阿里系大多使用了MTOP来加签请求,所以需要通过hook的方式关掉这个加签。我这里使用的是xposed。也可以使用Frida
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
XposedBridge.log("========START=====");
if(lpparam.packageName.contains("com.taobao")){
XposedUtil.checkXposed(lpparam);
XposedHelpers.findAndHookMethod(XposedHelpers.findClassIfExists("mtopsdk.mtop.global.SwitchConfig", lpparam.classLoader), "isGlobalSpdySwitchOpen",
new XC_MethodHook() {
protected void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable {
super.afterHookedMethod(methodHookParam);
XposedBridge.log("========开启抓包=====");
methodHookParam.setResult(Boolean.valueOf(false));
}
});
}
}
Charles设置抓包HTTPS,打开淘宝,就能在Charles看到请求了