查看: 594|回复: 5
关于安卓抓包问题，提交的数据看不懂，不知道怎么分析。
阅读权限30
在线时间 小时
签到天数：7 天结帖率： (26/31)
最近在学抓包，看的视频他们抓到的包，提交的数据都能看的懂，最多也就是编码转换一下就能比较出来参数是那些。今天我抓的包，提交的数据完全看不懂，拿去编码转换全是乱码。求问怎么分析？
抓到的包：
http://120.55.198.234:6666/queryActiveBottle HTTP/1.1
If-Modified-Since: Mon, 04 Apr :44 GMT+00:00
Content-Type: lication/x-www-form- charset=utf-8
User-Agent: Dalvik/1.6.0 (L U; Android 4.4.2; VPhone Build/KOT49H)
Host: 120.55.198.234:6666
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 280
oPDw/VOWQ/ssjDUfkYEAl3v9bObwUZWJfxsUhzyhAn3sNd1r/DFQKohmOr3Eq7E3M9/j0CU3SUDMcGa4u2eluB0cOMBtMepH1XTRe3N22gC/sqN98GxyxS5Q1Y/TDYWihsRm6MKyzdyKp0tipXlDePJF5SIhVHNTQ9y1omxi6N3mRzWRr+bqhMs60ZQUz04Ige14MKrr+956IR15U5hicJ9LAoSztyy+d89P/LdgQht3bEMLr/G/51kjMu5XowqW7N04YyeVdtid3iZb+IkJFw==
POST http://120.55.198.234:6666/setMsgState HTTP/1.1
If-Modified-Since: Mon, 04 Apr :25 GMT+00:00
Content-Type: application/x-www-form- charset=utf-8
User-Agent: Dalvik/1.6.0 (L U; Android 4.4.2; VPhone Build/KOT49H)
Host: 120.55.198.234:6666
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 364
ico2EkzWLQnNkRBUliqyjD+CKc1J0iTODDD6qfzooH+guohUPUEP5agk08KaueaNM9/j0CU3SUDMcGa4u2eluMSKrkQauBvRVmOYuAzInDelq1+TyX0VTAMqf18I0Dt6g4az1MlmC5SWrx66VhjAK8fSGwm6vZg3dCl57ugvguLCtIczBaZWK/bgXYZV/40+QzrFhVVKZti6+8PO37E5jRm2vABXisxH+zKSjhRs8tKB6XBYe4rn+nQcfIEBqcTYqBy2U07x9MQZbPGIRNWOWL94JXDD4XC/otSl5iTmy/sA+/hZminOSLFj6hZ4d4aebRI/5LyKFOH7CR1hV3IH1DDUadwgAui7GwxmbKGsrsI=
app名字：漂流瓶子
嗯，你只要知道它是发送哪里的，提交数据后有什么变化？
回答提醒：如果本帖被关闭无法回复，您有更好的答案帮助楼主解决，请发表至
可获得加分喔。友情提醒：本版被采纳的主题可在
帖子申请荣誉值，获得 1点 荣誉值,荣誉值可兑换终身vip用户组哦。快捷通道： →
阅读权限30
在线时间 小时
签到天数: 4 天结帖率： (5/12)
嗯，你只要知道它是发送哪里的，提交数据后有什么变化？
热心帮助他人，荣誉+1，希望继续努力(*^__^*) 嘻嘻!
您可以选择打赏方式支持他
阅读权限30
在线时间 小时
签到天数: 4 天结帖率： (5/12)
POST http://120.55.198.234:6666/setMsgState HTTP/1.1& &//post提交的网页协yi
If-Modified-Since: Mon, 04 Apr :25 GMT+00:00& &//北京时间 :25
Content-Type: application/x-www-form- charset=utf-8& &//utf-8 的网页编码
User-Agent: Dalvik/1.6.0 (L U; Android 4.4.2; VPhone Build/KOT49H)& & //Android 4.4.2系统
Host: 120.55.198.234:6666& &//IP：端口& &120.55.198.234:6666
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 364
下面的那乱码我并不知道你要抓的是什么包？所以我能知道的就给你注释了！
您可以选择打赏方式支持他
阅读权限30
在线时间 小时
签到天数: 7 天结帖率： (26/31)
POST http://120.55.198.234:6666/setMsgState HTTP/1.1& &//post提交的网页协yi
If-Modified-S ...
乱码就是提交的数据……
您可以选择打赏方式支持他
阅读权限30
在线时间 小时
签到天数: 7 天结帖率： (26/31)
POST http://120.55.198.234:6666/setMsgState HTTP/1.1& &//post提交的网页协yi
If-Modified-S ...
app名字叫漂流瓶子
您可以选择打赏方式支持他
阅读权限90
在线时间 小时
签到天数: 13 天
刚刚测试不是base64，应该是rsa加密
您可以选择打赏方式支持他
拒绝任何人以任何形式在本论坛发表与中华人民共和国法律相抵触的言论，本站内容均为会员发表，并不代表精易立场!
揭阳精易科技有限公司申明:我公司所有的培训课程版权归精易所有，任何人以任何方式翻录、盗版、破解本站培训课程，我们必将通过法律途径解决！
公司简介：揭阳市揭东区精易科技有限公司致力于易语言教学培训/易语言学习交流社区的建设与软件开发，多年来为中小企业编写过许许多多各式软件，并把多年积累的开发经验逐步录制成视频课程供学员学习，让学员全面系统化学习易语言编程，少走弯路，减少对相关技术的研究与摸索时间，从而加快了学习进度！
防范网络诈骗，远离网络犯罪
违法和不良信息举报电话，企业QQ： ，邮箱：
Powered by
粤公网安备 251.下载并安装UE（）2.开启wireshark并进行抓包3.选择该http中任意一个TCP数据，右击选择Follow TCP Stream4.选择保存为原始数据（RAW），如保存为“test.zip”5.使用ue打开刚才保存的“test.zip”文件，切换到十六进制编辑模式，找到压缩文件的开头（1F8B），然后把1F8B前面的内容全部删掉，留下1F8B已经后面的内容后保存。6.保存完之后关闭此文件，通过解压软件就可以直接解压出内容来了This article is a quick and easy HowTo detailing the use of&&or another network sniffing program to debug your Apache .htaccess or httpd.conf files.
First some shell based tools.
wget -S --spider URLlynx -head -dump URLcurl -I URLHEAD URLGET -de URLw3m -dump_head URLsiege -g URL
Contents&[hide]
Set Your Capture-filter to&tcp port 80&and then start capturing. Use any of the following display filters to view the data you want.
http.accept String Accept
http.accept_encoding String Accept Encoding
http.accept_language String Accept-Language
http.authbasic String Credentials
http.authorization String Authorization
http.cache_control String Cache-Control
http.connection String Connection
http.content_encoding String Content-Encoding
http.content_length Unsigned 32-bit integer Content-Length
http.content_type String Content-Type
http.cookie String Cookie
http.date String Date
http.host String Host
http.last_modified String Last-Modified
http.location String Location
http.notification Boolean Notification
http.proxy_authenticate String Proxy-Authenticate
http.proxy_authorization String Proxy-Authorization
http.referer String Referer
http.request Boolean Request
http.request.method String Request Method
http.request.uri String Request URI
http.request.version String Request Version
http.response Boolean Response
http.response.code Unsigned 16-bit integer Response Code
http.server String Server
http.set_cookie String Set-Cookie
http.transfer_encoding String Transfer-Encoding
http.user_agent String User-Agent
http.www_authenticate String WWW-Authenticate
http.x_forwarded_for String X-Forwarded-For
http.request.uri contains "flv" or http.request.uri contains "swf" or http.content_type contains "flash" or http.content_type contains "video"
http.cache_control != "private, x-gzip-ok="""
(((((http.cache_control != "private, x-gzip-ok=""") && !(http.cache_control == "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private")) && !(http.cache_control == "max-age=0, no-store")) && !(http.cache_control == "private")) && !(http.cache_control == "no-cache")) && !(http.cache_control == "no-transform")
#404: page not found
http.response.code == 404
http.response.code == 200
http.request.method == "POST" || http.request.method == "PUT"
http.content_type[0:4] == "text"
http.content_type contains "javascript"
http.content_type[0:5] == "image"
http.content_type == "image/gif"
http.response !=0 || http.request.method != "TRACE"
When this preference is enabled, then the HTTP dissector will reassemble the HTTP header if it has been transmitted over more than one TCP segment. Although it is unusual for headers span multiple segments, it's not impossible, and this should be checked if you expect to view the contents of the HTTP conversation.
When this preference is enabled, then the HTTP dissector will reassemble the HTTP body if it has been transmitted over more than one TCP segment. All but the smallest of responses will span multiple segments, so this preference should be checked if you expect to view the contents of the HTTP conversation.See TCP Reassembly for an example on how to use this to extract JPEG images from a capture.
When this preference is enabled, any chunked transfer-coding response spanning multiple segments will be decoded and the payload (the body of the response) will be added to the protocol tree. This happens automatically for one segment responses.
Enable this preference if gzip or deflate encoded (compressed) HTTP entities should be decoded. This allows the visualisation of the compressed data, and possibly the dissection of it.
阅读(...) 评论()