CN113726945A - Cell phone app data automatic acquisition method based on frida framework - Google Patents

Cell phone app data automatic acquisition method based on frida framework Download PDF

Info

Publication number
CN113726945A
CN113726945A CN202110884526.0A CN202110884526A CN113726945A CN 113726945 A CN113726945 A CN 113726945A CN 202110884526 A CN202110884526 A CN 202110884526A CN 113726945 A CN113726945 A CN 113726945A
Authority
CN
China
Prior art keywords
request
mobile phone
target
http
app
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110884526.0A
Other languages
Chinese (zh)
Inventor
张密
杨芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Electronic Commerce Cloud Operation Co ltd
Original Assignee
Guizhou Electronic Commerce Cloud Operation Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Electronic Commerce Cloud Operation Co ltd filed Critical Guizhou Electronic Commerce Cloud Operation Co ltd
Priority to CN202110884526.0A priority Critical patent/CN113726945A/en
Publication of CN113726945A publication Critical patent/CN113726945A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72406User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by software upgrading or downloading
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a frada frame-based automatic acquisition method for mobile phone APP data, a data acquisition client sends encryption function input parameters to an http frame in batches, the http frame calls a hook encryption function from a fraapart end to a fradeaserver end of a mobile phone end through a fradarpc method to obtain encrypted http request parameters, the encrypted http request parameters are returned to the data acquisition client, the data acquisition client has the encrypted http request parameters at this time, and then sends correct http request parameters to an APP server, so that target data are acquired in batches.

Description

Cell phone app data automatic acquisition method based on frida framework
Technical Field
The invention relates to the technical field of electronic information, in particular to a frada framework-based mobile phone app data automatic acquisition method.
Background
With the development of mobile internet, the 5g era comes, more and more enterprises develop APP, and a large amount of data in the aspects of electronic commerce, life service and the like are generated in mobile phone APP to obtain related data in the mobile phone APP, so that more accurate big data support is provided for national government planning decisions and enterprise development, and the development is imperative.
The mobile phone APP data acquisition difficulty is high, the related technology in the industry at present is difficult to stably acquire the mobile phone APP data, for example, the patent number 202010977558.0 is named as an automatic mobile phone APP data acquisition method and system based on an appium frame, the mobile phone APP is operated in modes of appium and the like to click and slide to acquire data, the data of the current loaded page of the APP can be acquired only in a single process, concurrent requests cannot be made, the speed is low, and the performance is poor; most of the mobile phone APP interfaces are encrypted by using a data encryption method, many encryption methods are hidden in so files of the mobile phone APP, plaintext codes cannot be obtained, only binary files exist, and it is very difficult to directly obtain data collected by the encryption method.
Disclosure of Invention
Aiming at the technical problems, the invention provides a cell phone app data automatic acquisition method based on a frada framework,
frida is a mobile phone APP hook framework based on Python + JavaScript language, is used for reverse and security research of mobile phone APP, and can inject own script into a target APP process and any function of hook, monitor an encryption API or track private application program codes through frida.
Through research, the frida framework hook target APP related interfaces are called in batches through the http framework, the high-efficiency and high-concurrency data acquisition function can be realized, and the problem of batch acquisition of the APP data of the mobile phone at present is solved.
Based on a Frida framework, obtaining encryption parameters by using a Frida framework hook mobile phone APP encryption function, and automatically and remotely calling a relevant encryption function through a Frida rpc function to realize high concurrency and large-scale automatic acquisition of mobile phone APP data;
the specific method comprises the following steps:
1. intercepting and capturing http and https request interfaces generated by mobile phone APP access by using a packet capturing tool, and storing request packet capturing contents;
2. checking the http and https request return content of the packet capture, and confirming that the http and https requests containing target data are target requests;
3. trying the target interface request of the mobile phone APP for multiple times, and analyzing the change of relevant parameters to confirm the encrypted target request parameters;
4. opening a mobile phone APP source code by using a JAVA decompiling tool, and finding an encryption function used by a target request parameter by using a method for searching a target request parameter name;
5. the method comprises the following specific steps of obtaining request parameters of the encryption function by using a frida framework hook function hook to the encryption function:
s1, operating a mobile phone simulator on a computer or operating a mobile phone, wherein the mobile phone needs to be in the same network with the computer, installing a frida server in the mobile phone or the mobile phone simulator, giving an execution authority to the frida server, and starting the frida server by using a root identity;
s2, installing a frida client in a computer, starting the frada client, connecting a frida server at a mobile phone end, attaching a target app process and obtaining a target mirror image;
s3, a specific hook function of the encryption function is realized by using a JavaScript script in the target mirror image, the JavaScript script is injected into the encryption function, the hook function tries a target request in a mobile phone APP, and the request parameter and the return content of the encryption function are obtained through the hook function;
and S4, transmitting request parameters required by the encryption function to the mobile phone APP by using a frida frame rpc method, remotely calling a hook method of the encryption function, and acquiring the encrypted request parameters, so that all parameters required by the target request are possessed.
6. The rpc method in the S4 is deployed in an http frame, and each time an http request is sent through the http frame, parameters required by an encryption function can be transmitted to the rpc method, encryption parameters required by a target request are automatically generated, the target request is called, and target data are obtained.
The method has the advantages that through the encryption function in the hook mobile phone APP with the frida frame, the situation that the encryption parameter is generated through analysis and construction of java codes and so files in the mobile phone APP is avoided, the encryption parameter of the target request is quickly and simply obtained, the hook method is deployed in the http frame, high concurrency can be achieved by sending the parameter required by the encryption function through the http request, the encryption request parameter is quickly obtained, the APP does not need to be opened, the interface is directly called to collect data of any page in the background, and high concurrency and large-scale collection of the data of the mobile phone APP is achieved.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A cell phone app data automatic acquisition method based on a frida framework comprises the following specific steps:
1. starting an mitmprroxy package grabbing software on a computer, opening a mobile phone, installing a security certificate of mitmprroxy in the mobile phone, and setting an ip port of mitmprroxy as a proxy ip port in a mobile phone network; intercepting and capturing http and https request interfaces generated by mobile phone APP access by using an mitmprroxy packet capturing software, and storing request packet capturing contents;
2. and viewing the http and https request return content of the packet capture, and confirming that the http and https requests containing target data are target requests.
3. And trying the target interface request of the mobile phone APP for multiple times, and analyzing the change of the related parameters to confirm the encrypted target request parameters.
4. And opening the mobile phone APP source code by using a jadx-gui tool, and finding the encryption function used by the target request parameter by using methods of searching the target request parameter name and the like.
5. Installing the frida server in the mobile phone, giving an execution authority to the frida server, and starting the frida server by using the root identity.
6. Installing a frida client in a computer, starting the frida client, connecting a frida server at a mobile phone end, attaching a target app process and obtaining a target mirror image.
7. And a specific encryption function hook function is realized by using a JavaScript script in the target mirror image, the JavaScript script is injected into the encryption function, the hook tries a target request in the mobile phone APP, and the request parameter and the return content of the encryption function are obtained through the hook function.
8. The method comprises the steps of using a frida framework rpc method to transmit request parameters required by an encryption function into a mobile phone APP, remotely calling a hook method of the encryption function, and obtaining the encrypted request parameters, so that all parameters required by a target request are possessed.
9. The rpc method in the previous step is deployed in an http frame, and each time an http request is sent through the http frame, parameters required by an encryption function can be transmitted to the rpc method, encryption parameters required by a target request are automatically generated, the target request is called, and target data are obtained.
As shown in fig. 1, the data acquisition client side sends the encryption parameters to the http frame in batch, the http frame calls a hook encryption function from the frida client side to the frida server side of the mobile phone side through a frida rpc method to obtain the encrypted http request parameters, and returns the encrypted http request parameters to the data acquisition client side, and the data acquisition client side has the encrypted http request parameters at this time and sends correct http request parameters to the APP server, so that the data of all pages of the target APP are obtained in batch.

Claims (3)

1. A cell phone app data automatic acquisition method based on a frida framework is characterized by comprising the following specific steps:
1) intercepting and capturing http and https request interfaces generated by mobile phone APP access by using a packet capturing tool, and storing request packet capturing contents;
2) checking the http and http request return content of the packet capture, and confirming that the http and http request containing target data are target requests;
3) trying the target interface request of the mobile phone APP for multiple times, and analyzing the change of relevant parameters to confirm the encrypted target request parameters;
4) opening a mobile phone APP source code by using a JAVA decompiling tool, and finding an encryption function used by a target request parameter by using a method for searching a target request parameter name;
5) using a frida framework hook function hook to acquire the request parameter of the encryption function, wherein the specific method comprises the following steps:
s1, operating a mobile phone simulator on a computer or operating a mobile phone, wherein the mobile phone needs to be in the same network with the computer, installing fradaserver in the mobile phone or the mobile phone simulator, giving an execution authority to the fradaserver, starting a target APP, and starting the fradaserver by using a root identity;
s2, installing and starting fradactone in a computer, connecting fradaverer of a mobile phone end, attaching a target app process and obtaining a target mirror image;
s3, a specific hook function of the encryption function is realized by using a JavaScript script in the target mirror image, the JavaScript script is injected into the encryption function, the hook function tries a target request in a mobile phone APP, and the request parameter and the return content of the encryption function are obtained through the hook function;
and S4, transmitting request parameters required by the encryption function to the mobile phone APP by using a frida frame rpc method, remotely calling a hook method of the encryption function, and acquiring the encrypted request parameters, so that all parameters required by the target request are possessed.
6) The rpc method in the S4 is deployed in an http frame, and each time an http request is sent through the http frame, parameters required by an encryption function can be transmitted to the rpc method, encryption parameters required by a target request are automatically generated, the target request is called, and target data is acquired.
2. The automated fricda framework-based acquisition method for mobile app data as recited in claim 1, wherein the package capture tool is mitmproxy package capture software.
3. The automated frica framework-based acquisition method for mobile app data according to claim 1, wherein the JAVA decompilation tool is a jadx-gui tool.
CN202110884526.0A 2021-08-03 2021-08-03 Cell phone app data automatic acquisition method based on frida framework Pending CN113726945A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110884526.0A CN113726945A (en) 2021-08-03 2021-08-03 Cell phone app data automatic acquisition method based on frida framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110884526.0A CN113726945A (en) 2021-08-03 2021-08-03 Cell phone app data automatic acquisition method based on frida framework

Publications (1)

Publication Number Publication Date
CN113726945A true CN113726945A (en) 2021-11-30

Family

ID=78674694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110884526.0A Pending CN113726945A (en) 2021-08-03 2021-08-03 Cell phone app data automatic acquisition method based on frida framework

Country Status (1)

Country Link
CN (1) CN113726945A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390012A (en) * 2021-12-15 2022-04-22 中国电子科技集团公司第三十研究所 West trust application data evidence obtaining method based on reverse analysis
CN114826615A (en) * 2022-04-25 2022-07-29 浪潮卓数大数据产业发展有限公司 Mobile terminal acquisition method and system based on mobile phone simulator
CN115052037A (en) * 2022-08-12 2022-09-13 北京搜狐新动力信息技术有限公司 Client detection method, device, storage medium and equipment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390012A (en) * 2021-12-15 2022-04-22 中国电子科技集团公司第三十研究所 West trust application data evidence obtaining method based on reverse analysis
CN114826615A (en) * 2022-04-25 2022-07-29 浪潮卓数大数据产业发展有限公司 Mobile terminal acquisition method and system based on mobile phone simulator
CN114826615B (en) * 2022-04-25 2023-08-08 浪潮卓数大数据产业发展有限公司 Mobile terminal acquisition method and system based on mobile phone simulator
CN115052037A (en) * 2022-08-12 2022-09-13 北京搜狐新动力信息技术有限公司 Client detection method, device, storage medium and equipment

Similar Documents

Publication Publication Date Title
CN113726945A (en) Cell phone app data automatic acquisition method based on frida framework
US8910187B2 (en) Method and apparatus for non-intrusive web application integration to streamline enterprise business process
RU2595890C2 (en) Method and device for execution of user activity commands
CN108509523B (en) Method and device for structured processing of block chain data and readable storage medium
CN112035317B (en) Micro-service link monitoring method, device, equipment and medium
CN101204039B (en) System and method of device-to-server registration
US9727445B2 (en) Debugging a web application locally during development
CN111064722B (en) Data sharing method for realizing protocol conversion of set in API mode
CN106484611B (en) Fuzzy test method and device based on automatic protocol adaptation
CN110224896B (en) Network performance data acquisition method and device and storage medium
CN112887388B (en) Data processing system based on sandbox environment
CN112738138B (en) Cloud security hosting method, device, equipment and storage medium
CN111159520B (en) Sample identification method, device and safety emergency response system
US20150139082A1 (en) Generating Sequenced Instructions For Connecting Through Captive Portals
CN110381026B (en) Business service packaging and accessing system, method and device for rich client
US11196728B1 (en) Caching login sessions to access a software testing environment
CN109522202B (en) Software testing method and device
CN109787963A (en) Business handling method, apparatus, computer equipment and storage medium
CN110995538B (en) Network data acquisition method, device, system, equipment and storage medium
CN113326506A (en) Applet monitoring method and device
US9106514B1 (en) Hybrid network software provision
CN112632362A (en) Automatic patrol method and patrol platform for state network information management system
KR101216728B1 (en) Smart client system using ghost component
CN111092883A (en) Method and device for automatically generating user access record, network equipment and storage medium
CN113556269B (en) SAP client performance test method, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination