Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Xposed+XServer无需脱壳抓取加密APP真实IP

 Share


Recommended Posts

环境

夜神模拟器 6.6.0.5
Android version 5.1.1
Xposed.installer(5.11安卓系统)
Xserver (0.6.2)

4.42安卓模拟器Xposed框架链接:
https://pan.baidu.com/s/1depSSHCy0KYcFZzkPH7aZQ 密码: vmyr

5.11安卓模拟器Xposed框架链接:
https://pan.baidu.com/s/1erZD4gMk1MQdVklnrmSuLg 密码: s4j4

Xserver下载
https://github.com/monkeylord/XServer

Starting

安好xp框架,然后安装好xserver

Y3KLGT.png

两个坑:

  • xp框架安装好后重启后发现未激活 - 重启后重新安装 (这里我没遇到)
  • xserver安好后激活了模块之后发现还是无法激活 - 重启Android。重启之后还是没用重新安装xp框架
Y3M8SS.png

随便安个APP,拿的某音作为测试,打开某音。然后在Xserver选中对应的app

Y3Mq0A.png

adb连接

adb connect 127.0.0.1:62001
adb shell //检查8000端口是否真的打开了
adb forward tcp:8000 tcp:8000 //映射到本地的8000端口

 

  • Y3QrNt.png

访问Sucess的话如下

Y3QWuQ.png

然后可以看到各种module?还是包。不知道该怎么称呼….,随便点开一个可以看到详细信息

Y3Qjb9.png

访问http://127.0.0.1:8000/tracer可以搜索什么函数之类的然后可以Hook

Y3QXDJ.png

搜了个http,然后点击Hook Matched Class可以Hook了,然后刷新一下某音视频就能看到hook了的结果

Y3l3rQ.png

然后就是什么配置Android然后burp抓包看什么的。一般都是通信被加密了,然后通过这种方法来对着看什么什么之类的。没搞过就不说了

 

Link to post
Link to comment
Share on other sites

  • HACK1949 changed the title to Xposed+XServer无需脱壳抓取加密APP真实IP
 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...