- 发帖
- 53420
- 今日发帖
- 最后登录
- 2025-01-22
|
Charles是一个Web调试代理,使开发人员可以查看其计算机与Internet之间的所有HTTP和SSL / HTTPS通信。这包括对请求,响应,标头,TLS信息,压缩和性能以及二进制协议(例如针对HTTP 1.1和2的Protobuf)的深入检查。Charles非常适合调试和衡量Web或移动应用程序的API请求和响应。 Charles的功能我认为以下功能是Charles的主要功能。探索这些功能并发现其他功能的最佳方法是下载免费试用版。 SSL代理Charles可以充当HTTP / SSL通信的中间人,使您能够调试HTTPS会话的内容。 带宽限制Charles通过有效地限制带宽并引入延迟来模拟调制解调器的速度,以便您可以像调制解调器用户一样体验整个网站(带宽模拟器)。 AJAX Charles对于Web浏览器(例如AJAX(异步Javascript和XML)和XMLHTTP)中的XML开发很有用,因为它使您可以查看在客户端和服务器之间流动的实际XML。Charles本机支持JSON,JSON-RPC和SOAP;以简化的树格式显示它们,以便于查看和调试。 闪Charles非常适合Adobe Flash开发人员,因为您可以查看LoadVariables,LoadMovie和XML加载的内容。Charles还具有对Flash Remoting(AMF0和AMF3)的本地支持。官方主页: https://www.charlesproxy.com/ Charles is a web debugging proxy that enables a developer to view all of the HTTP and SSL/HTTPS traffic between their machine and the internet. This includes deep inspection of requests, responses, headers, TLS information, compression and performance, and binary protocols such as Protobuf for both HTTP 1.1 and 2. Charles is perfect for debugging and measuring your web or mobile app’s API requests and responses. Charles FeaturesThe following features are what I believe to be the key features of Charles. The best way to explore these features and to discover others is to download the free trial. SSL ProxyingCharles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions. Bandwidth ThrottlingCharles simulates modem speeds by effectively throttling your bandwidth and introducing latency, so that you can experience an entire website as a modem user might (bandwidth simulator). AJAXCharles is useful for XML development in web browsers, such as AJAX (Asynchronous Javascript and XML) and XMLHTTP, as it enables you to see the actual XML that is flowing between the client and the server. Charles natively supports JSON, JSON-RPC and SOAP; displaying each in a simplified tree format for easy viewing and debugging. FlashCharles is great for Adobe Flash developers as you can view the contents of LoadVariables, LoadMovie and XML loads. Charles also has native support for Flash Remoting (AMF0 and AMF3). Browser & System ConfigurationIn order for any browser (or any application) to use Charles it must be configured to use Charles as its proxy server. Most browsers will have a way to configure this manually, but configuring manually is annoying because you have to configure and reconfigure everytime you start and stop Charles. Fortunately Charles can autoconfigure the proxy settings in many cases including:Windows / Internet Explorer proxy settings – used automatically by most Windows applications Windows Proxy SettingsCharles can automatically configure the Windows proxy settings so that Internet Explorer and other Windows applications automatically start using Charles. By default Charles will configure and then reconfigure the Windows proxy settings whenever Charles is started or quit. Charles proxy configuration behaviour can be changed in Charles in the Proxy Menu, Proxy Settings dialog. The Windows proxy settings are configured in the Internet Options control panel on the Connections tab if you want to look at them yourself. Microsoft Edge has an additional setting that you may need to make by browsing to about:flags and enabling Allow localhost loopback. This is required in order to connect to Charles Proxy running on localhost. 下载正版原版程序:http://www.sd173.com/html/3774.htmlhttps://www.charlesproxy.com/assets/release/4.1.3/charles-proxy-4.1.3-win64.msihttps://www.charlesproxy.com/assets/release/4.1.3/charles-proxy-4.1.3-win32.msihttps://www.charlesproxy.com/assets/release/4.1.3/charles-proxy-4.1.3.dmghttps://www.charlesproxy.com/assets/release/4.1.3/charles-proxy-4.1.3_amd64.tar.gzhttps://www.charlesproxy.com/assets/release/4.1.3/charles-proxy-4.1.3.tar.gz 最新版破解文件下载:http://www.sd173.com/html/3774.html 使用方法: gitoschina码云源码:http://git.oschina.net/iYoungDone/charlesloader
- Windows 平台,将下载的charles.jar文件覆盖到安装目录下的lib文件夹下即可完成破解!
- Mac 平台,将下载的charles.jar文件右键 Charles.app 显示包内容,覆盖到Content->Java下即可完成破解! 注意: 这是v4.1.3的破解文件,不确定其他版本也同样适用!请下载相应版本文件,然后改名为charles.jar.
授人以鱼不如授人以渔: Charles v4.x版本分析记录 最新版v4.1.3相对v.4.0.2比较,明文类名已混淆. 反编译为源码后,找关键点的分析流程: - 在com\xk72\charles\gui\frames\RegisterFrame.java里找到this.bRegister.addActionListener导入的类import com.xk72.charles.gui.frames.NvMh;
- 在com.xk72.charles.gui.frames.NvMh里找到if (object2 != null) 使他永久为null的函数导入的类import com.xk72.charles.psPJ;
- 在com.xk72.charles.psPJ里就是关键类。分析关键点HOOK。
- 用javap -public psPj.class查看给外部类调用的公有函数方法如下:public final class com.xk72.charles.psPJ {public com.xk72.charles.psPJ();public static boolean qIvM();public static void mLFE();public static java.lang.String tCiz();public static java.lang.String qIvM(java.lang.String, java.lang.String);}
hook掉public static boolean x1()和public static java.lang.String x3()两个方法函数就可以了,当然最好public修饰的都hook掉;
只需要在用javassist时,设置这一句就可以将破解好的class类文件dump出来然后打包回原来的charles.jar里,破解文件制作完成. CtClass.debugDump = "./charles-bs-cr";
- 要做跨平台的破解文件最好用MacOS下的charles.jar文件进行破解,Windows平台下的文件破解后到MacOS下起不来.我比对过破解的class类文件,二进制是相同的,估计在其他地方有细微差别.
http://down2.sdbeta.com/soft1/Charles.Web.Debugging.Proxy.rar [ 此帖被pony8000在2020-01-15 17:58重新编辑 ]
|