如何使用magisk在安卓安装https ca证书
发表于:2022-09-15 |

安卓7和以上,https抓包需要将ca证书安装为系统证书,即把pem格式的证书放到/system/etc/security/cacerts/<证书hash>.0路径。部分手机可能有限制,无法修改system分区,可以用magisk模块的方式不修改system分区安装系统证书。

注意,安装magisk一般需要手机可以解锁bootloader。

  1. 如果证书是cer格式,转换成pem格式

    1
    openssl x509 -inform DER  -in FiddlerRoot.cer -out FiddlerRoot.pem

  2. 读取证书hash,将证书文件名改为”<hash>.0”

    1
    2
    3
    4
    $ openssl x509 -inform PEM -subject_hash_old -in FiddlerRoot.pem | head -1
    269953fb

    $ cp FiddlerRoot.pem 269953fb.0

  3. 下载这个magisk模块模板。(博客的贴图服务器坏了,暂时直接用base64把文件贴上来)

    1
    echo 'UEsDBBQAAAAIAEg7LlVJNhk5yQQAAIUPAAAJAAAAY29uZmlnLnNozVdrb9MwFP2eX3EZSDxUtvGWKkAqbIhJjFZrQeJT5SY3jSGxg+20K4j/zrHj9DEQD4lKeN3mOL733HN9H+71vY0EP3Qu5tJ+wmS2Iqfrj7pQywaP+EwKaQkfQY6ruhSO6YusKdeGMl5wqWs21ivZ29irak/xTFlnmtRJrWy/Xbp3SKNSpEwr3RjKZclwgnKa7MrCD6BfZmzoVsYlwyOuYKr9/sKvtwK3oeb+Ib2SZQnRVlGls6bkm15XroPCuHRYG11D4MEhvdQql/PGtFotOyfV3EvgWdqgmm6luqq0OkrD3kNbeLCHAMOpiGwhVMoZ5Swc1NgeljKyBcMQLydU1pJpAVIjaxcpNspb3yr3nsCotXV3c3s3E04AqAeLzEKmjDk2PGox00KoOcwkT6MFDIT9RHq/ivIIRGUuOQt7ogGRRuvUzgf7PO996r5OJ5xLxXafIEB5O5yc9tu8rIVxVAhL8OWM4e2PDTyZ+cdcuvYI9FKRYs5s0mXz0ofkLMRXF8hKVBxP/6gKxaDbbAvdlBmJ0upOxvrNAPVzmW2CexPJ3oDaoDwoRz5GG4sYSM6HJ2cnz3KZZSWbFNliXDBqzM4LIAehL/fKgsF+jZWYlRzqU0rnulHOVyuEpEcDk2BbKT9B0LVOiCJZMng3GZ4P372dPPOKf4NTapHRdhiOLoajV2dvTp/lYP4r6Z0EidmUjIbjyavxyWAy+L28L6lT63CSXWp1Wt4MJqfjyeBiMj69eH/2Mtqy5xj2xVCUMAonRudsrZjzPhGjZ5aFcMEnS6G8n3zcLbHKimRrEcrLOs6SpDYoIFNMfeTeuk1fE6JGTsMyHdz59TjY2UwYsQPSeYhhmnStDuPg7zR/2/P5XHBoNAh66/aJBKg3gCB4njJpOHXaSLbbZxTXyxWZ1qi2SXFMJGh4scIlIRdN6aKD29pTsZlvt1asuiJIAmMu0S02Kk422IEzMqZgNEeEB+qL6XXVbGNMhTLht8UGl2qDJlhrla15rK4YCpgPoJVpddN1JQGcKr1oCx5fCsQDA6XUy55fskwLUTa8KabYa5ZGOoeIna3WpTfYvH2NUp225OJ09GaArD5IYgM8EnV9BENcM+P1GuJucde/GIfnd2c/eRPvCOs3uUFSLLX5lBx4bi91vODsWhX82EPhDBzWBHYoQ/raydC3nGtrh4BJKGBXPdZFATiusEnNe1SyWITSjHxyK/QMP4e40sst+gd7TpkRm0pa34L+39aMe9603tgZKxrCP6bP1rtedPsmQCts7RRMEeKNsRJv6AY67mgweU103H6ePHqEv48fPkyC8qFCulhdIRFqTqUo23SE5s+NNHE1l+k2uhcEQ+TbD5Z1lwXPd651hlasm3kRvitUvmenwrJtocdAXX+jWMdT4cNFadwqWPiW0FYZ3Q8yP6X4FDntW8BzujKewrlsntPTudFN/Txs3JiKZ091ZyHVKBuXzj6nW5Fbn5q+nn1EzZiafptbUy/Wt8e3vUW/dHqXjKWcRZOOd/7H41iPzcFs9FJr5i7B3zL9V6x+5DKTyhcpNEOd4mrw4P4Wm/vHx8dXWW0jfVnNNW46fMkpkP4AKOPL+xohEMZfAEW5P0TC8fhfZOuh1T8e1OZgviXfAVBLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAACQAAAE1FVEEtSU5GL1BLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAADQAAAE1FVEEtSU5GL2NvbS9QSwMECgAACAAAsq0oVAAAAAAAAAAAAAAAABQAAABNRVRBLUlORi9jb20vZ29vZ2xlL1BLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAAHAAAAE1FVEEtSU5GL2NvbS9nb29nbGUvYW5kcm9pZC9QSwMECgAACAgADQBrUzP3pRU9AQAAVAIAACkAAABNRVRBLUlORi9jb20vZ29vZ2xlL2FuZHJvaWQvdXBkYXRlLWJpbmFyeZWQTUsCURSG9+dXnMZB+kDvOLkLg0gNKTH6WhRxGZ1rXrxzp5y5FqTLILO2rQyCFm2i2kUL/00T/oxGJci0qLM8533fc84TmSJekUviVQAi3wsiGJzfBPft4PJ6whSUY3lVNEwT+sqL2163q3wuaFnJks9d6b29toPWFShOD2tc+tMzeIqsVHFR0xPaAjYBauxI8Rqjkh1TxzrgXrUvAsRPD2qzv5c2Isbe00vw2OrdnWF+EId104gn56ZQ+28oO+E+JqA5AcwXQO+dh6DzjKN/x0OcP5ugsL2VTad0E3Zz69ncWialzwM4rgoPI7blW2guEpvViVRCAOxhrDzsE8sukiElMrYQ97HRwHGeEP+DOVyi55dWcpurdCezQZcL6QzGhI+mkTSMMDkanZQMXHq+JQR1XFsJBgNiBnwAUEsDBAoAAAgIAA0Aa1N7C25iCgAAAAgAAAAqAAAATUVUQS1JTkYvY29tL2dvb2dsZS9hbmRyb2lkL3VwZGF0ZXItc2NyaXB0U/Z1dPcM9uYCAFBLAwQUAAAACAD4Oi5VMul08UgAAAB2AAAACwAAAG1vZHVsZS5wcm9wZYtBDoAwCATv/U0fwMmHNAQwkmgxgH2/Jqan3jazM8qwK/MpTkjiGaXjJZM1wvbTIR5qHUadczMWqAWfPMzXgCXI9c7PXM8XUEsDBAoAAAgAALKtKFQAAAAAAAAAAAAAAAAHAAAAc3lzdGVtL1BLAwQKAAAIAACyrShUAAAAAAAAAAAAAAAACwAAAHN5c3RlbS9ldGMvUEsDBBQAAAAAAAU7LlUAAAAAAAAAAAAAAAAUAAAAc3lzdGVtL2V0Yy9zZWN1cml0eS9QSwMEFAAAAAAABzsuVQAAAAAAAAAAAAAAABwAAABzeXN0ZW0vZXRjL3NlY3VyaXR5L2NhY2VydHMvUEsBAj8AFAAAAAgASDsuVUk2GTnJBAAAhQ8AAAkAJAAAAAAAAAAgAAAAAAAAAGNvbmZpZy5zaAoAIAAAAAAAAQAYAMwmLTjIx9gBzCYtOMjH2AGMW7UgyMfYAVBLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAAAAPAEAABNRVRBLUlORi9QSwECCgAKAAAIAACyrShUAAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAAAXBQAATUVUQS1JTkYvY29tL1BLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAUAAAAAAAAAAAAAAAAAEIFAABNRVRBLUlORi9jb20vZ29vZ2xlL1BLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAcAAAAAAAAAAAAAAAAAHQFAABNRVRBLUlORi9jb20vZ29vZ2xlL2FuZHJvaWQvUEsBAgoACgAACAgADQBrUzP3pRU9AQAAVAIAACkAAAAAAAAAAAAAAAAArgUAAE1FVEEtSU5GL2NvbS9nb29nbGUvYW5kcm9pZC91cGRhdGUtYmluYXJ5UEsBAgoACgAACAgADQBrU3sLbmIKAAAACAAAACoAAAAAAAAAAAAAAAAAMgcAAE1FVEEtSU5GL2NvbS9nb29nbGUvYW5kcm9pZC91cGRhdGVyLXNjcmlwdFBLAQI/ABQAAAAIAPg6LlUy6XTxSAAAAHYAAAALACQAAAAAAAAAIAAAAIQHAABtb2R1bGUucHJvcAoAIAAAAAAAAQAYAJsvs9/Hx9gBmy+z38fH2AGvfVvSx8fYAVBLAQIKAAoAAAgAALKtKFQAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAPUHAABzeXN0ZW0vUEsBAgoACgAACAAAsq0oVAAAAAAAAAAAAAAAAAsAAAAAAAAAAAAAAAAAGggAAHN5c3RlbS9ldGMvUEsBAj8AFAAAAAAABTsuVQAAAAAAAAAAAAAAABQAJAAAAAAAAAAQAAAAQwgAAHN5c3RlbS9ldGMvc2VjdXJpdHkvCgAgAAAAAAABABgAbVnE7MfH2AFtWcTsx8fYAW1ZxOzHx9gBUEsBAj8AFAAAAAAABzsuVQAAAAAAAAAAAAAAABwAJAAAAAAAAAAQAAAAdQgAAHN5c3RlbS9ldGMvc2VjdXJpdHkvY2FjZXJ0cy8KACAAAAAAAAEAGAA8T0vvx8fYATxPS+/Hx9gBPE9L78fH2AFQSwUGAAAAAAwADACnAwAArwgAAAAA' | base64 -d > fiddler_ca_cert_magisk.zip

  4. 将证书放到zip里的/system/etc/security/cacerts/下,可以使用7-zip直接拖进去,不需要设置文件权限。

    1
    2
    3
    4
    $ zipinfo fiddler_cacert.zip
    Archive:  fiddler_cacert.zip
    ...
    -rw-a--     6.3 fat     1342 bx defN 22-Sep-14 07:18 system/etc/security/cacerts/269953fb.0

  5. 将zip包在magisk里作为magisk模块刷入,重启手机即可。

android ctf-web
上一篇:
在不知道路由器管理密码时嗅探路由器拨号账号密码
下一篇:
某羊游戏通信安全分析

由于Valine存在安全问题,我们不会记录您的IP地址。您所填入的内容,和您的User-Agent信息将明文公开存储。

    •

    皖ICP备19010835号-1 | Powered by Hexo | Theme Bamboo

    本站总访问量: |