客户端(移动端)如何拦截和修改http响应
[英]Client (Mobile) how to intercept and modify http response
问题描述
I am Android developer, my application uses a bunch of http REST calls and it gets responses from servers.
我是 Android 开发人员,我的应用程序使用一堆 http REST 调用并从服务器获取响应。 I use Charles to inspect the data (so I have to install Charles certificate onto my device so that https traffic can be read by myself).我使用 Charles 检查数据(所以我必须在我的设备上安装 Charles 证书,以便我自己可以读取 https 流量)。
Are there any tools out there like Charles that will allow me to modfiy that response packet before sending to the client ??有没有像 Charles 这样的工具可以让我在发送到客户端之前修改该响应数据包?
4 个解决方案
解决方案1
3 2015-06-16 08:25:51
Charles itself has the functionality. 查尔斯本身就有这个功能。 Follow the steps: 按照步骤:
- enable break points by right click on individual request or a path 通过右键单击单个请求或路径来启用断点
- Before sending the request, Charles will give you a change to edit it. 在发送请求之前,Charles会给你一个更改来编辑它。 See below. 见下文。 Click "edit request" to fill in whatever you want and click "execute" to send the request. 单击“编辑请求”以填写您想要的任何内容,然后单击“执行”以发送请求。
- Before posting the result back to your mobile phone, you have a change to edit the content. 在将结果发回手机之前,您需要更改内容以进行编辑。 See below. 见下文。
解决方案2
1 2015-06-13 16:52:47
Depending on what exactly you want to modify, Charles' inbuilt Rewrite Tool might be what you are looking for. 根据您想要修改的内容, Charles的内置重写工具可能正是您所需要的。 You find it in the Tools menu. 您可以在“工具”菜单中找到它。 You can specify which requests shall be modified by protocol, host, port, path and query, and you have the following modification options: 您可以指定应通过协议,主机,端口,路径和查询修改哪些请求,并且您具有以下修改选项:
- Add, modify, remove headers (request and response) 添加,修改,删除标题(请求和响应)
- Modify Host, Path, URL, Response Status 修改主机,路径,URL,响应状态
- Add, modify, remove Query Parameters 添加,修改,删除查询参数
- Modify body (request and response) 修改正文(请求和响应)
Another option is Fiddler . 另一种选择是Fiddler 。 Like Charles it can be configured as a proxy for android , decrypt HTTPS traffic and modify request and response . 像Charles一样,它可以配置为android的代理 , 解密HTTPS流量并修改请求和响应 。
解决方案3
1 2015-06-19 22:27:29
You may try OWASP ZAP or Burp Suite . 您可以尝试OWASP ZAP或Burp Suite 。 OWASP ZAP is completely free and provides a number of features. OWASP ZAP完全免费,并提供许多功能。
解决方案4
0 2021-12-06 16:15:43
See also Android : Capturing HTTP Requests with non-rooted android device .另请参阅Android:使用非根 android 设备捕获 HTTP 请求。
I've recently tested HTTP Toolkit on Android emulator.我最近在 Android 模拟器上测试了HTTP Toolkit 。 It works and allows to capture and edit response from a server.它可以工作并允许从服务器捕获和编辑响应。 Some functions are paid (in Pro version).某些功能是付费的(专业版)。 Requires root priviledges on real devices.在真实设备上需要 root 权限。
You can also use Burp Suite or Fiddler.您还可以使用 Burp Suite 或 Fiddler。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.