60 lines
913 B
Markdown
60 lines
913 B
Markdown
# frida抓包
|
||
|
||
## 环境和工具准备:
|
||
|
||
- python 3.x
|
||
- r0capture
|
||
- frida / frida-tools
|
||
- apkshell
|
||
|
||
## r0capture
|
||
|
||
```shell
|
||
git clone https://github.com/r0ysue/r0capture
|
||
```
|
||
|
||
## frida
|
||
|
||
frida-server下载地址
|
||
|
||
```
|
||
https://github.com/frida/frida/releases
|
||
```
|
||
|
||
虚拟环境安装frida和frida- tools
|
||
|
||
```shell
|
||
pip install frida
|
||
```
|
||
|
||
```shell
|
||
pip install frida-tools
|
||
```
|
||
|
||
使用Frida查看包进程
|
||
|
||
```shell
|
||
frida-ps -U | grep "包名"
|
||
```
|
||
|
||
## 运行 r0capture.py
|
||
|
||
```bash
|
||
python r0capture.py -U 前面记录的目标应用包名 -p xxx.pcap
|
||
```
|
||
|
||
```
|
||
python3 r0capture/r0capture.py -U com.vmall.client -p com.vmall.client.pcap
|
||
```
|
||
|
||
|
||
|
||
其中 -p 参数用来保存抓包结果,.pcap 是数据报存储格式,包括 Wireshark 在内的很多主流抓包软件都可以生成或者导入 pcap 数据包并分析
|
||
|
||
如果中途提示 hexdump 名称错误,pip 安装一下即可
|
||
|
||
```bash
|
||
pip install hexdump
|
||
```
|
||
|