由于微信7.0版本后不再信任手动添加的证书,此例使用Fidder 桌面版微信/UWP Wechat 进行小程序抓包(仅用于小程序调试)
前置任务
安装Fiddler
懂得都懂 fiddler
https://www.telerik.com/download/fiddler
安装FiddlerRoot certificate
信任Fiddler自签证书后即可解密HTTPS传输内容
加密状态下看到的回调类似
代码语言:javascript复制Referer: https://servicewechat.com/wxbebb3cdd9b331046/279/page-frame.htmlFiddler具体用法
看文档
https://docs.telerik.com/fiddler-everywhere/user-guide/main-menu.html
抓包
Fiddler启动后会开启系统代理http=127.0.0.1:8888;https=127.0.0.1:8888;ftp=127.0.0.1:7890以监听网卡数据
在AutoResponder可以使用正则表达式来过滤想要看到的请求
小程序抓包
清屏后打开小程序,即可看到抓取的数据包
Headers
代码语言:javascript复制POST https://xcx.www.gov.cn/ebus/gwymp/api/r/pagedisplay/ShowHomeBotmConfig? HTTP/1.1
Host: xcx.www.gov.cn
Connection: keep-alive
Content-Length: 2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 MicroMessenger/7.0.9.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat
content-type: application/json
dgd-pre-release: 0
x-tif-did: lrntxntzCv
x-tif-openid: #
x-tif-sid: #
x-yss-city-code: 4400
x-yss-page: pages/index/index
Referer: https://servicewechat.com/wxbebb3cdd9b331046/279/page-frame.html
Accept-Encoding: gzip, deflate, br
{}解密后的内容
代码语言:javascript复制{
"errcode": 0,
"errmsg": "",
"data":
{
"face_expire": 0,
"realname_expire": 0,
"star_name": "",
"star_cid": "",
"name": "",
"uid": "#",
"phone": "",
"cid_start_date": "",
"cid_expire_date": "",
"cid_type": "1000",
"ext_data": ""
}
}调试工具
推荐使用Postman
https://www.postman.com/downloads/
