\u52a0\u8f7d\u4e86\u54ea\u4e9b\u8bf7\u6c42\u3002\u4e0b\u9762\u662f\u5b8c\u6574\u7684 Reqable \u4f7f\u7528\u6b65\u9aa4\u3002<\/p>\n\n\n\n
        \u7b2c\u4e00\u6b65\uff1a\u4e0b\u8f7d\u5b89\u88c5\u5e76\u542f\u52a8\u3002<\/strong> \u4ece\u5b98\u7f51\u4e0b\u8f7d\u5bf9\u5e94\u7cfb\u7edf\u7684\u5b89\u88c5\u5305\uff0c\u4e00\u8def\u4e0b\u4e00\u6b65\u5b89\u88c5\u5b8c\u6210\u3002\u542f\u52a8\u540e\uff0c\u4f60\u4f1a\u770b\u5230\u7b80\u6d01\u7684\u4e3b\u754c\u9762\uff0c\u9876\u90e8\u6709\u51e0\u4e2a\u6838\u5fc3\u6309\u94ae\uff1a\u542f\u52a8\u8c03\u8bd5\uff08\u5c0f\u98de\u673a\u56fe\u6807\uff09\u3001\u5b89\u88c5\u8bc1\u4e66\uff08\u76fe\u724c\u56fe\u6807\uff09\u3001\u8bbe\u7f6e\u4ee3\u7406\uff08\u7f51\u7edc\u56fe\u6807\uff09\u3002<\/p>\n\n\n\n
        \u7b2c\u4e8c\u6b65\uff1a\u5b89\u88c5\u8bc1\u4e66\u3002<\/strong> \u70b9\u51fb\u76fe\u724c\u56fe\u6807\uff0c\u9009\u62e9\u4f60\u7684\u64cd\u4f5c\u7cfb\u7edf\uff08Windows\/macOS\/Linux\uff09\uff0cReqable \u4f1a\u5f39\u51fa\u5f15\u5bfc\u7a97\u53e3\u3002\u4ee5 Windows \u4e3a\u4f8b\uff0c\u70b9\u51fb\u201c\u73b0\u5728\u5b89\u88c5\u201d\uff0c\u5b83\u4f1a\u81ea\u52a8\u628a CA \u8bc1\u4e66\u5b89\u88c5\u5230\u7cfb\u7edf\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u5b58\u50a8\u91cc\u3002\u5b89\u88c5\u6210\u529f\u540e\uff0c\u76fe\u724c\u56fe\u6807\u4f1a\u4ece\u7ea2\u8272\u53c9\u53f7\u53d8\u6210\u7eff\u8272\u52fe\u53f7\u3002\u8fd9\u4e00\u6b65\u662f\u89e3\u5bc6 HTTPS \u7684\u524d\u63d0\uff0c\u5982\u679c\u4e0d\u5b89\u88c5\uff0c\u4f60\u53ea\u80fd\u770b\u5230 CONNECT \u96a7\u9053\uff0c\u770b\u4e0d\u5230\u660e\u6587\u3002<\/p>\n\n\n\n
        \u7b2c\u4e09\u6b65\uff1a\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\u3002<\/strong> \u70b9\u51fb\u7f51\u7edc\u56fe\u6807\uff0cReqable \u4f1a\u81ea\u52a8\u5e2e\u4f60\u628a\u64cd\u4f5c\u7cfb\u7edf\u7684 HTTP\/HTTPS \u4ee3\u7406\u8bbe\u7f6e\u4e3a 127.0.0.1:9000<\/code>\u3002\u56fe\u6807\u53d8\u7eff\u8bf4\u660e\u8bbe\u7f6e\u6210\u529f\u3002\u8fd9\u65f6\u4f60\u6253\u5f00\u6d4f\u89c8\u5668\u8bbf\u95ee\u4efb\u610f HTTPS \u7f51\u7ad9\uff0c\u5e94\u8be5\u5c31\u80fd\u5728 Reqable \u7684\u8c03\u8bd5\u5217\u8868\u91cc\u770b\u5230\u8bf7\u6c42\u4e86\u3002<\/p>\n\n\n\n
        \u7b2c\u56db\u6b65\uff08\u53ef\u9009\uff09\uff1a\u6293\u53d6\u624b\u673a App \u6d41\u91cf\u3002<\/strong> \u5982\u679c\u4f60\u60f3\u6293\u624b\u673a\u4e0a\u7684 App\uff0c\u786e\u4fdd\u624b\u673a\u548c\u7535\u8111\u8fde\u540c\u4e00\u4e2a Wi-Fi\u3002\u5728 Reqable \u9876\u90e8\u53ef\u4ee5\u770b\u5230\u7535\u8111\u7684 IP \u5730\u5740\u548c\u7aef\u53e3\uff08\u4f8b\u5982 192.168.1.100:9000<\/code>\uff09\u3002\u5728\u624b\u673a Wi-Fi \u8bbe\u7f6e\u91cc\u914d\u7f6e\u624b\u52a8\u4ee3\u7406\uff0c\u586b\u5165\u8fd9\u4e2a IP \u548c\u7aef\u53e3\u3002\u7136\u540e\u5728\u624b\u673a\u4e0a\u8bbf\u95ee http:\/\/reqable<\/code> \u4e0b\u8f7d\u5e76\u5b89\u88c5 Reqable \u7684 CA \u8bc1\u4e66\uff08Android \u53ef\u80fd\u9700\u8981\u4ece\u8bbe\u7f6e\u91cc\u5b89\u88c5\uff09\u3002\u4e4b\u540e\u624b\u673a\u4e0a\u7684\u6240\u6709 HTTP\/HTTPS \u6d41\u91cf\u5c31\u4f1a\u51fa\u73b0\u5728\u7535\u8111\u7684 Reqable \u5217\u8868\u91cc\u3002<\/p>\n\n\n\n
        \u7b2c\u4e94\u6b65\uff1a\u5206\u6790\u8bf7\u6c42\u3002<\/strong> \u5728 Reqable \u7684\u8c03\u8bd5\u5217\u8868\u91cc\uff0c\u6bcf\u4e2a\u8bf7\u6c42\u4f1a\u663e\u793a\u57df\u540d\u3001\u65b9\u6cd5\u3001\u8def\u5f84\u3001\u72b6\u6001\u7801\u3001\u5927\u5c0f\u548c\u65f6\u95f4\u3002\u53cc\u51fb\u4efb\u610f\u8bf7\u6c42\uff0c\u53f3\u4fa7\u4f1a\u6ed1\u51fa\u8be6\u60c5\u9762\u677f\uff0c\u5206\u4e3a Request\uff08\u8bf7\u6c42\u884c\u3001\u5934\u3001\u4f53\uff09\u548c Response\uff08\u54cd\u5e94\u884c\u3001\u5934\u3001\u4f53\uff09\u4e24\u4e2a Tab\u3002\u4f60\u53ef\u4ee5\u5728\u8fd9\u91cc\u4ed4\u7ec6\u67e5\u770b\u63a5\u53e3\u8fd4\u56de\u7684 JSON \u6570\u636e\uff0c\u786e\u8ba4\u5b57\u6bb5\u662f\u5426\u7b26\u5408\u9884\u671f\u3002<\/p>\n\n\n\n
        \u811a\u672c\u529f\u80fd\uff1a\u8ba9 Reqable \u81ea\u52a8\u5904\u7406\u6d41\u91cf<\/h3>\n\n\n\n
        Reqable \u6700\u72ec\u7279\u7684\u529f\u80fd\u4e4b\u4e00\u662f\u5176\u5185\u7f6e\u7684 Python \u811a\u672c\u5f15\u64ce\u3002\u4f60\u53ef\u4ee5\u7f16\u5199\u811a\u672c\uff0c\u5728\u8bf7\u6c42\u53d1\u9001\u524d\uff08onRequest\uff09\u6216\u54cd\u5e94\u8fd4\u56de\u524d\uff08onResponse\uff09\u5bf9\u5176\u8fdb\u884c\u4fee\u6539\u3002\u6bd4\u5982\u4f60\u60f3\u7ed9\u6240\u6709\u53d1\u5f80 api.example.com<\/code> \u7684\u8bf7\u6c42\u81ea\u52a8\u6dfb\u52a0\u4e00\u4e2a Authorization<\/code> \u5934\uff0c\u53ef\u4ee5\u8fd9\u6837\u914d\u7f6e\uff1a<\/p>\n\n\n\n
        \u9996\u5148\uff0c\u70b9\u51fb\u9876\u90e8\u811a\u672c\u56fe\u6807\uff08\u7c7b\u4f3c\u201c{}\u201d\uff09\uff0c\u9009\u62e9\u201c\u65b0\u5efa\u89c4\u5219\u201d\u3002\u8f93\u5165\u89c4\u5219\u540d\u79f0\uff0cURL \u5339\u914d\u6a21\u5f0f\u586b api.example.com\/*<\/code>\u3002\u7136\u540e\u7f16\u5199 Python \u811a\u672c\uff1a<\/p>\n\n\n\n
        def onRequest(context, request):\n    # \u7ed9\u8bf7\u6c42\u6dfb\u52a0\u4e00\u4e2a\u81ea\u5b9a\u4e49\u5934\n    request.headers['X-Debug-Tag'] = 'Reqable-Script'\n    # \u5982\u679c\u8bf7\u6c42\u4f53\u662f JSON\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u89e3\u6790\u4fee\u6539\n    # import json\n    # body = json.loads(request.body)\n    # body['debug'] = True\n    # request.body = json.dumps(body)\n    return request\n\ndef onResponse(context, response):\n    # \u53ef\u4ee5\u8bb0\u5f55\u54cd\u5e94\u72b6\u6001\u7801\n    print(f\"Response status: {response.statusCode}\")\n    # \u5982\u679c\u54cd\u5e94\u4f53\u662f JSON\uff0c\u4e5f\u53ef\u4ee5\u4fee\u6539\n    return response<\/code><\/pre>\n\n\n\n
          \n
        • onRequest<\/code> \u51fd\u6570\u63a5\u6536 context<\/code> \u548c request<\/code> \u5bf9\u8c61\uff0c\u4f60\u53ef\u4ee5\u5728\u8fd4\u56de\u524d\u4efb\u610f\u4fee\u6539 request<\/code> \u7684\u5c5e\u6027\uff08headers\u3001body\u3001url \u7b49\uff09\u3002<\/li>\n\n\n\n
        • onResponse<\/code> \u7c7b\u4f3c\uff0c\u53ef\u4ee5\u4fee\u6539\u54cd\u5e94\u5185\u5bb9\u3002<\/li>\n\n\n\n
        • context<\/code> \u5bf9\u8c61\u53ef\u4ee5\u7528\u6765\u5728\u4e24\u4e2a\u51fd\u6570\u95f4\u5171\u4eab\u6570\u636e\uff08\u6bd4\u5982\u5728\u8bf7\u6c42\u91cc\u5b58\u4e2a\u65f6\u95f4\u6233\uff0c\u54cd\u5e94\u91cc\u8bfb\u51fa\u6765\uff09\u3002<\/li>\n\n\n\n
        • \u811a\u672c\u4fee\u6539\u540e\u81ea\u52a8\u751f\u6548\uff0c\u4f60\u53ef\u4ee5\u5728\u53f3\u4fa7\u7684\u63a7\u5236\u53f0\u770b\u5230 print<\/code> \u8f93\u51fa\u7684\u65e5\u5fd7\u3002<\/li>\n<\/ul>\n\n\n\n
          \u8fd9\u4e2a\u811a\u672c\u529f\u80fd\u8ba9\u4f60\u80fd\u5b9e\u73b0\u5f88\u591a\u81ea\u52a8\u5316\u64cd\u4f5c\uff1a\u81ea\u52a8\u6dfb\u52a0\u7b7e\u540d\u53c2\u6570\u3001\u66ff\u6362\u6d4b\u8bd5\u73af\u5883\u7684\u57df\u540d\u3001\u62e6\u622a\u7279\u5b9a\u54cd\u5e94\u5e76 mock \u6570\u636e\u7b49\u7b49\u3002\u76f8\u6bd4 Burp \u91cc\u9700\u8981\u5199\u590d\u6742\u6269\u5c55\uff0cPython \u811a\u672c\u5bf9\u666e\u901a\u5f00\u53d1\u8005\u53cb\u597d\u5f97\u591a\u3002<\/p>\n\n\n\n
          Mermaid \u56fe\u8868\uff1aReqable \u811a\u672c\u5904\u7406\u6d41\u7a0b\u56fe<\/p>\n\n\n\n
          \"\"<\/div><\/figure>\n\n\n\n
          \u8fd9\u5f20\u56fe\u5c55\u793a\u4e86\u811a\u672c\u5f15\u64ce\u4ecb\u5165\u7684\u65f6\u673a\u3002\u8bf7\u6c42\u5728\u53d1\u5f80\u670d\u52a1\u5668\u4e4b\u524d\uff0c\u4f1a\u68c0\u67e5\u662f\u5426\u6709\u5339\u914d\u7684\u89c4\u5219\uff0c\u5982\u679c\u6709\u5c31\u6267\u884c onRequest<\/code>\uff1b\u54cd\u5e94\u8fd4\u56de\u5ba2\u6237\u7aef\u4e4b\u524d\u540c\u6837\u4f1a\u7ecf\u8fc7 onResponse<\/code> \u68c0\u67e5\u3002\u6574\u4e2a\u8fc7\u7a0b\u5bf9\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u900f\u660e\uff0c\u4f60\u53ef\u4ee5\u5728\u4e2d\u95f4\u5c42\u968f\u5fc3\u6240\u6b32\u5730\u6ce8\u5165\u903b\u8f91\u3002<\/p>\n\n\n\n
          \u6700\u5bb9\u6613\u8e29\u7684\u5751\u548c\u9a8c\u8bc1\u65b9\u6cd5<\/h3>\n\n\n\n
          \u5751 1\uff1a\u8bc1\u4e66\u5b89\u88c5\u540e Chrome \u4ecd\u7136\u62a5\u9519 NET::ERR_CERT_AUTHORITY_INVALID\u3002<\/strong> \u8fd9\u901a\u5e38\u662f\u56e0\u4e3a Chrome \u6709\u81ea\u5df1\u7684\u8bc1\u4e66\u7f13\u5b58\uff0c\u6216\u8005\u4f60\u5b89\u88c5\u7684\u8bc1\u4e66\u6ca1\u8986\u76d6\u5230\u6240\u6709\u6d4f\u89c8\u5668\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u91cd\u542f\u6d4f\u89c8\u5668\uff0c\u6216\u8005\u6253\u5f00 Chrome \u7684\u201c\u7ba1\u7406\u8bc1\u4e66\u201d\u91cc\u786e\u8ba4 Reqable CA \u786e\u5b9e\u5728\u201c\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u201d\u5217\u8868\u4e2d\u3002\u4e5f\u53ef\u4ee5\u8bd5\u8bd5\u7528\u65e0\u75d5\u6a21\u5f0f\u8bbf\u95ee\u3002<\/p>\n\n\n\n
          \u5751 2\uff1a\u624b\u673a\u914d\u7f6e\u4ee3\u7406\u540e\u65e0\u6cd5\u4e0a\u7f51\u3002<\/strong> \u53ef\u80fd\u662f\u7535\u8111\u9632\u706b\u5899\u963b\u6b62\u4e86 9000 \u7aef\u53e3\u7684\u5165\u7ad9\u8fde\u63a5\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u5728 Windows \u9632\u706b\u5899\u6216 macOS \u5b89\u5168\u8bbe\u7f6e\u91cc\uff0c\u5141\u8bb8 Reqable \u5e94\u7528\u901a\u8fc7\u9632\u706b\u5899\uff0c\u6216\u8005\u4e34\u65f6\u5173\u95ed\u9632\u706b\u5899\u6d4b\u8bd5\u3002\u4e5f\u53ef\u4ee5\u5728 Reqable \u91cc\u628a\u7aef\u53e3\u6539\u4e3a\u5176\u4ed6\u6570\u503c\uff08\u6bd4\u5982 8888\uff09\u8bd5\u8bd5\u3002<\/p>\n\n\n\n
          \u5751 3\uff1a\u811a\u672c\u4fee\u6539\u4e0d\u751f\u6548\u3002<\/strong> \u5148\u68c0\u67e5\u811a\u672c\u7f16\u8f91\u5668\u53f3\u4fa7\u7684\u201c\u63a7\u5236\u53f0\u201d\u6709\u6ca1\u6709\u62a5\u9519\u4fe1\u606f\uff08\u6bd4\u5982\u8bed\u6cd5\u9519\u8bef\uff09\u3002\u53e6\u5916\u6ce8\u610f onRequest<\/code> \u5fc5\u987b\u8fd4\u56de\u4fee\u6539\u540e\u7684 request<\/code> \u5bf9\u8c61\uff0c\u5982\u679c\u5fd8\u4e86 return<\/code>\uff0c\u8bf7\u6c42\u4f1a\u88ab\u4e2d\u65ad\u3002<\/p>\n\n\n\n
          \u9a8c\u8bc1\u65b9\u6cd5<\/strong>\uff1a\u6700\u7b80\u5355\u7684\u662f\u7528\u6d4f\u89c8\u5668\u8bbf\u95ee http:\/\/httpbin.org\/get<\/code>\uff0c\u4f60\u4f1a\u5728 Reqable \u91cc\u770b\u5230\u8bf7\u6c42\u8be6\u60c5\uff0c\u5305\u62ec URL\u3001headers\u3001IP \u7b49\u3002\u5982\u679c\u4f60\u5199\u4e86\u811a\u672c\u6dfb\u52a0\u5934\uff0c\u53ef\u4ee5\u5728\u8bf7\u6c42\u5934\u91cc\u770b\u5230\u4f60\u6dfb\u52a0\u7684\u5b57\u6bb5\u3002\u4e5f\u53ef\u4ee5\u5c1d\u8bd5\u7528\u624b\u673a\u8bbf\u95ee\uff0c\u786e\u8ba4\u4ee3\u7406\u94fe\u8def\u901a\u987a\u3002<\/p>\n\n\n\n
          \u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u7528 Reqable\uff1f\u4ec0\u4e48\u65f6\u5019\u7528 Burp\/Yakit\uff1f<\/h3>\n\n\n\n
          \u4f18\u5148\u9009 Reqable \u7684\u573a\u666f<\/strong>\uff1a\u65e5\u5e38\u5f00\u53d1\u8c03\u8bd5\u63a5\u53e3\u3001\u5feb\u901f\u67e5\u770b App \u6216\u7f51\u9875\u7684\u8bf7\u6c42\u6570\u636e\u3001\u9700\u8981\u7ecf\u5e38\u91cd\u653e\u8bf7\u6c42\u6d4b\u8bd5\u3001\u5e0c\u671b\u7528 Python \u811a\u672c\u81ea\u52a8\u5316\u5904\u7406\u6d41\u91cf\u3001\u9700\u8981\u5728\u624b\u673a\u548c\u7535\u8111\u4e4b\u95f4\u65e0\u7f1d\u534f\u540c\u6293\u5305\u3001\u60f3\u8981\u4e00\u4e2a\u754c\u9762\u6e05\u723d\u4e14\u8de8\u5e73\u53f0\u7684\u5de5\u5177\u3002\u5c24\u5176\u5f53\u4f60\u53ea\u662f\u201c\u770b\u4e00\u773c\u63a5\u53e3\u8fd4\u56de\u4ec0\u4e48\u201d\u800c\u4e0d\u662f\u201c\u7cfb\u7edf\u5730\u6316\u6398\u6f0f\u6d1e\u201d\u65f6\uff0cReqable \u6bd4 Burp \u8f7b\u5de7\u5f97\u591a\u3002<\/p>\n\n\n\n
          \u4ecd\u7136\u9700\u8981 Burp\/Yakit \u7684\u573a\u666f<\/strong>\uff1a\u4e13\u4e1a\u7684\u6e17\u900f\u6d4b\u8bd5\uff0c\u6bd4\u5982\u9700\u8981 Intruder \u8fdb\u884c\u66b4\u529b\u7834\u89e3\u3001Scanner \u81ea\u52a8\u5316\u626b\u63cf\u6f0f\u6d1e\u3001\u5404\u79cd\u590d\u6742\u7684\u5b89\u5168\u63d2\u4ef6\u652f\u6301\u3001\u591a\u4eba\u534f\u4f5c\u7684\u6d4b\u8bd5\u9879\u76ee\u3002Burp \u5728\u5b89\u5168\u9886\u57df\u7684\u751f\u6001\u79ef\u7d2f\u662f Reqable \u77ed\u671f\u5185\u65e0\u6cd5\u66ff\u4ee3\u7684\u3002Yakit \u7684\u96c6\u6210\u5316\u6f0f\u6d1e\u626b\u63cf\u548c Poc \u7ba1\u7406\u4e5f\u8fdc\u8d85 Reqable \u7684\u80fd\u529b\u8303\u56f4\u3002<\/p>\n\n\n\n
          \u66ff\u4ee3\u65b9\u6848\u591f\u7528\u7684\u60c5\u51b5<\/strong>\uff1a\u5982\u679c\u4f60\u53ea\u9700\u8981\u6293\u53d6\u81ea\u5df1\u5199\u7684 App \u7684\u5305\uff0c\u7528 Android Studio \u7684 Network Profiler \u6216 iOS \u7684 Charles \u96c6\u6210\u66f4\u76f4\u63a5\u3002\u5982\u679c\u4f60\u53ea\u662f\u4e34\u65f6\u770b\u4e00\u773c\u67d0\u4e2a\u8bf7\u6c42\uff0c\u6d4f\u89c8\u5668\u81ea\u5e26\u7684\u5f00\u53d1\u8005\u5de5\u5177\uff08F12 \u7684\u7f51\u7edc\u9762\u677f\uff09\u5df2\u7ecf\u8db3\u591f\uff0c\u4e0d\u9700\u8981\u989d\u5916\u88c5\u8f6f\u4ef6\u3002<\/p>\n\n\n\n
          Reqable \u7684\u51fa\u73b0\uff0c\u586b\u8865\u4e86\u201c\u91cd\u578b\u5b89\u5168\u5de5\u5177\u201d\u548c\u201c\u7b80\u964b\u6d4f\u89c8\u5668\u5de5\u5177\u201d\u4e4b\u95f4\u7684\u7a7a\u767d\u3002\u5b83\u7528\u4e00\u79cd\u73b0\u4ee3\u5316\u3001\u4f4e\u95e8\u69db\u7684\u65b9\u5f0f\uff0c\u628a\u6293\u5305\u3001\u8c03\u8bd5\u3001\u6d4b\u8bd5\u6574\u5408\u5728\u4e00\u8d77\uff0c\u8ba9\u4f60\u5728\u5904\u7406\u65e5\u5e38\u5f00\u53d1\u4e2d\u7684\u7f51\u7edc\u95ee\u9898\u65f6\uff0c\u4e0d\u7528\u5728\u591a\u4e2a\u8f6f\u4ef6\u95f4\u53cd\u590d\u6a2a\u8df3\u3002\u5bf9\u4e8e\u4ece\u96f6\u5f00\u59cb\u5b66\u4e60\u6293\u5305\u7684\u65b0\u624b\uff0c\u5b83\u53ef\u80fd\u662f\u6700\u53cb\u597d\u7684\u8d77\u70b9\uff1b\u800c\u5bf9\u4e8e\u5df2\u7ecf\u719f\u6089 Burp \u7684\u4f60\uff0c\u5b83\u5219\u662f\u4e00\u4e2a\u9ad8\u6548\u7684\u8f85\u52a9\u5de5\u5177\u2014\u2014\u5c24\u5176\u662f\u5f53\u4f60\u9700\u8981\u5feb\u901f\u9a8c\u8bc1\u4e00\u4e2a\u60f3\u6cd5\uff0c\u5374\u53c8\u4e0d\u60f3\u6253\u5f00\u5e9e\u5927\u7684 Burp \u65f6\u3002<\/p>\n\n\n\n
          \u6293\u5305\u6280\u672f-\u5176\u4ed6\u5de5\u5177-http\/s-Fiddler&Charles<\/h2>\n\n\n\n
          \u5f53\u4f60\u5df2\u7ecf\u719f\u6089\u4e86 Burp \u8fd9\u6837\u7684\u5b89\u5168\u6d4b\u8bd5\u5e73\u53f0\uff0c\u4e5f\u4f53\u9a8c\u8fc7 Reqable \u8fd9\u79cd\u73b0\u4ee3\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\uff0c\u53ef\u80fd\u4f1a\u89c9\u5f97\u6293\u5305\u4e16\u754c\u597d\u50cf\u5c31\u662f\u8fd9\u4e9b\u65b0\u9510\u5de5\u5177\u7684\u5929\u4e0b\u3002\u4f46\u5982\u679c\u4f60\u53bb\u95ee\u4e00\u4e2a\u505a\u4e86\u5341\u5e74 Windows \u5f00\u53d1\u7684\u8001\u7a0b\u5e8f\u5458\uff0c\u6216\u8005\u4e00\u4e2a\u957f\u671f\u4ece\u4e8b iOS \u5e94\u7528\u8c03\u8bd5\u7684\u5de5\u7a0b\u5e08\uff0c\u4ed6\u4eec\u5927\u6982\u7387\u4f1a\u8131\u53e3\u800c\u51fa\u4e24\u4e2a\u540d\u5b57\uff1aFiddler \u548c Charles\u3002\u8fd9\u4e24\u4e2a\u5de5\u5177\u53ef\u4ee5\u8bf4\u662f\u6293\u5305\u754c\u7684\u201c\u6d3b\u5316\u77f3\u201d\uff0c\u8bde\u751f\u4e8e\u4e92\u8054\u7f51\u65e9\u671f\uff0c\u7ecf\u5386\u4e86\u4ece HTTP\/1.0 \u5230 HTTP\/2\u3001\u4ece\u660e\u6587\u5230\u5168\u9762 HTTPS \u7684\u53d8\u8fc1\uff0c\u81f3\u4eca\u4ecd\u5728\u65e0\u6570\u5f00\u53d1\u8005\u7684\u7535\u8111\u91cc\u5360\u6709\u4e00\u5e2d\u4e4b\u5730\u3002\u5b83\u4eec\u6ca1\u6709 Burp \u90a3\u6837\u5f3a\u5927\u7684\u6f0f\u6d1e\u6316\u6398\u80fd\u529b\uff0c\u4e5f\u6ca1\u6709 Reqable \u90a3\u6837\u73b0\u4ee3\u5316\u7684\u754c\u9762\u548c\u811a\u672c\u7cfb\u7edf\uff0c\u4f46\u5b83\u4eec\u4ee5\u6781\u81f4\u7684\u7a33\u5b9a\u3001\u5bf9\u7279\u5b9a\u5e73\u53f0\u7684\u6df1\u5ea6\u4f18\u5316\u3001\u4ee5\u53ca\u4e00\u4e9b\u72ec\u95e8\u7edd\u6280\uff0c\u5728\u201c\u5f00\u53d1\u8c03\u8bd5\u201d\u8fd9\u4e2a\u7ec6\u5206\u9886\u57df\u91cc\u7262\u7262\u5360\u636e\u7740\u4e00\u5e2d\u4e4b\u5730\u3002<\/p>\n\n\n\n
          Fiddler \u4e0e Charles \u5728\u6293\u5305\u5de5\u5177\u8c31\u7cfb\u4e2d\u7684\u4f4d\u7f6e<\/h3>\n\n\n\n
          \u6574\u4e2a\u6293\u5305\u5de5\u5177\u5bb6\u65cf\u53ef\u4ee5\u6309\u7167\u4f7f\u7528\u573a\u666f\u5927\u81f4\u5206\u4e3a\u4e09\u7c7b\u3002\u7b2c\u4e00\u7c7b\u662f\u5b89\u5168\u6d4b\u8bd5\u5e73\u53f0\uff0c\u4ee5 Burp Suite\u3001Yakit \u4e3a\u4ee3\u8868\uff0c\u6838\u5fc3\u529f\u80fd\u56f4\u7ed5\u6e17\u900f\u6d4b\u8bd5\u5c55\u5f00\uff0c\u5f3a\u8c03\u53ef\u6269\u5c55\u6027\u548c\u81ea\u52a8\u5316\u6f0f\u6d1e\u53d1\u73b0\u3002\u7b2c\u4e8c\u7c7b\u662f\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\uff0c\u4ee5 Fiddler\u3001Charles\u3001Reqable \u4e3a\u4ee3\u8868\uff0c\u5b83\u4eec\u66f4\u5173\u6ce8\u5e2e\u52a9\u5f00\u53d1\u8005\u770b\u6e05\u63a5\u53e3\u6570\u636e\u3001\u6a21\u62df\u7f51\u7edc\u73af\u5883\u3001\u5feb\u901f\u91cd\u653e\u8bf7\u6c42\u3002\u7b2c\u4e09\u7c7b\u662f\u7cfb\u7edf\u7ea7\u6293\u5305\u5de5\u5177\uff0c\u5982 Wireshark\u3001Tcpdump\uff0c\u5b83\u4eec\u5de5\u4f5c\u5728\u7f51\u7edc\u5c42\uff0c\u4e0d\u5173\u5fc3\u5e94\u7528\u5c42\u534f\u8bae\uff0c\u80fd\u770b\u5230\u6240\u6709\u6570\u636e\u5305\u4f46\u65e0\u6cd5\u76f4\u63a5\u89e3\u5bc6 HTTPS\u3002Fiddler \u548c Charles \u5c31\u7a33\u7a33\u5730\u7ad9\u5728\u7b2c\u4e8c\u7c7b\u91cc\uff0c\u800c\u4e14\u5b83\u4eec\u662f\u8fd9\u4e2a\u7c7b\u522b\u7684\u5f00\u521b\u8005\u548c\u957f\u671f\u9886\u8dd1\u8005\u3002Fiddler \u7531 Eric Lawrence \u5f00\u53d1\uff0c\u6700\u521d\u662f\u4f5c\u4e3a\u5fae\u8f6f\u6280\u672f\u6808\u4e0b\u7684 HTTP \u8c03\u8bd5\u4ee3\u7406\uff0c\u5bf9 Windows \u548c .NET \u5e94\u7528\u6709\u7740\u5929\u7136\u7684\u652f\u6301\uff1bCharles \u5219\u662f Mac \u5e73\u53f0\u4e0a\u7684\u660e\u661f\uff0c\u6df1\u53d7 iOS \u548c macOS \u5f00\u53d1\u8005\u7684\u559c\u7231\uff0c\u5b83\u7684\u754c\u9762\u8bbe\u8ba1\u548c\u5bf9\u82f9\u679c\u751f\u6001\u7684\u9002\u914d\u8ba9\u5b83\u6210\u4e3a\u79fb\u52a8\u7aef\u8c03\u8bd5\u7684\u6807\u914d\u3002\u4e24\u8005\u7684\u6838\u5fc3\u529f\u80fd\u9ad8\u5ea6\u91cd\u53e0\uff1a\u90fd\u4f5c\u4e3a\u672c\u5730\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u90fd\u901a\u8fc7\u4e2d\u95f4\u4eba\u6280\u672f\u89e3\u5bc6 HTTPS\uff0c\u90fd\u63d0\u4f9b\u8bf7\u6c42\u5217\u8868\u548c\u8be6\u60c5\u67e5\u770b\uff0c\u90fd\u652f\u6301\u65ad\u70b9\u4fee\u6539\u548c\u91cd\u653e\u3002\u4f46\u5728\u5177\u4f53\u5b9e\u73b0\u548c\u7279\u8272\u529f\u80fd\u4e0a\uff0c\u5b83\u4eec\u8d70\u51fa\u4e86\u4e24\u6761\u4e0d\u540c\u7684\u8def\u3002<\/p>\n\n\n\n
          Mermaid \u56fe\u8868\uff1a\u6293\u5305\u5de5\u5177\u5206\u7c7b\u56fe\u8c31<\/p>\n\n\n\n
          \"\"<\/div><\/figure>\n\n\n\n
          \u8fd9\u5f20\u56fe\u628a Fiddler \u548c Charles \u653e\u5728\u5f00\u53d1\u8c03\u8bd5\u5de5\u5177\u7684\u8303\u7574\u5185\uff0c\u5e76\u6807\u6ce8\u4e86\u5b83\u4eec\u5404\u81ea\u7684\u751f\u6001\u503e\u5411\u3002Fiddler \u7d27\u5bc6\u96c6\u6210 Windows \u7cfb\u7edf\uff0c\u53ef\u4ee5\u6355\u83b7\u6240\u6709 WinHTTP \u548c WinINET \u8bf7\u6c42\uff0c\u5305\u62ec IE\/Edge \u6d4f\u89c8\u5668\u548c\u8bb8\u591a Windows \u539f\u751f\u5e94\u7528\uff1bCharles \u5219\u4e0e macOS \u548c iOS \u6a21\u62df\u5668\u65e0\u7f1d\u534f\u4f5c\uff0c\u751a\u81f3\u80fd\u76f4\u63a5\u4f5c\u4e3a iOS \u8bbe\u5907\u7684\u4ee3\u7406\u5e76\u81ea\u52a8\u5b89\u88c5\u8bc1\u4e66\u3002Reqable \u4f5c\u4e3a\u540e\u8d77\u4e4b\u79c0\uff0c\u8bd5\u56fe\u878d\u5408\u4e24\u8005\u7684\u4f18\u70b9\u5e76\u8de8\u5e73\u53f0\uff0c\u4f46 Fiddler \u548c Charles \u5728\u5404\u81ea\u9886\u57df\u7684\u6df1\u5ea6\u4f18\u5316\u4ecd\u662f\u5176\u4e0d\u53ef\u66ff\u4ee3\u7684\u4f18\u52bf\u3002<\/p>\n\n\n\n
          \u5b83\u4eec\u7684\u6838\u5fc3\u539f\u7406\uff1a\u4f9d\u7136\u662f\u6807\u51c6\u7684\u4e2d\u95f4\u4eba<\/h3>\n\n\n\n
          \u65e0\u8bba Fiddler \u8fd8\u662f Charles\uff0c\u5e95\u5c42\u539f\u7406\u548c\u4f60\u5df2\u7ecf\u719f\u6089\u7684 Burp \u5b8c\u5168\u4e00\u81f4\uff1a\u5b83\u4eec\u5728\u4f60\u7535\u8111\u4e0a\u542f\u52a8\u4e00\u4e2a HTTP \u4ee3\u7406\u670d\u52a1\u5668\uff08Fiddler \u9ed8\u8ba4\u76d1\u542c 127.0.0.1:8888\uff0cCharles \u9ed8\u8ba4 127.0.0.1:8888 \u6216 9090\uff09\uff0c\u4f60\u9700\u8981\u628a\u7cfb\u7edf\u6216\u5e94\u7528\u7684\u4ee3\u7406\u6307\u5411\u8fd9\u4e2a\u5730\u5740\u3002\u5bf9\u4e8e HTTPS \u6d41\u91cf\uff0c\u5b83\u4eec\u540c\u6837\u9700\u8981\u751f\u6210\u81ea\u5df1\u7684 CA \u6839\u8bc1\u4e66\uff0c\u5e76\u8981\u6c42\u4f60\u5b89\u88c5\u5230\u7cfb\u7edf\u53d7\u4fe1\u4efb\u5b58\u50a8\u4e2d\u3002\u5f53\u5ba2\u6237\u7aef\u53d1\u8d77 HTTPS \u8fde\u63a5\u65f6\uff0c\u5b83\u4eec\u7528\u81ea\u5df1\u7684\u8bc1\u4e66\u4e0e\u5ba2\u6237\u7aef\u63e1\u624b\uff0c\u540c\u65f6\u4e0e\u771f\u5b9e\u670d\u52a1\u5668\u5efa\u7acb\u53e6\u4e00\u4e2a TLS \u8fde\u63a5\uff0c\u4ece\u800c\u5728\u4e2d\u95f4\u89e3\u5bc6\u6d41\u91cf\u3002\u8fd9\u4e2a\u539f\u7406\u5982\u6b64\u7ecf\u5178\uff0c\u4ee5\u81f3\u4e8e\u6240\u6709\u57fa\u4e8e\u4ee3\u7406\u7684\u6293\u5305\u5de5\u5177\u90fd\u9075\u5faa\u540c\u4e00\u5957\u6a21\u578b\u3002<\/p>\n\n\n\n
          \u4f46 Fiddler \u548c Charles \u5728\u7ec6\u8282\u4e0a\u6709\u6240\u4e0d\u540c\u3002Fiddler \u6700\u521d\u662f\u4e3a Windows \u4e0a\u7684 HTTP \u8c03\u8bd5\u8bbe\u8ba1\u7684\uff0c\u5b83\u6df1\u5ea6\u96c6\u6210 Windows \u7684\u8bc1\u4e66\u5b58\u50a8\u548c\u4ee3\u7406\u8bbe\u7f6e\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u6355\u83b7\u6240\u6709\u4f7f\u7528 WinHTTP \u7684\u5e94\u7528\u7a0b\u5e8f\uff08\u5305\u62ec\u8bb8\u591a\u540e\u53f0\u670d\u52a1\uff09\u800c\u4e0d\u9700\u8981\u4f60\u624b\u52a8\u914d\u7f6e\u4ee3\u7406\u3002Charles \u5219\u66f4\u5173\u6ce8\u6613\u7528\u6027\uff0c\u5b83\u63d0\u4f9b\u4e86\u201c\u5916\u90e8\u4ee3\u7406\u8bbe\u7f6e\u201d\u5411\u5bfc\uff0c\u53ef\u4ee5\u4e00\u952e\u5e2e\u4f60\u914d\u7f6e macOS \u7684\u7cfb\u7edf\u4ee3\u7406\uff0c\u5e76\u4e14\u5728 iOS \u8bbe\u5907\u4e0a\u53ef\u4ee5\u901a\u8fc7 Wi-Fi \u4ee3\u7406\u76f4\u63a5\u8fde\u63a5\uff0c\u8fd8\u80fd\u901a\u8fc7 USB \u8fde\u63a5\u8c03\u8bd5\u771f\u673a\uff08\u9700\u8981\u914d\u5408\u76f8\u5173\u5de5\u5177\uff09\u3002<\/p>\n\n\n\n
          \u529f\u80fd\u5bf9\u6bd4\uff1aFiddler \u7684\u8fc7\u6ee4\u4e0e\u811a\u672c vs Charles \u7684\u6620\u5c04\u4e0e\u9650\u901f<\/h3>\n\n\n\n
          Fiddler \u6700\u5f3a\u5927\u7684\u5730\u65b9\u5728\u4e8e\u5b83\u7684\u8fc7\u6ee4\u5668\u548c FiddlerScript\u3002\u8fc7\u6ee4\u5668\uff08Filters\uff09\u53ef\u4ee5\u8ba9\u4f60\u6839\u636e\u8bf7\u6c42\u7c7b\u578b\u3001\u4e3b\u673a\u3001\u72b6\u6001\u7801\u3001\u8bf7\u6c42\u4f53\u7b49\u6761\u4ef6\u7b5b\u9009\u51fa\u5173\u5fc3\u7684\u6d41\u91cf\uff0c\u8fd9\u5728\u9762\u5bf9\u6d77\u91cf\u8bf7\u6c42\u65f6\u6781\u5176\u6709\u7528\u3002\u4f60\u53ef\u4ee5\u8bbe\u7f6e\u201c\u53ea\u663e\u793a\u53d1\u5f80 api.example.com \u7684\u8bf7\u6c42\u201d\u6216\u8005\u201c\u9690\u85cf\u56fe\u7247\u548c CSS \u8bf7\u6c42\u201d\uff0c\u8fc7\u6ee4\u5668\u4f1a\u5b9e\u65f6\u66f4\u65b0\u5217\u8868\u3002\u800c FiddlerScript \u662f\u4e00\u4e2a\u57fa\u4e8e C# \u7684\u811a\u672c\u5f15\u64ce\uff0c\u4f60\u53ef\u4ee5\u7f16\u5199\u81ea\u5b9a\u4e49\u89c4\u5219\u6765\u4fee\u6539\u8bf7\u6c42\u548c\u54cd\u5e94\uff0c\u751a\u81f3\u5b9e\u73b0\u590d\u6742\u7684\u81ea\u52a8\u5316\u903b\u8f91\u3002\u6bd4\u5982\u4f60\u60f3\u5728\u6240\u6709\u8bf7\u6c42\u91cc\u6dfb\u52a0\u4e00\u4e2a\u81ea\u5b9a\u4e49\u5934\uff0c\u53ef\u4ee5\u5199\u4e00\u5c0f\u6bb5\u811a\u672c\uff1a<\/p>\n\n\n\n
          static function OnBeforeRequest(oSession: Session) {\n    if (oSession.HostnameIs(\"api.example.com\")) {\n        oSession.oRequest[\"X-Debug-Tag\"] = \"Fiddler\";\n    }\n}<\/code><\/pre>\n\n\n\n
          \u8fd9\u6bb5\u811a\u672c\u4f1a\u5728\u6bcf\u4e2a\u8bf7\u6c42\u53d1\u51fa\u524d\u6267\u884c\uff0c\u68c0\u67e5\u4e3b\u673a\u540d\uff0c\u5982\u679c\u5339\u914d\u5c31\u6dfb\u52a0\u4e00\u4e2a\u8bf7\u6c42\u5934\u3002\u8fd9\u79cd\u811a\u672c\u80fd\u529b\u867d\u7136\u4e0d\u5982\u73b0\u4ee3\u5de5\u5177\u7684 Python \u811a\u672c\u7075\u6d3b\uff0c\u4f46\u5bf9\u4e8e Windows \u73af\u5883\u4e0b\u9700\u8981\u6df1\u5ea6\u96c6\u6210\u7684\u573a\u666f\uff0c\u5b83\u4f9d\u7136\u5f88\u5b9e\u7528\u3002<\/p>\n\n\n\n
          Charles \u7684\u6740\u624b\u7ea7\u529f\u80fd\u5219\u662f Map Local \u548c Throttle\u3002Map Local \u5141\u8bb8\u4f60\u628a\u67d0\u4e2a\u8fdc\u7a0b\u8bf7\u6c42\u6620\u5c04\u5230\u672c\u5730\u6587\u4ef6\uff0c\u6bd4\u5982\u4f60\u60f3\u8c03\u8bd5\u4e00\u4e2a\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u628a https:\/\/example.com\/app.js<\/code> \u6620\u5c04\u5230\u672c\u5730\u7684 app.js<\/code> \u6587\u4ef6\uff0c\u8fd9\u6837\u6d4f\u89c8\u5668\u52a0\u8f7d\u7684\u5c31\u662f\u4f60\u4fee\u6539\u8fc7\u7684\u4ee3\u7801\uff0c\u975e\u5e38\u9002\u5408\u524d\u7aef\u5f00\u53d1\u548c mock \u6570\u636e\u3002Throttle \u529f\u80fd\u53ef\u4ee5\u6a21\u62df\u5404\u79cd\u7f51\u7edc\u73af\u5883\uff0c\u6bd4\u5982 3G\u30014G\u3001\u9ad8\u5ef6\u8fdf\u3001\u4e22\u5305\uff0c\u8ba9\u4f60\u6d4b\u8bd5\u5e94\u7528\u5728\u5f31\u7f51\u4e0b\u7684\u8868\u73b0\u3002\u8fd9\u4e24\u4e2a\u529f\u80fd\u5728\u5f00\u53d1\u8c03\u8bd5\u4e2d\u975e\u5e38\u5e38\u7528\uff0c\u800c Burp \u867d\u7136\u4e5f\u80fd\u5b9e\u73b0\u7c7b\u4f3c\u6548\u679c\uff08\u6bd4\u5982\u901a\u8fc7\u5339\u914d\u66ff\u6362\uff09\uff0c\u4f46 Charles \u7684\u754c\u9762\u66f4\u76f4\u89c2\uff0c\u64cd\u4f5c\u66f4\u7b80\u5355\u3002<\/p>\n\n\n\n
          Mermaid \u56fe\u8868\uff1aFiddler \u4e0e Charles \u6838\u5fc3\u529f\u80fd\u5bf9\u6bd4<\/p>\n\n\n\n
          \"\"<\/div><\/figure>\n\n\n\n
          \u8fd9\u5f20\u56fe\u5c06\u4e24\u4e2a\u5de5\u5177\u7684\u7279\u8272\u529f\u80fd\u653e\u5728\u5de6\u53f3\u4e24\u4fa7\uff0c\u4e2d\u95f4\u662f\u5b83\u4eec\u5171\u6709\u7684\u4ee3\u7406\u548c MITM \u57fa\u7840\u3002Fiddler \u7684\u5f3a\u9879\u5728 Windows \u5e73\u53f0\u4e0a\u7684\u811a\u672c\u5316\u548c\u7cbe\u7ec6\u8fc7\u6ee4\uff0cCharles \u7684\u5f3a\u9879\u5728\u4fbf\u6377\u7684\u672c\u5730\u6620\u5c04\u548c\u7f51\u7edc\u6a21\u62df\u3002\u8fd9\u4e9b\u5dee\u5f02\u51b3\u5b9a\u4e86\u5b83\u4eec\u5728\u4e0d\u540c\u573a\u666f\u4e0b\u7684\u9002\u7528\u6027\u3002<\/p>\n\n\n\n
          \u5178\u578b\u573a\u666f\u914d\u7f6e\uff1a\u7528 Fiddler \u8c03\u8bd5 Windows \u5e94\u7528\uff0c\u7528 Charles \u6293 iPhone \u5305<\/h3>\n\n\n\n
          \u5047\u8bbe\u4f60\u73b0\u5728\u7528 Windows \u7535\u8111\uff0c\u60f3\u5206\u6790\u4e00\u4e2a Windows \u684c\u9762\u5e94\u7528\uff08\u6bd4\u5982\u7f51\u6613\u4e91\u97f3\u4e50\uff09\u7684\u63a5\u53e3\uff0c\u4f46\u53d1\u73b0\u8bbe\u7f6e\u7cfb\u7edf\u4ee3\u7406\u540e\u5b83\u4e0d\u8d70\u4ee3\u7406\u3002\u8fd9\u65f6 Fiddler \u6709\u4e00\u4e2a\u9690\u85cf\u6280\u80fd\uff1a\u5b83\u53ef\u4ee5\u628a\u81ea\u8eab\u6ce8\u518c\u4e3a\u7cfb\u7edf\u6839\u8bc1\u4e66\uff0c\u5e76\u5f00\u542f\u201c\u89e3\u5bc6 HTTPS \u6d41\u91cf\u201d\u540e\uff0c\u81ea\u52a8\u6355\u83b7\u6240\u6709\u4f7f\u7528 WinHTTP \u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6d41\u91cf\uff0c\u5373\u4f7f\u5b83\u4eec\u4e0d\u7406\u4f1a\u7cfb\u7edf\u4ee3\u7406\u3002\u4f60\u53ea\u9700\u8981\u5728 Fiddler \u7684 Tools -> Options -> HTTPS \u91cc\u52fe\u9009\u201cDecrypt HTTPS traffic\u201d\uff0c\u5e76\u5728 Connections \u91cc\u52fe\u9009\u201cAllow remote computers to connect\u201d\uff08\u5982\u679c\u4f60\u9700\u8981\u6293\u5176\u4ed6\u8bbe\u5907\uff09\u3002\u7136\u540e\u542f\u52a8\u76ee\u6807\u5e94\u7528\uff0cFiddler \u91cc\u5c31\u4f1a\u81ea\u52a8\u51fa\u73b0\u5b83\u7684\u8bf7\u6c42\uff0c\u65e0\u9700\u4efb\u4f55\u989d\u5916\u914d\u7f6e\u3002\u8fd9\u662f\u56e0\u4e3a Fiddler \u5728 Windows \u5e95\u5c42\u6ce8\u5165\u4e86\u4e00\u4e9b\u673a\u5236\uff0c\u5f3a\u5236\u90e8\u5206\u5e94\u7528\u8d70\u5b83\u7684\u4ee3\u7406\u3002\u4f46\u9700\u8981\u6ce8\u610f\uff0c\u8fd9\u79cd\u65b9\u6cd5\u5bf9\u67d0\u4e9b\u4f7f\u7528\u81ea\u5b9a\u4e49\u7f51\u7edc\u6808\u7684\u5e94\u7528\u65e0\u6548\uff0c\u6b64\u65f6\u4ecd\u9700\u8981 Proxifier \u914d\u5408\u3002<\/p>\n\n\n\n
          \u5982\u679c\u4f60\u5728 Mac \u4e0a\uff0c\u60f3\u6293 iPhone \u4e0a\u67d0\u4e2a App \u7684\u5305\uff0cCharles \u662f\u6700\u987a\u624b\u7684\u5de5\u5177\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a<\/p>\n\n\n\n
            \n
          1. \u5728 Charles \u7684 Proxy -> Proxy Settings \u91cc\uff0c\u786e\u4fdd HTTP Proxy \u52fe\u9009\uff0c\u7aef\u53e3\u9ed8\u8ba4 8888\u3002<\/li>\n\n\n\n
          2. \u5728 Charles \u7684 Help -> Local IP Address \u91cc\u67e5\u770b\u7535\u8111\u7684\u5c40\u57df\u7f51 IP\u3002<\/li>\n\n\n\n
          3. \u5728 iPhone \u7684 Wi-Fi \u8bbe\u7f6e\u91cc\uff0c\u9009\u62e9\u5f53\u524d\u7f51\u7edc\uff0c\u914d\u7f6e HTTP \u4ee3\u7406\u4e3a\u624b\u52a8\uff0c\u586b\u5165\u7535\u8111 IP \u548c\u7aef\u53e3 8888\u3002<\/li>\n\n\n\n
          4. \u5728 iPhone \u4e0a\u7528 Safari \u8bbf\u95ee chls.pro\/ssl<\/code>\uff0c\u4e0b\u8f7d\u5e76\u5b89\u88c5 Charles \u7684 CA \u8bc1\u4e66\u3002\u7136\u540e\u8fdb\u5165 iPhone \u7684\u201c\u8bbe\u7f6e\u201d->\u201c\u901a\u7528\u201d->\u201c\u5173\u4e8e\u672c\u673a\u201d->\u201c\u8bc1\u4e66\u4fe1\u4efb\u8bbe\u7f6e\u201d\uff0c\u5f00\u542f\u5bf9 Charles \u6839\u8bc1\u4e66\u7684\u4fe1\u4efb\u3002<\/li>\n\n\n\n
          5. \u6b64\u65f6 Charles \u4f1a\u5f39\u51fa\u4e00\u4e2a\u63d0\u793a\u6846\uff0c\u8be2\u95ee\u662f\u5426\u5141\u8bb8\u8be5\u8bbe\u5907\u8fde\u63a5\uff0c\u70b9\u51fb Allow\u3002\u4e4b\u540e iPhone \u4e0a\u7684\u6240\u6709\u6d41\u91cf\u5c31\u4f1a\u51fa\u73b0\u5728 Charles \u7684\u4f1a\u8bdd\u5217\u8868\u4e2d\u3002<\/li>\n<\/ol>\n\n\n\n
            \u9ad8\u7ea7\u6280\u5de7\uff1a\u7528 Fiddler \u7684 AutoResponder \u8fdb\u884c mock \u6d4b\u8bd5<\/h3>\n\n\n\n
            Fiddler \u7684 AutoResponder \u662f\u4e00\u4e2a\u5f88\u5b9e\u7528\u7684\u529f\u80fd\u3002\u5047\u8bbe\u4f60\u6b63\u5728\u5f00\u53d1\u4e00\u4e2a\u524d\u7aef\u9875\u9762\uff0c\u540e\u7aef\u63a5\u53e3 \/api\/user\/info<\/code> \u8fd4\u56de\u7684\u6570\u636e\u683c\u5f0f\u4e0d\u7b26\u5408\u9884\u671f\uff0c\u4f60\u60f3\u5728\u6ca1\u6709\u540e\u7aef\u914d\u5408\u7684\u60c5\u51b5\u4e0b\u6d4b\u8bd5\u524d\u7aef\u5c55\u793a\u3002\u4f60\u53ef\u4ee5\u5148\u7528\u6d4f\u89c8\u5668\u8bbf\u95ee\u8fd9\u4e2a\u63a5\u53e3\uff0c\u5728 Fiddler \u91cc\u627e\u5230\u8fd9\u4e2a\u8bf7\u6c42\uff0c\u53f3\u952e\u9009\u62e9\u201cSave\u201d->\u201cResponse\u201d->\u201cSave Response Body\u201d\u628a JSON \u4fdd\u5b58\u4e0b\u6765\u3002\u7136\u540e\u6253\u5f00 AutoResponder \u9009\u9879\u5361\uff0c\u52fe\u9009\u201cEnable rules\u201d\u548c\u201cUnmatched requests passthrough\u201d\u3002\u70b9\u51fb\u201cAdd\u201d\u6dfb\u52a0\u89c4\u5219\uff0c\u5728\u9876\u90e8\u7684\u7f16\u8f91\u6846\u91cc\u8f93\u5165\u5339\u914d\u6761\u4ef6\uff08\u6bd4\u5982 regex:(?ins).*\/api\/user\/info.*<\/code>\uff09\uff0c\u5728\u4e0b\u9762\u7684\u4e0b\u62c9\u6846\u91cc\u9009\u62e9\u201cFind a file\u2026\u201d\u5e76\u9009\u4e2d\u521a\u624d\u4fdd\u5b58\u7684 JSON \u6587\u4ef6\u3002\u4e4b\u540e\u6240\u6709\u5339\u914d\u7684\u8bf7\u6c42\u90fd\u4f1a\u76f4\u63a5\u8fd4\u56de\u4f60\u4fdd\u5b58\u7684\u90a3\u4e2a\u6587\u4ef6\u5185\u5bb9\uff0c\u800c\u4e0d\u53bb\u8bf7\u6c42\u771f\u5b9e\u670d\u52a1\u5668\u3002\u8fd9\u8ba9\u4f60\u53ef\u4ee5\u5feb\u901f\u6a21\u62df\u5404\u79cd\u540e\u7aef\u54cd\u5e94\uff0c\u6d4b\u8bd5\u524d\u7aef\u8fb9\u754c\u60c5\u51b5\u3002<\/p>\n\n\n\n
            \u6700\u5bb9\u6613\u8e29\u7684\u5751\u4e0e\u9a8c\u8bc1\u65b9\u6cd5<\/h3>\n\n\n\n
            \u5751 1\uff1aFiddler \u6293\u4e0d\u5230 localhost \u6d41\u91cf\u3002<\/strong> \u8fd9\u662f Fiddler \u7528\u6237\u6700\u5e38\u89c1\u7684\u95ee\u9898\u3002\u56e0\u4e3a\u5f88\u591a\u5e94\u7528\u76f4\u63a5\u8bbf\u95ee http:\/\/127.0.0.1<\/code> \u65f6\u4f1a\u7ed5\u8fc7\u4ee3\u7406\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u5728 Fiddler \u4e2d\uff0c\u53ef\u4ee5\u5728 Rules -> Customize Rules \u91cc\u627e\u5230 OnBeforeRequest<\/code> \u51fd\u6570\uff0c\u52a0\u5165\u4e00\u884c\u4ee3\u7801\uff1aif (oSession.HostnameIs(\"localhost\")) oSession.host = \"127.0.0.1:8888\";<\/code> \u7136\u540e\u91cd\u542f Fiddler\u3002\u6216\u8005\u5728\u8bbf\u95ee localhost \u65f6\u4f7f\u7528 http:\/\/localhost.fiddler<\/code> \u4ee3\u66ff\uff0cFiddler \u4f1a\u81ea\u52a8\u5904\u7406\u3002<\/p>\n\n\n\n
            \u5751 2\uff1aCharles \u6293\u53d6 iOS \u771f\u673a HTTPS \u65f6\u51fa\u73b0 SSL \u63e1\u624b\u5931\u8d25\u3002<\/strong> \u901a\u5e38\u662f\u56e0\u4e3a\u8bc1\u4e66\u6ca1\u6b63\u786e\u5b89\u88c5\u6216\u672a\u4fe1\u4efb\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u6309\u7167\u5b98\u65b9\u6d41\u7a0b\uff0c\u5728\u624b\u673a\u4e0a\u4e0b\u8f7d\u5b89\u88c5\u8bc1\u4e66\u540e\uff0c\u4e00\u5b9a\u8981\u53bb\u201c\u8bbe\u7f6e\u201d->\u201c\u901a\u7528\u201d->\u201c\u5173\u4e8e\u672c\u673a\u201d->\u201c\u8bc1\u4e66\u4fe1\u4efb\u8bbe\u7f6e\u201d\u91cc\u628a Charles \u7684\u8bc1\u4e66\u5f00\u5173\u6253\u5f00\uff08iOS 10.3 \u4ee5\u4e0a\u9700\u8981\u8fd9\u4e00\u6b65\uff09\u3002\u53e6\u5916\u6ce8\u610f\uff0ciOS 13 \u4ee5\u540e\uff0c\u5982\u679c\u5e94\u7528\u4f7f\u7528\u4e86\u8bc1\u4e66\u56fa\u5b9a\uff08Certificate Pinning\uff09\uff0c\u5373\u4f7f\u8bc1\u4e66\u5b89\u88c5\u4e5f\u65e0\u6cd5\u89e3\u5bc6\uff0c\u9700\u8981\u914d\u5408\u8d8a\u72f1\u6216 Hook\u3002<\/p>\n\n\n\n
            \u5751 3\uff1aFiddler \u548c Charles \u540c\u65f6\u8fd0\u884c\u5bfc\u81f4\u7aef\u53e3\u51b2\u7a81\u3002<\/strong> \u4e24\u8005\u9ed8\u8ba4\u7aef\u53e3\u90fd\u662f 8888\uff0c\u5982\u679c\u540c\u65f6\u8fd0\u884c\uff0c\u540e\u542f\u52a8\u7684\u90a3\u4e2a\u4f1a\u63d0\u793a\u7aef\u53e3\u88ab\u5360\u7528\u3002\u6b63\u786e\u505a\u6cd5<\/strong>\uff1a\u4fee\u6539\u5176\u4e2d\u4e00\u4e2a\u7684\u9ed8\u8ba4\u7aef\u53e3\u3002Fiddler \u5728 Tools -> Options -> Connections \u91cc\u4fee\u6539\uff0cCharles \u5728 Proxy -> Proxy Settings \u91cc\u4fee\u6539\u3002\u6700\u597d\u8ba9\u5b83\u4eec\u4f7f\u7528\u4e0d\u540c\u7aef\u53e3\uff0c\u907f\u514d\u51b2\u7a81\u3002<\/p>\n\n\n\n
            \u9a8c\u8bc1\u65b9\u6cd5<\/strong>\uff1a\u65e0\u8bba\u7528\u54ea\u4e2a\u5de5\u5177\uff0c\u6700\u7b80\u5355\u7684\u9a8c\u8bc1\u5c31\u662f\u6253\u5f00\u6d4f\u89c8\u5668\u8bbf\u95ee\u4e00\u4e2a HTTPS \u7f51\u7ad9\uff0c\u6bd4\u5982 https:\/\/www.baidu.com\uff0c\u770b\u6293\u5305\u5de5\u5177\u91cc\u662f\u5426\u51fa\u73b0\u8bf7\u6c42\uff0c\u4e14\u8bf7\u6c42\u8be6\u60c5\u91cc\u80fd\u770b\u5230\u660e\u6587\uff08\u6bd4\u5982\u54cd\u5e94\u91cc\u7684 HTML \u5185\u5bb9\uff09\u3002\u5982\u679c\u53ea\u770b\u5230 CONNECT \u96a7\u9053\u800c\u6ca1\u6709\u540e\u7eed\u8bf7\u6c42\uff0c\u8bf4\u660e\u8bc1\u4e66\u89e3\u5bc6\u672a\u751f\u6548\u3002<\/p>\n\n\n\n
            \u51b3\u7b56\u6307\u5357\uff1a\u4ec0\u4e48\u65f6\u5019\u7528 Fiddler\/Charles\uff1f\u4ec0\u4e48\u65f6\u5019\u7528\u5176\u4ed6\uff1f<\/h3>\n\n\n\n
            \u4f18\u5148\u7528 Fiddler \u7684\u573a\u666f<\/strong>\uff1a\u4f60\u5728 Windows \u5e73\u53f0\u4e0a\u5f00\u53d1\uff0c\u9700\u8981\u8c03\u8bd5 .NET \u5e94\u7528\u3001Windows \u670d\u52a1\u6216\u8005 IE \u6d4f\u89c8\u5668\u7684\u884c\u4e3a\uff1b\u4f60\u9700\u8981\u4e00\u4e2a\u5f3a\u5927\u7684\u8fc7\u6ee4\u5668\u6765\u4ece\u6d77\u91cf\u8bf7\u6c42\u4e2d\u63d0\u53d6\u5173\u952e\u4fe1\u606f\uff1b\u4f60\u4e60\u60ef\u7528 C# \u7f16\u5199\u811a\u672c\u6269\u5c55\u529f\u80fd\uff1b\u6216\u8005\u4f60\u53ea\u662f\u9700\u8981\u4e00\u4e2a\u7a33\u5b9a\u3001\u514d\u8d39\uff08Fiddler \u514d\u8d39\u7248\u529f\u80fd\u5df2\u7ecf\u5f88\u5168\uff09\u7684\u6293\u5305\u5de5\u5177\u3002<\/p>\n\n\n\n
            \u4f18\u5148\u7528 Charles \u7684\u573a\u666f<\/strong>\uff1a\u4f60\u5728 macOS \u4e0a\u5f00\u53d1 iOS\/macOS \u5e94\u7528\uff0c\u9700\u8981\u7ecf\u5e38\u6293\u53d6\u6a21\u62df\u5668\u6216\u771f\u673a\u7684\u6d41\u91cf\uff1b\u4f60\u9700\u8981\u9891\u7e41\u4f7f\u7528 Map Local \u6765 mock \u63a5\u53e3\u6570\u636e\uff1b\u4f60\u9700\u8981\u6a21\u62df\u5404\u79cd\u7f51\u7edc\u73af\u5883\u6d4b\u8bd5\u5e94\u7528\u7684\u5065\u58ee\u6027\uff1b\u6216\u8005\u4f60\u66f4\u504f\u597d\u56fe\u5f62\u5316\u64cd\u4f5c\u548c\u76f4\u89c2\u7684\u754c\u9762\u3002<\/p>\n\n\n\n
            \u66ff\u4ee3\u65b9\u6848\u8db3\u591f\u7528\u7684\u60c5\u51b5<\/strong>\uff1a\u5982\u679c\u4f60\u53ea\u662f\u5076\u5c14\u6293\u4e00\u4e0b\u6d4f\u89c8\u5668\u8bf7\u6c42\uff0cChrome \u5f00\u53d1\u8005\u5de5\u5177\u7684\u7f51\u7edc\u9762\u677f\u5b8c\u5168\u591f\u7528\uff0c\u4e0d\u9700\u8981\u989d\u5916\u88c5\u8f6f\u4ef6\u3002\u5982\u679c\u4f60\u9700\u8981\u81ea\u52a8\u5316\u5b89\u5168\u6d4b\u8bd5\uff0cBurp \u6216 Yakit \u662f\u66f4\u597d\u7684\u9009\u62e9\u3002\u5982\u679c\u4f60\u5e0c\u671b\u4e00\u4e2a\u5de5\u5177\u8de8\u6240\u6709\u5e73\u53f0\u4e14\u754c\u9762\u73b0\u4ee3\uff0cReqable \u53ef\u80fd\u66f4\u9002\u5408\u4f60\u3002\u5982\u679c\u4f60\u9700\u8981\u5206\u6790\u975e HTTP \u534f\u8bae\uff08\u5982 DNS\u3001TCP\uff09\uff0cWireshark \u624d\u662f\u6b63\u786e\u7684\u5de5\u5177\u3002<\/p>\n\n\n\n
            Fiddler \u548c Charles \u867d\u7136\u5e74\u7eaa\u4e0d\u5c0f\uff0c\u4f46\u5b83\u4eec\u5728\u4e00\u4e9b\u7279\u5b9a\u573a\u666f\u4e0b\u7684\u72ec\u5230\u4e4b\u5904\uff0c\u8ba9\u5b83\u4eec\u81f3\u4eca\u6ca1\u6709\u88ab\u5b8c\u5168\u66ff\u4ee3\u3002\u5b83\u4eec\u5c31\u50cf\u5de5\u5177\u7bb1\u91cc\u7684\u8001\u724c\u6273\u624b\uff0c\u4e5f\u8bb8\u4e0d\u662f\u6700\u70ab\u7684\uff0c\u4f46\u5728\u62e7\u67d0\u4e9b\u87ba\u4e1d\u65f6\uff0c\u53ea\u6709\u5b83\u4eec\u6700\u987a\u624b\u3002\u7406\u89e3\u5b83\u4eec\u7684\u7279\u70b9\uff0c\u5e76\u5728\u5408\u9002\u7684\u573a\u666f\u4e0b\u9009\u62e9\u5b83\u4eec\uff0c\u4f1a\u8ba9\u4f60\u7684\u6293\u5305\u6280\u80fd\u66f4\u52a0\u5168\u9762\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
            \u6293\u5305\u6280\u672f-Web\u5e94\u7528-http\/s-Burp&Yakit \u4f5c\u4e3a\u6709\u7f16\u7a0b\u7ecf\u9a8c\u7684\u4f60\uff0c\u53ef\u80fd\u7ecf\u5e38\u7528\u6d4f\u89c8\u5668F12\u5f00 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[],"class_list":["post-1623","post","type-post","status-publish","format-standard","hentry","category-text"],"_links":{"self":[{"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/posts\/1623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/comments?post=1623"}],"version-history":[{"count":6,"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/posts\/1623\/revisions"}],"predecessor-version":[{"id":1653,"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/posts\/1623\/revisions\/1653"}],"wp:attachment":[{"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/media?parent=1623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/categories?post=1623"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.preluna.xyz\/index.php\/wp-json\/wp\/v2\/tags?post=1623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}