简介
本篇主要讲的内容是基于Proxyman的抓包 自动化解密 和便捷预览实践,希望能对大家有所帮助~
更多高级玩法详见官方文档Overview | Proxyman
实现
1.初识proxyman
Proxyman · Debug, intercept & mock HTTP with Proxyman
有钱用正版,没钱...o(╥﹏╥)o
2.如何连接设备
对比Charles虽然证书安装流程差不多,但Proxyman的连接说明可以说是非常的方便
3.配置SSL代理列表
添加域名后进行SSL代理设置即可,可设置黑白名单
4.脚本工具使用
可以通过自定义脚本实现请求和响应拦截
添加脚本
脚本示例(基于DES加密方式举例)
php
/// This func is called if the Request Checkbox is Enabled. You can modify the Request Data here before the request hits to the server
/// e.g. Add/Update/Remove: host, scheme, port, path, headers, queries, comment, color and body (json, form, plain-text, base64 encoded string)
///
/// Use global object `sharedState` to share data between Requests/Response from different scripts (e.g. sharedState.data = "My-Data")
///
const CryptoJS = require("@libs/crypto-js.min.js");
async function onRequest(context, url, request) {
if (request.body) {
const result = decrypt_des(request.body);
request.customPreviewerTabs["decrypt"] = result
}
return request;
}
/// This func is called if the Response Checkbox is Enabled. You can modify the Response Data here before it goes to the client
/// e.g. Add/Update/Remove: headers, statusCode, comment, color and body (json, plain-text, base64 encoded string)
///
async function onResponse(context, url, request, response) {
if (response.body) {
const result = decrypt_des(response.body);
response.customPreviewerTabs["decrypt"] = result
}
return response;
}
// 替换为你的密钥和初始向量(IV)
const key = '你自己的秘钥Key'; // 密钥
const iv = '你自己的秘钥IV'; // IV(初始向量)
// 自定义DES解密函数
function decrypt_des(crypt_text) {
try {
// 将16进制字符串转换为WordArray
const data = CryptoJS.enc.Hex.parse(crypt_text);
// 创建key和iv的WordArray对象
const keyWordArray = CryptoJS.enc.Utf8.parse(key);
const ivWordArray = CryptoJS.enc.Utf8.parse(iv);
// 使用DES-CBC模式解密
const decrypted = CryptoJS.DES.decrypt(
{ ciphertext: data },
keyWordArray,
{
iv: ivWordArray,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 // 等同于Python的unpad
}
);
// 转换为UTF-8字符串
const result = decrypted.toString(CryptoJS.enc.Utf8);
return result;
} catch (error) {
console.error('DES解密失败:', error);
return null;
}
}5.添加预览Tab
Custom Previewer Tab | Proxyman (官网搬运工)
在脚本中使用自定义预览Tab
总结
非常好使~o( ̄▽ ̄)d 👍🏻👍🏻👍🏻