深度学习,深度睡眠 2022-09-30 16:09 采纳率: 68.8%
浏览 182
已结题

使用Frida + DroidSSLUnpinning后App自动重启,仍然无法抓包

模拟器已开启Frida-server服务,输入命令:frida -U -f com.goldze.mvvmhabit -l hooks.js --no-pause后App提示停止运行,重启后仍然提示证书验证失败,使用逍遥模拟器安卓7版本,frida使用最新版本15.2.2


(base) C:\Users\29571\Desktop\workspace\python\python3WebSpider\Chapter 13 Android逆向\Droidsslunpinning\ObjectionUnpinningPlus>frida -U -f com.goldze.mvvmhabit -l hooks.js --no-pause
     ____
    / _  |   Frida 15.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to VOG AL00 (id=127.0.0.1:21503)
Spawned `com.goldze.mvvmhabit`. Resuming main thread!
[VOG AL00::com.goldze.mvvmhabit ]-> message: {'type': 'send', 'payload': 'Custom, Empty TrustManager ready'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x Found'} data: None
message: {'type': 'send', 'payload': 'com.squareup.okhttp not found'} data: None
message: {'type': 'send', 'payload': 'registerClass from hostnameVerifier >>>>>>>> Missing implementation for: boolean verify(java.lang.String, javax.net.ssl.SSLSession)'} data: None
message: {'type': 'send', 'payload': 'Xutils hooks not Found'} data: None
message: {'type': 'send', 'payload': 'httpclientandroidlib Hooks not found'} data: None
message: {'type': 'send', 'payload': 'OpenSSLSocketImpl pinning'} data: None
[-] Cronet pinner not found
message: {'type': 'send', 'payload': 'Trustkit pinner not found'} data: None
Process crashed: Bad access due to invalid address

***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: '22.355.07.00.00/22.355.07.00.00/22.355.07.00.00:7.1.2/20171130.376229:user/release-keys'
Revision: '0'
ABI: 'x86_64'
pid: 3395, tid: 3395, name: flush-8:0  >>> <pre-initialized> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10
    rax 0000000000000000  rbx 00007ffd1ee438f0  rcx 00007fc9f018d318  rdx 000000000000000b
    rsi 0000000000000d43  rdi 0000000000000d43
    r8  00d2b31a6eb27ee7  r9  00007ffd1ee43560  r10 00007ffd1ee438f0  r11 0000000000000246
    r12 0000000000000d43  r13 000000000000000b  r14 00007ffd1ee438f0  r15 00007ffd1ee434e0
    cs  0000000000000033  ss  000000000000002b
    rip 00007fc9f018d318  rbp 0000000000000002  rsp 00007ffd1ee434b8  eflags 0000000000000246

backtrace:
    #00 pc 000000000007d318  /system/bin/linker64 (__dl_syscall+24)
    #01 pc 000000000000e1ab  /system/bin/linker64 (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+987)
    #02 pc 000000000000e986  /system/bin/app_process64_xposed (InvokeUserSignalHandler+262)
    #03 pc 00000000000e24c1  /system/lib64/libart.so (offset 0x149000)
***
[VOG AL00::com.goldze.mvvmhabit ]->

Thank you for using Frida!

img

  • 写回答

1条回答 默认 最新

  • 关注

    重新建了一个模拟器,配置好Frida后,可以成功抓包了,不知道是不是之前那个模拟器装了xposed导致某种Bug

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

问题事件

  • 系统已结题 10月8日
  • 已采纳回答 9月30日
  • 创建了问题 9月30日

悬赏问题

  • ¥15 MATLAB代码补全插值
  • ¥15 Typegoose 中如何使用 arrayFilters 筛选并更新深度嵌套的子文档数组信息
  • ¥15 前后端分离的学习疑问?
  • ¥15 stata实证代码答疑
  • ¥50 husky+jaco2实现在gazebo与rviz中联合仿真
  • ¥15 dpabi预处理报错:Error using y_ExtractROISignal (line 251)
  • ¥15 在虚拟机中配置flume,无法将slave1节点的文件采集到master节点中
  • ¥15 husky+kinova jaco2 仿真
  • ¥15 zigbee终端设备入网失败
  • ¥15 金融监管系统怎么对7+4机构进行监管的