英文:
Can okHTTP3 make interceptions even when an external API is making the requests?
问题
以下是翻译好的部分:
我对okHTTP有一个普遍性的问题,希望有人能为我解答。我想在我的应用程序中拦截所有外发网络请求的HTTP头。这是okHTTP GitHub 上提供的示例代码:
OkHttpClient client = new OkHttpClient.Builder()
.addNetworkInterceptor(new LoggingInterceptor())
.build();
Request request = new Request.Builder()
.url("http://www.publicobject.com/helloworld.txt")
.header("User-Agent", "OkHttp Example")
.build();
Response response = client.newCall(request).execute();
response.body().close();
我的问题是,我在应用程序中使用外部 API 来进行所需的请求。这是否意味着我无法拦截HTTP头,因为是API构建请求,而不是我构建?如果是这样,是否有任何方法可以解决这个问题?谢谢。
英文:
I had a general question regarding okHTTP, and I was hoping someone could clear things up for me. I want to intercept the HTTP headers on all outgoing network requests from my app. Here is the example provided on the okHTTP github:
OkHttpClient client = new OkHttpClient.Builder()
.addNetworkInterceptor(new LoggingInterceptor())
.build();
Request request = new Request.Builder()
.url("http://www.publicobject.com/helloworld.txt")
.header("User-Agent", "OkHttp Example")
.build();
Response response = client.newCall(request).execute();
response.body().close();
My problem is that I am using an external API to make the requests that I need in my application. Does this exclude me from being able to intercept the HTTP headers since it is the API building the request and not me? If so, is there any way to get around this? Thank you.
答案1
得分: 1
以下是翻译好的内容:
最终总是有可能的。根据情况,有一个好的答案和三个不太好的答案,这取决于问题有多严重...
- 通常,API会提供访问默认OkHttpClient以进行更改的权限,因此您可以进行诸如设置代理之类的操作。首先尝试这样做。
不太优雅的选项,您可能不想这样做。
- 您可以自己对客户端进行MITM攻击。例如,类似于https://www.charlesproxy.com/的工具。
- 您可能可以使用反射来访问库的内部API,并更改客户端,但这很脆弱,仍然可能在技术上不可行。
- 您可以通过Java字节码代理进行攻击,详见https://github.com/yschimke/agentdebug。
英文:
Ultimately it is always possible. 1 good answer, 3 bad answers depending on how critical it is...
- The API will usually provide access to make changes to the default OkHttpClient it builds so you can set things like a proxy. Try to do this first.
less clean options you probably don't want to do.
- You can MITM attack the client yourself. e.g. something like https://www.charlesproxy.com/
- You can probably use reflection to get into the internal APIs of the library and change the client, but this is brittle and could still be technically impossible.
- You can attack it via java bytecode agents https://github.com/yschimke/agentdebug
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论