本文主要是介绍[极验SDK]如何绕过在WebView中的SSL校验,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一、前言
之前在破解某个软件中碰到了SSL证书校验的问题,当时的解决方案是搜索TrustManager,SSLContext之类的关键词,模仿JustTrustMe去hook一个加固的APP。
XposedHelpers.findAndHookMethod("javax.net.ssl.SSLContext", classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() {@Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable {super.beforeHookedMethod(param); param.args[1] = new TrustManager[]{(new X509TrustManager() {@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}@Override public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];//就是这里 原代码为return null; 即不信任任何证书 我们使他信任系统默认证书 }})}; XposedBridge.log(TAG + "geetest hook TrustManager OK"); }@Override protected void afterHoo
这篇关于[极验SDK]如何绕过在WebView中的SSL校验的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
