[求助]有无大屌研究过fb的fizz fizz....fizz-Android安全-看雪-安全社区|安全招聘|kanxue.com

[求助]有无大屌研究过fb的fizz fizz....fizz

发表于: 2022-8-6 00:16 4071

[求助]有无大屌研究过fb的fizz fizz....fizz

laonaa

2022-8-6 00:16

4071

加上burp代理就被服务器主动拒了...都没有到客户端验证证书这一步....
有研究Facebook Instagram lite各种版本的一起讨论讨论

附带lite版本过 sslping脚本, 修改一下返回值即可, 但是burp抓不了包

function pass_fizz_sslpinning() {
    Interceptor.attach(get_rva('lib_fizz_merged.so', 0x251F54), {
        onEnter: function (args) { 
            console.log('X509_verify_cert');
        }
    })
    Interceptor.attach(get_rva('lib_fizz_merged.so', 0x14448C), {
        onEnter: function (args) { 
            console.log('DefaultCertificateVerifier::verify');
        }
    })
    Interceptor.attach(get_rva('lib_fizz_merged.so', 0x01269D4), {
        onEnter: function (args) { 
            console.log(" Event::CertificateVerify::handle");
        }
    })  
}
 
function hook_android_dlopen_ext(modeul_name, callback) {
    var android_dlopen_ext = Module.findExportByName(null, "android_dlopen_ext")
    console.log(" android_dlopen_ext:" + android_dlopen_ext);
    Interceptor.attach(android_dlopen_ext, {
        onEnter: function (args) {
            this.file_name = args[0].readCString();
        },
        onLeave: function (retval) {
            if (this.file_name.indexOf(modeul_name) >= 0) {
                console.log("loaded : " + this.file_name)
                callback()
            }
        },
    })
}
 
hook_android_dlopen_ext('lib_fizz_merged.so', pass_fizz_sslpinning)