To reproduce the vulnerability report of several WeChat mini-programs, I have recorded how to capture the requests of mini-programs using a Mac.
Tools:
- Mac
- Latest version of WeChat
- Proxifier
- Yakit
Open Proxifier and set up the proxy.
- Set up the proxy server.
Add port 8083 for Yakit to listen to.
- Set up the proxy rules.
Click the plus sign, press command + shift + G
, enter /Applications/WeChat.app/Contents/MacOS/WeChatAppEx.app/Contents/Frameworks/WeChatAppEx Framework.framework/Versions/C/Helpers
.
Note: Follow the above steps for the latest version of WeChat.
Select "WeChatAppEx Helper.app".
After selecting, choose the proxy server set up in the first step.
- Start capturing packets.
After setting up, open Yakit to listen, then launch the mini-program and start capturing packets normally.