OWASP zaproxy 是一套好用的proxy軟體,甚至軟體本身也支援ssl 封包的加解密,技巧上當然不是什麼神祕技術,主要就是使用man in middle,所以如果你有需求要觀察https 的封包,就可以透過此套軟體,然後到設定頁面dynamic SSL certificate去產生一個憑證,然後把這個憑證安裝在你要觀察的那一台電腦上面,這樣就可以騙過browser 的sercurity check,簡單的步驟如下
1. 產生 Root CA certificate
1.
2.加憑證安裝到要觀察的client 端上面:
加憑證內容文字拷貝到一個文字檔,更改附檔名為.cer,然後直接點選,就會跳出安裝憑證選項,安裝玩後,就可以使用https proxy
--
---BEGIN CERTIFICATE-----
MIID7DCCAtSgAwIBAgIEfaNZWzANBgkqhkiG9w0BAQUFADCBhDEnMCUGA1UEAwweT1dBU1AgWmVkIEF0dGFjayBQcm94eSBSb290IENBMRgwFgYDVQQHDA9hODliMTIxNWM5NDI4MmIxFjAUBgNVBAoMDU9XQVNQIFJvb3QgQ0ExGjAYBgNVBAsMEU9XQVNQIFpBUCBSb290IENBMQswCQYDVQQGEwJ4eDAeFw0xMzExMjYwNjIzMjRaFw0xNDExMjYwNjIzMjRaMIGEMScwJQYDVQQDDB5PV0FTUCBaZWQgQXR0YWNrIFByb3h5IFJvb3QgQ0ExGDAWBgNVBAcMD2E4OWIxMjE1Yzk0MjgyYjEWMBQGA1UECgwNT1dBU1AgUm9vdCBDQTEaMBgGA1UECwwRT1dBU1AgWkFQIFJvb3QgQ0ExCzAJBgNVBAYTAnh4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2vbj6Ze+IRS53SyGE3ofxkXbsAFeZwUbHK9lHg3JhkqEM2cEzn8g0RMTKYRCR3GckN3fXsn9MjFlvUVomtyHIaTQguRCWhyVI2eKnHfyNox3M1KSl7btbyGE72zri0zXgLg4z1bJQh9oqkaO9n9BoNyyeHi2PuVrNC3C5CAoAqOvINoEc5WiasBD+sPbFGjeNHn169GAmA4OfSaAAZVr9MzD1cX5FCJtirUBjCq5Trqe060Bonyf1VVUv2w0NW87M6G2VanqYnq71CXaVfN2k8En/BXC+Clv4VuP+v4+QVWdgQIwssDoxtjQS+Pk3qLQaL6B7qIQkLgaanOgFpBBQIDAQABo2QwYjAdBgNVHQ4EFgQULJd+TVzhXivuoQcWC4jw3Z/D3ygwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAbYwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMA0GCSqGSIb3DQEBBQUAA4IBAQAdfK5RBrShdKcmIVqOB4iXVAG1YgknTcAQrVRmKl5sclrYNd1AFo6onbNx/Ef3ufooxidwu76ZJOyaFjTSIo/X1NJtDlhfdSyVIcE5FxStS37IMZkNTAhjWAUFesS4tYrLYUzM6JBxYtpg+k+oVW/4jcpVwfwBGpjZ4jQB1F6FrhisOJVl15F2gtcCpC0tBqH3s8T1G65jjPeGjCgBOYv0yuk363ocoinY6BVDN+0PI6b20MIJXw5RvKdDnHzr6c5vHLXfOAb5UoJhtm0PrFK1pD7dBsAuXjdybVMFiVklx81RSYTyaxQUxLuhw0HbUElU9LUwvAMaUePdzFZ9Tt/A-----END CERTIFICATE-----
沒有留言:
張貼留言