iPhone 8 or later: Press and quickly release the Volume Up button. Press and quickly release the Volume Down button. Then, press and hold the Side button until you see the recovery mode screen.
var CertificateFactory = Java.use("java.security.cert.CertificateFactory"); var FileInputStream = Java.use("java.io.FileInputStream"); var BufferedInputStream = Java.use("java.io.BufferedInputStream"); var X509Certificate = Java.use("java.security.cert.X509Certificate"); var KeyStore = Java.use("java.security.KeyStore"); var TrustManagerFactory = Java.use("javax.net.ssl.TrustManagerFactory"); var SSLContext = Java.use("javax.net.ssl.SSLContext");
// Load CAs from an InputStream console.log("[+] Loading our CA...") var cf = CertificateFactory.getInstance("X.509");
var bufferedInputStream = BufferedInputStream.$new(fileInputStream); var ca = cf.generateCertificate(bufferedInputStream); bufferedInputStream.close();
var certInfo = Java.cast(ca, X509Certificate); console.log("[o] Our CA Info: " + certInfo.getSubjectDN());
// Create a KeyStore containing our trusted CAs console.log("[+] Creating a KeyStore for our CA..."); var keyStoreType = KeyStore.getDefaultType(); var keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore console.log("[+] Creating a TrustManager that trusts the CA in our KeyStore..."); var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); var tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); console.log("[+] Our TrustManager is ready...");
console.log("[+] Hijacking SSLContext methods now...") console.log("[-] Waiting for the app to invoke SSLContext.init()...")
____ / _ | Frida 14.2.18 - A world-class dynamic instrumentation toolkit | (_| | > _ | Commands: /_/ |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/
[.] Cert Pinning Bypass/Re-Pinning [+] Loading our CA... [o] Our CA Info: O=mitmproxy, CN=mitmproxy [+] Creating a KeyStore for our CA... [+] Creating a TrustManager that trusts the CA in our KeyStore... [+] Our TrustManager is ready... [+] Hijacking SSLContext methods now... [-] Waiting for the app to invoke SSLContext.init()... [Pixel 2::智能生活]-> exit
其中 -F 参数 attach to frontmost application 不用指定 pid 或者包名,非常方便。
使用 mitmweb 查看报文
执行 mitmweb -p 8080 后可以用浏览器访问 http://127.0.0.1:8081/ 查看报文,如果需要共享报文数据可以使用 mitmweb 界面提供的 save 功能,会保存成一个 flow 文件,后面使用 mitmweb 界面提供的 open 打开报文文件即可展示报文详细信息。
vim 确实是程序编辑的利器,但是在用vim 写中文文档的时候,有一个痛点,你在用 fcitx 写中文的时候想保存文档, vim 必须切换到 normal 模式才能输入保存的命令 :w,进入normal 模式的方法是连续按两下 ESC,好了现在你应该 输入命令了,但是你没法输入你现在还在打中文呢,没有办法你必须先切换到英文输入法,然后才能正确地输入 :w 痛苦啊。
