Android packet capture tool use Hook framework and modules, HTTP Debugger Pro to solve the problem of not capturing packets

Table of contents

[Fiddler]

For related configuration, refer to a previous article: /weixin_43040873/article/details/108381281

Replenish:

Packet capture settings:

After that, set the mobile phone/emulator proxy ip, port, install certificate, etc. Refer to the previous article.
When installing the certificate, you will be prompted to set the phone screen password or pattern to unlock, just set it up!

Fiddler grabs the websocket package:

Open Fiddler, click on Rules in the menu bar, select Customize Rules...
At this time, the CustomRules.js file will be opened, and the following code will be added to
 the class  Handlers static  function  OnWebSocketMessage ( oMsg : WebSocketMessage) {
     // Log Message to the LOG tab
    FiddlerApplication.Log.LogString(oMsg.ToString());
}
After saving, you can see the WebSocket data packet in the Log tab on the right column of Fiddler

The new version of fd can be pasted directly here

There is another situation to explain, even if there is a tool that can capture the packets in WebSocket, what you see is not necessarily clear text.
This depends on what the transmitted water is. If it is ordinary water, anyone can analyze it; but if it is mercury, the equipment for analyzing water is likely to display garbled characters. Therefore, some people have clearly used a program that can capture WebSocket packets, but the garbled characters are captured. That’s because other people transmit binary data streams (such as AMF packets), not human-readable plaintext like JSON.

Filter settings:

No packet capture (no packets on Fiddler)

Solve using Hook [framework] and modules

Install and open the xposed framework

The first time you open it, you will see the following prompt

install/update

Requires root privileges

Simulator soft restart, real machine restart

After the successful installation of xposed, the picture is as follows

Install the module

After installing the module, a soft restart is required, and the real machine is restarted

After the above operation is completed, you can use fd to [capture packets] normally .

Solved with HTTP Debugger Pro

HTTP Debugger Pro can capture packages that Fiddler can’t

In addition to the above two cases, if the package cannot be captured, either the package capture environment is not configured correctly, or it means that there are other restrictions in the app.

Leave a Comment

Your email address will not be published. Required fields are marked *