今天来简单讲下如何使用introspy来实时追踪IOS应用。
首先introspy的下载地址:https://github.com/iSECPartners/Introspy-iOS/releases
下载完成后,上传到你的设备上面,使用:dpkg -i com.isecpartners.introspy-v0.4-iOS_7.deb 来安装。
安装完成之后,来到设置界面,你会看到有两个新的选项
1.Introspy-Apps 2.Introspy-Settings.
第一个是你选择你要跟踪的App,第二个是你要跟踪的类型(默认即可)。
这里以QQ为例:点开QQ,我们就能看到Log控制台马上有输出信息:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | Jan 10 20:56:40 Administratorde-iPad IPadQQ[1154] <Warning>: -----INTROSPY----- CALLED NSURLConnectionDelegate connection:willCacheResponse: WITH: { arguments = { cachedResponse = { response = { MIMEType = "image/gif"; URL = { absoluteString = "http://q1.qlogo.cn/g?b=mqq&k=Rt2QfXuaYPy4nh9RIwGnAw&t=564&refer=mqq&s=100"; host = "q1.qlogo.cn"; parameterString = nil; path = "/g"; port = nil; query = "b=mqq&k=Rt2QfXuaYPy4nh9RIwGnAw&t=564&refer=mqq&s=100"; scheme = http; }; suggestedFilename = "g.gif"; textEncodingName = nil; }; storagePolicy = 0; userInfo = nil; }; connection = 404787488; }; returnValue = { }; } --------------- Jan 10 20:56:40 Administratorde-iPad IPadQQ[1154] <Warning>: -----INTROSPY----- CALLED NSData writeToFile:atomically: WITH: { arguments = { flag = 1; path = "/var/mobile/Containers/Data/Application/E5DF194C-0B29-4211-B243-68DBA847DCDE/Library/Caches/QQSystemHead/189@2x.png"; }; returnValue = 1; } --------------- |
请求头像,然后保存。
追踪信息同时被保存为一个数据库
introspy-com.tencent.mipadqq.db
存放在:
IOS7
./private/var/mobile/Applications/E5DF194C-0B29-4211-B243-68DBA847DCDE/Library/introspy-com.tencent.mipadqq.db
ISO8
/var/mobile/Containers/Data/Application/E5DF194C-0B29-4211-B243-68DBA847DCDE/Library/introspy-com.tencent.mipadqq.db
我们可以使用Introspy-Analyzer在本地将该数据库解析成一个直观的report.html打开。
Introspy-Analyzer的下载地址:https://github.com/iSECPartners/Introspy-Analyzer
将introspy-com.tencent.mipadqq.db传到电脑上面。使用命令:
python introspy.py -p ios –outdir IPadQQ-introspy-html introspy-com.tencent.mipadqq.db
就会生成一个IPadQQ-introspy-html文件夹,打开里面的report.html就可以看到详细的信息了,包括DataStorage、IPC、Misc、Crypto、Network等信息。
