手机抓包

手机抓包,不想走内网本机的网关。理论上模拟器和本机是连接的,不需要通过网关吧

0X01 mumu模拟器

1) 定IP

找到mumu的adb --> adb_server.exe

C:\Program Files (x86)\MuMu\emulator\nemu\vmonitor\bin\adb_server.exe

adb_server.exe devices

连接mumu的端口

adb_server.exe connect 127.0.0.1:7555

adb_server.exe 查看mumu的IP

adb_server.exe shell ifconfig

mumu的IP为
10.0.2.15   10.0.3.15

ping了试一试,主机IP为 10.0.2.2  10.0.3.3

2) 连burpsuite

burpsuite设置 127.0.0.1 的6666端口,或者 *:6666

mumu方面,使用adb打开mumu的网络连接设置

adb_server.exe shell am start -a android.intent.action.MAIN -n com.android.settings/.wifi.WifiSettings

像日常手机一样,长按wifi设置代理为   10.0.2.2:6666,则连接到 burpsuite 127.0.0.1:6666上

0X02 逍遥模拟器

1) adb端口

adb.exe位置: 
C:\Program Files\Microvirt\MEmu\adb.exe

在 C:\Program Files\Microvirt\MEmu\MemuHyperv VMs\MEmu\MEmu.memu-prev中,找到逍遥模拟器的adb端口   21503

adb_server.exe connect 127.0.0.1:21503

2) 查IP

直接ifconfig没有结果

adb_server.exe shell ifconfig # 没有结果

通过traceroute可以确定本机即网关IP

adb.exe shell traceroute 10.9.66.66
traceroute to 10.9.21.38 (10.9.21.38), 30 hops max, 38 byte packets
 1  10.0.2.2 (10.0.2.2)  1.540 ms  1.587 ms  1.539 ms
 2  *  *  *
 3  *  *  *

ip addr查找IP,其中 wlan0为IP

adb.exe shell ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether e6:ec:5d:5b:89:3c brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 72:30:c6:5d:42:15 brd ff:ff:ff:ff:ff:ff
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether c6:a6:c0:a8:8c:b1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::c4a6:c0ff:fea8:8cb1/64 scope link
       valid_lft forever preferred_lft forever
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
    link/sit 0.0.0.0 brd 0.0.0.0

3) 连burp

找到IP后,其他与mumu一致了。burpsuite绑127.0.0.1,逍遥模拟器wifi代理设置向网关IP 10.0.2.2的端口就好了

posted @ 2020-06-19 15:01  huim  阅读(323)  评论(0编辑  收藏  举报