> For the complete documentation index, see [llms.txt](https://easonwang.gitbook.io/web_advance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://easonwang.gitbook.io/web_advance/https/ssl-pinning.md). # SSL pinning {% embed url="" %} {% embed url="" %} ## 步驟: 首先要先知道中間人攻擊原理(man in middle attack),wireshark, proxyman 在進行 https 封包破解時都會用到此方法: ``` 1.某網站有用於非對稱加密的公鑰A、私鑰A。 2.瀏覽器向網站服務器請求,服務器把公鑰A明文給傳輸瀏覽器。 3.中間人劫持到公鑰A,保存下來,把數據包中的公鑰A替換成自己偽造的公鑰B(中間人當然也擁有公鑰B對應的私鑰B) 4.瀏覽器生成一個用於對稱加密的密鑰X,用公鑰B(瀏覽器無法得知公鑰被替換了)加密後傳給服務器。 5.中間人劫持後用私鑰B解密得到密鑰X,再用公鑰A加密後傳給服務器。 6.服務器拿到後用私鑰A解密得到密鑰X。 ``` > 中間人想要替換成自己的公鑰的原因是,只有特定私鑰才能解密公鑰,中間人因為沒有原始server 的私鑰,所以利用替換自己的公鑰的方式。 此時如果有進行 SSL pinning 的話 SSL pinning: 將服務器的公鑰進行 sha256 雜湊與 base64 encoding 後產生的固定字串寫在應用程式端(app)。 此時中間人在上面第三部發送公鑰時因為中間人的公鑰進行 sha256 雜湊與 base64 encoding 後的字串與寫在應用程式端的不同,此時應用程式隨即會拒絕連線,解決了中間人攻擊。 #### 其他資料 {% embed url="" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://easonwang.gitbook.io/web_advance/https/ssl-pinning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.