http代理服务器(十)手机抓包【重点】
几部分知识合起来:
https原理
手机抓包原理
fiddler原理+fiddler为什么抓chrome而不能抓curl和httpclient?fiddler为什么能篡改报文?
Charles 浏览器http/https APP/https
https代理服务器
| 发布状态 | 评论数 | 阅读数 | 操作 | 操作 | ||
|---|---|---|---|---|---|---|
| https代理服务器(四)java动态签发 (4天前 ) |
2022-12-16 14:11 | 已发布 | 0 | 2 | 编辑 | 删除 |
| https代理服务器(三)实践 (5天前 ) |
2022-12-15 14:52 | 已发布 | 0 | 1 | 编辑 | 删除 |
| https代理服务器(二)浏览器如何验证证书 (1周前 ) |
2022-12-13 15:33 | 已发布 | 0 | 1 | 编辑 | 删除 |
| https代理服务器(一)问题引出 (1周前 ) |
2022-12-13 13:45 | 已发布 | 0 | 4 | 编辑 | 删除 |
0 导出根证书
mac@macdeMacBook carrot-jdk7-jnlp-decompile-deploy % mkcert --CAROOT
/Users/mac/Library/Application Support/mkcert
mac@macdeMacBook carrot-jdk7-jnlp-decompile-deploy % cd ~/Library/Application\ Support/mkcert
mac@macdeMacBook mkcert % ll
total 16
drwxr-xr-x 4 mac staff 128 12 20 17:51 ./
drwx------+ 48 mac staff 1536 12 12 14:53 ../
-r-------- 1 mac staff 2484 12 12 14:53 rootCA-key.pem
-rw-r--r--@ 1 mac staff 1667 12 20 17:51 rootCA.pem
mac@macdeMacBook mkcert %
1 ios 16.1直接信任mkcert根证书 rootCA.pem,iphone显示已验证,浏览器小🔒
2 有个插曲
========null
========***************************res79
========ret 200
========Date Tue, 20 Dec 2022 15:10:07 GMT
========Vary Accept-Encoding
========Content-Type text/html; charset=GBK
========X-Powered-By PHP/5.6.21
========Connection close
========Server Apache
========
{"userId":600037694,"userName":"Silyvin88","nickName":"\u55b7\u9600","hp":1601,"pp":104,"pNum":158,"vNum":0,"rNum":1955,"sex":"\u7537","area":"\u4e0a\u6d77","city":"\u4e0a\u6d77","register":1489626946,"loginTime":1671534809,"loginIp":"","underWrite":"","email":"","friendsNum":5,"fansNum":3,"favouriteNum":337,"mobile":"138****4674","birthday":"0000-00-00","userCertStat":1,"img_pic_id":"http:\/\/club-img.kdslife.com\/avatar\/noimage.png","identity":"","listPrivateTopic":0,"listPrivateReply":1,"badge_num":0,"balance":0,"shop_info":{"shop_id":0,"shop_link_url":"","shop_name":"","shop_type":0},"is_member":0,"member_time":"","free_pp":1,"avatar_box":""}
========***************************
========null
这个res无论用gbk还是utf-8还是unicode,都是\uxxxx,
而我nickname是 喷阀,16位unicode就是\u55b7\u9600,https://bianma.supfree.net/chaye.asp?id=9600
他们把16位的unicode中文转为字符串,然后再用GBK编码那个字符串
public static void main(String []f) throws UnsupportedEncodingException {
String nickName = "喷阀";
byte [] bytes = nickName.getBytes("unicode");
String tmp = bytesToHexString(bytes);
System.out.print(tmp);
}
public static String bytesToHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < bytes.length; i++) {
String hex = Integer.toHexString(0xFF & bytes[i]);
if (hex.length() == 1) {
sb.append('0');
}
sb.append(hex);
}
return sb.toString();
}
打印出来是feff55b79600
https://www.zhihu.com/question/538530207/answer/2536299891
Endian方式直接保存下来。UTF-16包括三种:UTF-16,UTF-16BE(Big Endian),UTF-16LE(Little Endian)。
UTF-16BE和UTF-16LE不难理解,而UTF-16就需要通过在文件开头以名为BOM(Byte Order Mark)的字符来表明文件是Big Endian还是Little Endian。BOM为U+FEFF这个字符。
其实BOM是个小聪明的想法。由于UCS-2没有定义U+FFFE,因此只要出现 FF FE 或者 FE FF 这样的字节序列,就可以认为它是U+FEFF,并且可以判断出是Big Endian还是Little Endian。
举个例子。“ABC”这三个字符用各种方式编码后的结果如下:
| UTF-16BE | 00 41 00 42 00 43 |
| UTF-16LE | 41 00 42 00 43 00 |
| UTF-16(Big Endian) | FE FF 00 41 00 42 00 43 |
| UTF-16(Little Endian) | FF FE 41 00 42 00 43 00 |
| UTF-16(不带BOM) | 00 41 00 42 00 43 |
Windows平台下默认的Unicode编码为Little Endian的UTF-16(即上述的 FF FE 41 00 42 00 43 00)。你可以打开记事本,写上ABC,然后保存,再用二进制编辑器看看它的编码结果。
3 ios 13直接信任mkcert根证书 rootCA.pem,iphone显示已验证,浏览器小🔒
浙公网安备 33010602011771号