时间戳

首页 > 解决方案 > 是否有一个脚本可以用来绕过此应用程序中的 SSL 固定?

android - 是否有一个脚本可以用来绕过此应用程序中的 SSL 固定?

问题描述

我已遵循本指南(https://medium.com/@ved_wayal/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29),试图绕过我的应用程序中的 SSL 固定m 正在测试。

我试过博客上的脚本,这个脚本https://gist.github.com/cubehouse/56797147b5cb22768b500f25d3888a22

两者都不允许我捕获通过 Burpsuite 发出的请求

这是我在应用程序的 apk 中找到的与 ssl pinning 相关的代码摘录。我希望有人可以帮助构建一个允许我绕过它的脚本


package f;

import f.f0.j.c;
import g.f;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;

/* compiled from: CertificatePinner */
public final class g {

    /* renamed from: c reason: collision with root package name */
    public static final g f10179c = new a().a();

    /* renamed from: a reason: collision with root package name */
    private final Set<b> f10180a;

    /* renamed from: b reason: collision with root package name */
    private final c f10181b;

    /* compiled from: CertificatePinner */
    public static final class a {

        /* renamed from: a reason: collision with root package name */
        private final List<b> f10182a = new ArrayList();

        public g a() {
            return new g(new LinkedHashSet(this.f10182a), null);
        }
    }

    /* compiled from: CertificatePinner */
    static final class b {

        /* renamed from: a reason: collision with root package name */
        final String f10183a;

        /* renamed from: b reason: collision with root package name */
        final String f10184b;

        /* renamed from: c reason: collision with root package name */
        final String f10185c;

        /* renamed from: d reason: collision with root package name */
        final f f10186d;

        /* access modifiers changed from: 0000 */
        /* JADX WARNING: Code restructure failed: missing block: B:5:0x002e, code lost:
            if (r11.regionMatches(false, r6, r7, 0, r7.length()) != false) goto L_0x0032;
         */
        /* Code decompiled incorrectly, please refer to instructions dump. */
        public boolean a(java.lang.String r11) {
            /*
                r10 = this;
                java.lang.String r0 = r10.f10183a
                java.lang.String r1 = "*."
                boolean r0 = r0.startsWith(r1)
                if (r0 == 0) goto L_0x0033
                r0 = 46
                int r0 = r11.indexOf(r0)
                int r1 = r11.length()
                int r1 = r1 - r0
                r2 = 1
                int r1 = r1 - r2
                java.lang.String r3 = r10.f10184b
                int r3 = r3.length()
                if (r1 != r3) goto L_0x0031
                r5 = 0
                int r6 = r0 + 1
                java.lang.String r7 = r10.f10184b
                r8 = 0
                int r9 = r7.length()
                r4 = r11
                boolean r11 = r4.regionMatches(r5, r6, r7, r8, r9)
                if (r11 == 0) goto L_0x0031
                goto L_0x0032
            L_0x0031:
                r2 = 0
            L_0x0032:
                return r2
            L_0x0033:
                java.lang.String r0 = r10.f10184b
                boolean r11 = r11.equals(r0)
                return r11
            */
            throw new UnsupportedOperationException("Method not decompiled: f.g.b.a(java.lang.String):boolean");
        }

        public boolean equals(Object obj) {
            if (obj instanceof b) {
                b bVar = (b) obj;
                if (this.f10183a.equals(bVar.f10183a) && this.f10185c.equals(bVar.f10185c) && this.f10186d.equals(bVar.f10186d)) {
                    return true;
                }
            }
            return false;
        }

        public int hashCode() {
            return ((((527 + this.f10183a.hashCode()) * 31) + this.f10185c.hashCode()) * 31) + this.f10186d.hashCode();
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append(this.f10185c);
            sb.append(this.f10186d.k());
            return sb.toString();
        }
    }

    g(Set<b> set, c cVar) {
        this.f10180a = set;
        this.f10181b = cVar;
    }

    static f b(X509Certificate x509Certificate) {
        return f.a(x509Certificate.getPublicKey().getEncoded()).o();
    }

    public void a(String str, List<Certificate> list) {
        String str2;
        List a2 = a(str);
        if (!a2.isEmpty()) {
            c cVar = this.f10181b;
            if (cVar != null) {
                list = cVar.a(list, str);
            }
            int size = list.size();
            for (int i2 = 0; i2 < size; i2++) {
                X509Certificate x509Certificate = (X509Certificate) list.get(i2);
                int size2 = a2.size();
                f fVar = null;
                f fVar2 = null;
                for (int i3 = 0; i3 < size2; i3++) {
                    b bVar = (b) a2.get(i3);
                    if (bVar.f10185c.equals("sha256/")) {
                        if (fVar == null) {
                            fVar = b(x509Certificate);
                        }
                        if (bVar.f10186d.equals(fVar)) {
                            return;
                        }
                    } else if (bVar.f10185c.equals("sha1/")) {
                        if (fVar2 == null) {
                            fVar2 = a(x509Certificate);
                        }
                        if (bVar.f10186d.equals(fVar2)) {
                            return;
                        }
                    } else {
                        StringBuilder sb = new StringBuilder();
                        sb.append("unsupported hashAlgorithm: ");
                        sb.append(bVar.f10185c);
                        throw new AssertionError(sb.toString());
                    }
                }
            }
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Certificate pinning failure!");
            sb2.append("\n  Peer certificate chain:");
            int size3 = list.size();
            int i4 = 0;
            while (true) {
                str2 = "\n    ";
                if (i4 >= size3) {
                    break;
                }
                X509Certificate x509Certificate2 = (X509Certificate) list.get(i4);
                sb2.append(str2);
                sb2.append(a((Certificate) x509Certificate2));
                sb2.append(": ");
                sb2.append(x509Certificate2.getSubjectDN().getName());
                i4++;
            }
            sb2.append("\n  Pinned certificates for ");
            sb2.append(str);
            sb2.append(":");
            int size4 = a2.size();
            for (int i5 = 0; i5 < size4; i5++) {
                b bVar2 = (b) a2.get(i5);
                sb2.append(str2);
                sb2.append(bVar2);
            }
            throw new SSLPeerUnverifiedException(sb2.toString());
        }
    }

    /* JADX WARNING: Code restructure failed: missing block: B:8:0x001c, code lost:
        if (r3.f10180a.equals(r4.f10180a) != false) goto L_0x0020;
     */
    /* Code decompiled incorrectly, please refer to instructions dump. */
    public boolean equals(java.lang.Object r4) {
        /*
            r3 = this;
            r0 = 1
            if (r4 != r3) goto L_0x0004
            return r0
        L_0x0004:
            boolean r1 = r4 instanceof f.g
            if (r1 == 0) goto L_0x001f
            f.f0.j.c r1 = r3.f10181b
            f.g r4 = (f.g) r4
            f.f0.j.c r2 = r4.f10181b
            boolean r1 = f.f0.c.a(r1, r2)
            if (r1 == 0) goto L_0x001f
            java.util.Set<f.g$b> r1 = r3.f10180a
            java.util.Set<f.g$b> r4 = r4.f10180a
            boolean r4 = r1.equals(r4)
            if (r4 == 0) goto L_0x001f
            goto L_0x0020
        L_0x001f:
            r0 = 0
        L_0x0020:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: f.g.equals(java.lang.Object):boolean");
    }

    public int hashCode() {
        c cVar = this.f10181b;
        return ((cVar != null ? cVar.hashCode() : 0) * 31) + this.f10180a.hashCode();
    }

    /* access modifiers changed from: 0000 */
    public List<b> a(String str) {
        List<b> emptyList = Collections.emptyList();
        for (b bVar : this.f10180a) {
            if (bVar.a(str)) {
                if (emptyList.isEmpty()) {
                    emptyList = new ArrayList<>();
                }
                emptyList.add(bVar);
            }
        }
        return emptyList;
    }

    /* access modifiers changed from: 0000 */
    public g a(c cVar) {
        if (f.f0.c.a((Object) this.f10181b, (Object) cVar)) {
            return this;
        }
        return new g(this.f10180a, cVar);
    }

    public static String a(Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            StringBuilder sb = new StringBuilder();
            sb.append("sha256/");
            sb.append(b((X509Certificate) certificate).k());
            return sb.toString();
        }
        throw new IllegalArgumentException("Certificate pinning requires X509 certificates");
    }

    static f a(X509Certificate x509Certificate) {
        return f.a(x509Certificate.getPublicKey().getEncoded()).n();
    }
}

标签: androiddebuggingsslpinningfrida

解决方案

推荐阅读