弄了之后,安卓那边没做什么操作,可以看到成功防止了,
image.png
勾选https进行抓包
image.png
如果不给手机装fildder证书的情况下
提示 certification path not found
image.png
可以看到默认换https自带防抓包了, 直接给报错,但是手机安装一个证书估计防不住了。
因此可能需要用到代码校验,但是在hook面前可能还要加其他混淆,自定义 api手段 封装加壳了。
代码校验自己的证书
private SSLSocketFactory getSslSocketFactory(Context context) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = context.getAssets().open("your_certificate_file.crt");
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}多个证书
private SSLSocketFactory getSSLSocketFactory(Context context) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List<Certificate> certificates = new ArrayList<>();
certificates.add(cf.generateCertificate(context.getAssets().open("your_certificate_file_1.crt")));
certificates.add(cf.generateCertificate(context.getAssets().open("your_certificate_file_2.crt")));
// Create a KeyStore containing the trusted root certificates
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (int i = 0; i < certificates.size(); i++) {
Certificate certificate = certificates.get(i);
String certificateAlias = Integer.toString(i);
keyStore.setCertificateEntry(certificateAlias, certificate);
}
// Create a TrustManager that trusts the CAs in our KeyStore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}信任所有证书 没意义你还是改http好了
private static OkHttpClient getUnsafeOkHttpClient() {
try {
// 创建不验证证书链的TrustManager
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[] {};
}
}
};
// 使用不验证证书链的TrustManager初始化SSLContext
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// 创建只使用通过SSLContext初始化的TrustManager的SSL套接字工厂
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// 创建可以忽略证书链的OkHttpClient
OkHttpClient.Builder builder = new OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0])
.hostnameVerifier((hostname, session) -> true);
return builder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
