直接把域名换成ip,是会报错的,直接证书验证不通过。
通过对接受挑战的方法hopper可以看到和普通代码没有区别
void -[DTURLRequestOperation URLSession:task:didReceiveChallenge:completionHandler:](void * self, void * _cmd, void * arg2, void * arg3, void * arg4, void * arg5) {
r15 = self;
r13 = [arg4 retain];
r12 = [arg5 retain];
if (r13 != 0x0) {
var_-72 = r13;
var_-64 = r12;
var_-56 = r15;
rbx = [[r15 request] retain];
r15 = [[rbx allHTTPHeaderFields] retain];
r13 = [[r15 objectForKey:@"host"] retain];
[r15 release];
[rbx release];
var_-48 = r13;
if (r13 == 0x0) {
r15 = [[var_-56 request] retain];
rbx = [[r15 URL] retain];
var_-48 = [[rbx host] retain];
[rbx release];
[r15 release];
}
r13 = var_-72;
rbx = [[r13 protectionSpace] retain];
r15 = [[rbx authenticationMethod] retain];
r12 = [r15 isEqualToString:*_NSURLAuthenticationMethodServerTrust];
[r15 release];
[rbx release];
if (r12 != 0x0) {
rbx = [[r13 protectionSpace] retain];
rdx = [rbx serverTrust];
rcx = var_-48;
r14 = [var_-56 evaluateServerTrust:rdx forDomain:rcx];
[rbx release];
r12 = var_-64;
if (r14 != 0x0) {
r14 = [[r13 protectionSpace] retain];
r15 = [[NSURLCredential credentialForTrust:[r14 serverTrust], rcx] retain];
[r14 release];
}
else {
r15 = 0x0;
}
}
else {
r15 = 0x0;
r12 = var_-64;
}
(*(r12 + 0x10))(r12);
[var_-48 release];
[r15 release];
}
[r12 release];
[r13 release];
return;
}
然后hook这个方法直接返回验证通过
.h
#import <APMobileNetwork/APMobileNetwork.h>
NS_ASSUME_NONNULL_BEGIN
@interface DTURLRequestOperation (YYY)
@end
NS_ASSUME_NONNULL_END
.m
#import "DTURLRequestOperation+YYY.h"
#import <objc/runtime.h>
@implementation DTURLRequestOperation (YYY)
+ (void)load{
Method originalMethod = class_getInstanceMethod([self class], @selector(URLSession:task:didReceiveChallenge:completionHandler:));
Method swizzledMethod = class_getInstanceMethod([self class], @selector(URLSession:task:didReceiveChallenge:completionHandlerS:));
method_exchangeImplementations(originalMethod, swizzledMethod);
}
- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task
didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
completionHandlerS:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler;
{
NSURLSessionAuthChallengeDisposition disposition = NSURLSessionAuthChallengePerformDefaultHandling;
__block NSURLCredential *credential = nil;
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
if (1) {
credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
if (credential) {
disposition = NSURLSessionAuthChallengeUseCredential;
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
} else {
disposition = NSURLSessionAuthChallengeCancelAuthenticationChallenge;
}
} else {
disposition = NSURLSessionAuthChallengePerformDefaultHandling;
}
if (completionHandler) {
completionHandler(disposition, credential);
}
}
@end
这样发现请求发通了,但还是会报错,
原因是没加白名单,
将ip地址加到plist的gw白名单
请求发送,返回成功。