1 Causes and analysis
1.1 Cause
Currently, this is a project for WeChat mini-programs. It is always possible to catch Https packages through Fiddle, but after upgrading to WeChat 7.0, you cannot catch packages.
1.2 Analysis of the reasons (guess)
WeChat 7.0 restricts https certificates in the code. When the https handshake is not a legal certificate, it will be disconnected.
1.3 tried some solutions (none of them were successful):
1 WeChat provides configuration switches that can turn off the function of the code verification certificate. No corresponding configuration was found.
2 Add a legal certificate to Fiddler. The function of importing certificates is not found in Fiddler, and only Fiddler's own certificate can be generated.
3 Change the tools similar to Fiddler, but find that the functions are similar.
If you think about it carefully, tools like Fiddler cannot provide the function of importing legal certificates. These tools are not hacking software.
2 Solutions
2.1 Possible Solutions
After searching online, I found two possible solutions to the problem:
1 Use xposed and its plugin JustTrustMe to solve the problem of verifying certificates in the code.
2 Decompile the code of WeChat 7.0 and delete the logic of verifying the certificate.
2.2 Specific solutions
After analyzing it, it is still more reliable to use xposed+JustTrustMe.
2.3 Methods and steps
2.3.1 Install virtualxposed
xposed requires a root machine, which is not safe. virtualxposed is an Android machine that is virtualized on an Android machine. Xposed is installed on this virtual machine.
Download address:/, There is also a video explaining how to use the software (it was done by a domestic buddy, it's awesome).
2.3.2 Install JustTrustMe
Download address:/Fuzion24/JustTrustMe/releases
Reference address:/p/310d930dd62f
Notice:
A The reference address is used as xposed, which is roughly the same as virtualxposed, just correspond to it.
B After installing the JustTrustMe module, you must restart virtualxposed before the plug-in can take effect.
2.3.3 Trust Fiddler's https certificate on Android
Reference address:/hushaojun/p/
I directly use the certificate generated by the Fiddler certificate generator plug-in, just trust it on the Android machine (your phone).
After experimenting, you can see https request on Fiddler.
3 References
http:///
/gordon0918/p/
Notice
I found a problem. After using JustTrustMe, H5 in WeChat cannot catch packets. Turn off JustTrustMe and you can catch packets.
In view of this problem, we are still using virtualxposed and install WeChat 6.5 to handle daily development package capture.