遇到有些APP的HTTPS请求无法抓取!错误提示: !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate for pipe (CN=*.umeng.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).

google了下,貌似有些APP的证书不能随便构造,

这个回答提到了一种叫Certificate Pinning(证书锁定)的机制     https://stackoverflow.com/questions/33382870/how-to-capture-httpstls-1-0-communications-from-android-app-with-fiddler4

官方说:

From the Fiddler book:

Certificate Pinning

A very small number of HTTPS client applications support a feature known as “Certificate Pinning” whereby the client application is hardcoded to accept only one specific certificate. Even if the connection uses a certificate that chains to a root that is otherwise fully-trusted by the operating system, such applications will refuse to accept an unexpected certificate.

To date, some Twitter and Dropbox apps include this feature, and Windows 8 Metro apps may opt-in to requiring specific certificates rather than relying upon the system’s Trusted Root store. Firefox’s automatic browser update feature will silently fail when Fiddler is decrypting its traffic. The Microsoft Security toolkit named EMET can enable pinning in any application for certain “high-value” sites (including Windows Live). The Chrome browser supports pinning, but it exempts locally-trusted roots like Fiddler’s.

When a Certificate-Pinned application performs a HTTPS handshake through a CONNECT tunnel to Fiddler, it will examine the response’s certificate and refuse to send any further requests when it discovers the Fiddler-generated certificate. Unfortunately, there is no general-purpose workaround to resolve this; the best you can do is to exempt that application’s traffic from decryption using the HTTPS tab or by setting the x-no-decrypt Session flag on the CONNECT tunnel. The flag will prevent Fiddler from decrypting the traffic in the tunnel and it will flow through Fiddler uninterrupted.

A very small number of HTTPS client applications support a feature known as “Certificate Pinning” whereby the client application is hardcoded to accept only one specific certificate. Even if the connection uses a certificate that chains to a root that is otherwise fully-trusted by the operating system, such applications will refuse to accept an unexpected certificate. To date, some Twitter and Dropbox apps include this feature, and Windows 8 Metro apps may opt-in to requiring specific certificates rather than relying upon the system’s Trusted Root store. Firefox’s automatic browser update feature will silently fail when Fiddler is decrypting its traffic. The Microsoft Security toolkit named EMET can enable pinning in any application for certain “high-value” sites (including Windows Live). The Chrome browser supports pinning, but it exempts locally-trusted roots like Fiddler’s. When a Certificate-Pinned application performs a HTTPS handshake through a CONNECT tunnel to Fiddler, it will examine the response’s certificate and refuse to send any further requests when it discovers the Fiddler-generated certificate.

Unfortunately, there is no general-purpose workaround to resolve this; the best you can do is to exempt that application’s traffic from decryption using the HTTPS tab or by setting the x-no-decrypt Session flag on the CONNECT tunnel. The flag will prevent Fiddler from decrypting the traffic in the tunnel and it will flow through Fiddler uninterrupted.
If you're very serious about circumventing pinning, you can jailbreak the device and use any of a number of 3rd party toolkits to disable the pinning code.

大概意思就是Fiddler对这种APP的证书认证机制无能为力,只能望洋兴叹!呜呼哀哉!

有能解决这个问题的朋友麻烦留言下!!谢谢!

Fiddler无法抓取某些APP的HTTPS请求,无解!!!的更多相关文章

  1. 解决fiddler无法抓取本地部署项目的请求问题

    在本地部署了几个应用,然后想用fiddler抓取一些请求看看调用了哪些接口,然鹅,一直抓不到... 比如访问地址是这样的: 在网上搜罗半天,找到一个解决方法 在localhost或127.0.0.1后 ...

  2. 使用Burpsuite抓取手机APP的HTTPS数据

    1.所需条件 · 手机已经获取root权限 · 手机已经成功安装xposed框架 · 电脑一台 2.详细步骤 2.1 在手机上面安装xposed JustTrustMe JustTrustMe是一个去 ...

  3. 关于Charles抓取手机访问的Https请求

    准备工作 本次测试的Charles版本为3.9.1 · 首先在Charles中开启HTTP请求的远程监听. · 然后分别在手机和Mac上安装Charles的证书. 注意:证书一定要一致,否则抓取不到. ...

  4. Window下通过charles代理抓取iphone/android手机Https请求乱码问题处理

    Window下通过charles代理抓取iphone手机Https请求乱码问题 如果保持默认设置,https的reqeust和response都是乱码,设置完之后https就可以抓包了 手机端操作: ...

  5. Fiddler高级用法-抓取手机app数据包

    在上一篇中介绍了Fiddler的基本使用方法.通过上一篇的操作我们可以直接抓取浏览器的数据包.但在APP测试中,我们需要抓取手机APP上的数据包,应该怎么操作呢? Andriod配置方法 1)确保手机 ...

  6. Fiddler 4 抓包(APP HTTPS )

    一.手机连接Fiddler 1.配置fiddler 1.安装fiddler,基本下一步下一步即可: 2.打开fiddler,点击顶部栏Tools——>Options 3.在HTTPS页签勾选“D ...

  7. 使用Fiddler抓取手机APP数据包--360WIFI

    使用Fiddler抓取手机APP流量--360WIFI 操作步骤:1.打开Fiddler,Tools-Fiddler Options-Connections,勾选Allow remote comput ...

  8. 《吐血整理》高级系列教程-吃透Fiddler抓包教程(26)-Fiddler如何抓取Android7.0以上的Https包-上篇

    1.简介 众所周知,假如设备是android 7.0+的系统同时应用设置targetSdkVersion >= 24的话,那么应用默认是不信任安装的Fiddler用户证书的,所以你就没法抓到应用 ...

  9. Fiddler捕获抓取 App端数据包

    最近项目设计到App抓包,所以采用Fiddler工具来采集获取APP数据包,但是fiddler对有些app是无法捕获到数据包的,以下是我的处理方法: 1. 我默认代理端口使用的是自定义的端口而不是默认 ...

随机推荐

  1. JS函数机制小结

    1.javascript中函数是第一型对象,即与其它对象一样,具有: 1.可以通过字面量创建 2.可以赋值给变量或者属性 3.可以作为参数进行传递 4.可以作为函数结果返回 5.拥有属性和方法 2.函 ...

  2. Linux 多个vi、vim进程编辑同一文件时的临时文件问题

    多个vi.vim进程编辑同一文件时的临时文件问题 by:授客 QQ:1033553122   使用vi.vim编辑文件,实际是先copy一份临时文件并映射到内存里进行编辑,所以你编辑的是临时文件,不是 ...

  3. 使用Picasso将加载的图片变成圆形

    http://blog.it985.com/14794.html,感谢该作者 Picasso的GITHUB地址:https://github.com/square/picasso. 怎么实现各种各样的 ...

  4. 声明元素<%! %>、Scriptlet元素<% %>、表达式元素<%= %>、注释元素、输出特殊符号<%和%>

    声明元素 <%! 类成员声明或方法声明 %> 在声明元素中编写的代码,将转译为Servlet中的类成员或方法. 重新定义jspInit()方法,或是在jspDestroy(),就是在声明元 ...

  5. Python+Selenium笔记(六):元素定位

      (一)  前言 Web应用以及包含超文本标记语言(HTML).层叠样式表(CSS).JS脚本的WEB页面,基于用户的操作(例如点击提交按钮),浏览器向WEB服务器发送请求,WEB服务器响应请求,返 ...

  6. cuda中threadIdx、blockIdx、blockDim和gridDim的使用

    threadIdx是一个uint3类型,表示一个线程的索引. blockIdx是一个uint3类型,表示一个线程块的索引,一个线程块中通常有多个线程. blockDim是一个dim3类型,表示线程块的 ...

  7. 从零自学Java-5.使用条件测试进行判断

    1.使用if语句进行最基本的条件测试:2.测试一个值大于还是小于另一个值:3.测试两个值是否相等:4.使用与if语句对应的else语句:5.组合多个条件测试:6.使用switch语句进行复杂的条件测试 ...

  8. mssql 监控随笔

    性能监控列表: •    Memory: Pages/sec   ( 从硬盘上读取或写入硬盘的页数(参考值:00~20) •    Physical Disk: % Disk time 或 Physi ...

  9. pt-osc全解pt-online-schema-change

    MySQL 大字段的DDL操作:加减字段.索引.修改字段属性等,在5.1之前都是非常耗时耗力的,特别是会对MySQL服务产生影响.在5.1之后随着Plugin Innodb的出现在线加索引的提高了很多 ...

  10. centos7 安装ldap

    ldap首先我们要知道这个ldap的概念, LDAP是轻量目录访问协议(Lightweight Directory Access Protocol)的缩写 目录是一个为查询.浏览和搜索而优化的专业分布 ...