From 27631b814a6d33df275f9f2f588d89bad68df83f Mon Sep 17 00:00:00 2001
From: wangsiyuan <2392948297@qq.com>
Date: Mon, 25 Sep 2023 17:09:40 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20frida=E6=8A=93=E5=8C=85.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 frida抓包.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/frida抓包.md b/frida抓包.md
index a777e3c..307cca9 100644
--- a/frida抓包.md
+++ b/frida抓包.md
@@ -37,3 +37,23 @@ pip install frida-tools
 frida-ps -U | grep "包名"
 ```
 
+## 运行 r0capture.py
+
+```bash
+python r0capture.py -U 前面记录的目标应用包名 -p xxx.pcap
+```
+
+```
+python3 r0capture/r0capture.py -U com.vmall.client -p com.vmall.client.pcap
+```
+
+
+
+其中 -p 参数用来保存抓包结果，.pcap 是数据报存储格式，包括 Wireshark 在内的很多主流抓包软件都可以生成或者导入 pcap 数据包并分析
+
+如果中途提示 hexdump 名称错误，pip 安装一下即可
+
+```bash
+pip install hexdump
+```
+