android - 手动copy ssl证书到 系统信任的目录 emulator , der, 凭据, system certificate, burpsuite burp cacert.der

访问量: 186

参考:https://blog.csdn.net/nuaa_llf/article/details/103354579

注意:本方法很鸡肋

1. 对于PC端的安卓 模拟器 放弃该方法。不好使。放弃。 直接使用PC端整体的proxifier对模拟器进行抓包

2. 安卓模拟器很奇葩。里面很多机制都有问题(例如 访问网络居然不走代理,例如root没有/system权限,还需要 remount才行)

3. 物理机root之后也用不到这个。

下面是具体方法:

系统证书的目录是:/system/etc/security/cacerts/
每个证书的命名规则为:<Certificate_Hash>.<Number>
Certificate_Hash 表示证书文件的 hash 值,Number 是为了防止证书文件的 hash 值一致而增加的后缀;
证书的 hash 值可以由命令计算出来,在终端输入 openssl x509 -subject_hash_old -in <Certificate_File>;
其中 Certificate_File 为证书路径,将证书重命名为 hash.0 放入系统证书目录,之后你就可以正常抓包了。

openssl x509 -subject_hash_old -in cacert.der -inform DER

会看到:

$ openssl x509 -inform DER -subject_hash_old -in ~/Downloads/cacert.der 
9a5ba575
-----BEGIN CERTIFICATE-----
MIIDpzCCAo+gAwIBAgIEekqFVzANBgkqhkiG9w0BAQsFADCBijEUMBIGA1UEBhML
UG9ydFN3aWdnZXIxFDASBgNVBAgTC1BvcnRTd2lnZ2VyMRQwEgYDVQQHEwtQb3J0
U3dpZ2dlcjEUMBIGA1UEChMLUG9ydFN3aWdnZXIxFzAVBgNVBAsTDlBvcnRTd2ln
Z2VyIENBMRcwFQYDVQQDEw5Qb3J0U3dpZ2dlciBDQTAeFw0xNDAzMDcwOTA0NTha
Fw0zMTAzMDcwOTA0NThaMIGKMRQwEgYDVQQGEwtQb3J0U3dpZ2dlcjEUMBIGA1UE
CBMLUG9ydFN3aWdnZXIxFDASBgNVBAcTC1BvcnRTd2lnZ2VyMRQwEgYDVQQKEwtQ
b3J0U3dpZ2dlcjEXMBUGA1UECxMOUG9ydFN3aWdnZXIgQ0ExFzAVBgNVBAMTDlBv
cnRTd2lnZ2VyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozoB
Q71t0TpMEkLjRVH3HvQkBdBsFk2kPE0d50K1C950Abvhpp7/OBwvnb5ViMUgFDmP
9lpmMSTACbrUo6mbVMDxhOPScSc7yZdJyBS1bgVe+sDOFL39OEUtAH90ZdqzuYg+
LRotdK8xic1Ck/BqWuzQyAmiFLeaV+ZVUgGDJvBjQeZ5YTvunJ9LJi9nW01rXkwX
EW03JndudbjBMi5EanD6ROjnjPAF7yzZnsVS3NKyJOEnKSNP+pOWUNf/SR+mUtF7
2l5l87j+TFjRnf3R3334TKHTYQ1VkgzRd2mz5kmc2yeQiP9iFNkyxWiCtbVxkyFq
YJgXostC0v675GrNOwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQBFfbRVcpeXDsK1AC6pDzPP/R+FzaZuWle07wRi1Pd9eC5TuTqd
YFy2/Mig/a7Uxz1I6qPjKvIbR4ZMVD6ZTmsDr3Ubny/1Rm8P2ahqvHioBfiqnACR
fJcUqotkSEQxfHvyN8WXfCnqqHCiC0FVZT4emdpyEY9fYjcrV1nuN916baKAvzUV
UUTNCNNPaREncbBG2UaWTfvEMTCRO3/PmSU4+qbYnCCN2gfZlFF0xu6TYUC7Z0G+
5l+6Vd8/k3vSrL67Otlo19z4uMiTe0UVWxqHG/awVxDgoMnRfewudxHqPPIusOp7
3cKORPK8j8j0/7L7yT1QR8gPbD6S0vTQtgnN
-----END CERTIFICATE-----

订阅/RSS Feed

Subscribe

分类/category