After struggling with common tools to bypass SSL pinning, because the app that I’m testing won’t show some HTTPS traffic that I try to trap.
在尝试使用常见工具绕过 SSL pinning 后,因为我正在测试的应用程序不会显示我尝试捕获的一些 HTTPS 流量。
I’m using Frida as usual, it works well for another app except that I’m tested.
我像往常一样使用 Frida,它对于另一个应用程序运行良好,除了我经过测试。
So, my team, “the purple team” was decided to configure a transparent proxy by using an IP Forwarding feature in our kali. I was amazed by the result it works smoothly because it does not inject any script into the app.
因此,我的团队“紫色团队”决定使用 kali 中的 IP 转发功能来配置透明代理。我对它运行顺利的结果感到惊讶,因为它没有将任何脚本注入到应用程序中。
If you wanna try, this is what we doing to bypass SSL Pinning in the mobile application.
如果您想尝试,这就是我们在移动应用程序中绕过 SSL Pinning 的方法。
- Creating Android emulator in genymotion, I used Google Pixel (8.0 API 26) as my Android virtual device
在genymotion中创建Android模拟器,我使用Google Pixel(8.0 API 26)作为我的Android虚拟设备 - Open virtual box, there is android Google Pixel listed in the machine list. and choose the Settings tab to configure adapter1 and adapter2 to Host-Only Adapter. please make sure the names are different (vboxnet0 for adapter 1 and vboxnet1 for Adapter2)
打开虚拟框,机器列表中列出了 android Google Pixel。并选择设置选项卡将适配器 1 和适配器 2 配置为仅主机适配器。请确保名称不同(适配器 1 为 vboxnet0,适配器 2 为 vboxnet1)
Oracle VirtualBox Manager 中的 Google Pixel
适配器 1 配置(默认)
适配器 2 配置(从 NAT 更改为仅主机)
If you cannot find Adapter 2 in your android virtual box machine, just go in virtual box File -> Host Network Manager. and on network windows, choose to Create to make a new adapter, and don’t forget to enable DHCP.
如果您在 Android 虚拟机中找不到适配器 2,只需进入虚拟机文件 -> 主机网络管理器。在网络窗口中,选择“创建”以创建新适配器,并且不要忘记启用 DHCP。
android virtual box中的网络适配器配置
3. Start your android emulator in Genymotion
3. 在 Genymotion 中启动你的 Android 模拟器
4. Export burp certificate and install it in the android system as a Trusted certificate. (there are so many tutorials for this on the Internet).
4.导出burp证书并将其作为受信任的证书安装在android系统中。 (网上有很多这方面的教程)。
5. The next step is to configure what port we will use for intercepting connections from the android device to our burp proxy. I usually use the 8081 port for a mobile connection. so, in burp proxy open Proxy tab -> Options -> Proxy Listeners -> add
5. 下一步是配置我们将使用哪个端口来拦截从 android 设备到 burp 代理的连接。我通常使用 8081 端口进行移动连接。所以,在 burp proxy 中打开 Proxy 选项卡 -> Options -> Proxy Listeners -> add
端口绑定到 8081 和所有接口
选中支持隐形代理复选框
6. now, move to your kali, and see the IP addresses of all interfaces with ifconfig -a command, make sure there are 2 adapter names with vboxnet.
6.现在,移动到您的kali,并使用ifconfig -a命令查看所有接口的IP地址,确保有2个带有vboxnet的适配器名称。
The wlan0 is an adapter for connecting to Internet, vboxnet0 and vboxnet1 are adapters from android emulator devices.
wlan0 是连接互联网的适配器,vboxnet0 和 vboxnet1 是 Android 模拟器设备的适配器。
7. Let’s configure our android network
7. 让我们配置我们的android网络
Change the Wifi configuration to a static IP address I used 192.168.57.2 the default gateway and the DNS are automatically being set. (See the IP Address in vboxnet1)
将 Wifi 配置更改为静态 IP 地址(我使用 192.168.57.2),默认网关和 DNS 会自动设置。 (查看vboxnet1中的IP地址)
choose the SAVE button, and as usual reboot your android virtual machine before going to the next step.
选择“保存”按钮,并像往常一样重新启动您的 Android 虚拟机,然后再进行下一步。
8. now the interesting part. we will configure the IP forwarding rule in the Kali Linux machine.
8.现在是有趣的部分。我们将在 Kali Linux 机器中配置 IP 转发规则。
open your terminal in kali Linux and set the IP Forwarding to 1 (true) with this command (need root privileges):
在 kali Linux 中打开终端并使用以下命令将 IP 转发设置为 1(true)(需要 root 权限):
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
将 IP 转发设置为 True
9. exit from the root user, and set up IP tables for 80 and 443 port connection by executing this command
9.退出root用户,执行此命令为80和443端口连接设置IP表
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -o wlan0 -j 掩码
sudo iptables -t nat -A PREROUTING -p tcp -i vboxnet1 — dport 80 -j REDIRECT — to-port 8081
sudo iptables -t nat -A PREROUTING -p tcp -i vboxnet1 — dport 80 -j REDIRECT — 到端口 8081
sudo iptables -t nat -A PREROUTING -p tcp -i vboxnet1 — dport 443 -j REDIRECT — to-port 8081
sudo iptables -t nat -A PREROUTING -p tcp -i vboxnet1 — dport 443 -j REDIRECT — 到端口 8081
You can change wlan0 to eth0 (device that used for Internet connection)
您可以将 wlan0 更改为 eth0 (用于互联网连接的设备)
Now you can check your HTTPS traffic from your android is intercepted to your burp proxy.
现在您可以检查您的 Android 的 HTTPS 流量是否被拦截到您的 burp 代理。
所有http/https都被拦截
Ok, hope this trick can be an alternative way to bypass the SSL Pinning problem.
好的,希望这个技巧可以成为绕过 SSL Pinning 问题的替代方法。
原文始发于yoshi m lutfi:ByPass SSL Pinning with IP Forwarding | iptables
相关文章
