├── privacy ├── termsofservice-en.md ├── privacy-zh-Hans.md ├── privacy-en.md └── termsofservice-zh-Hans.md ├── Anubis ├── network-zh-Hans │ ├── profile.jpg │ ├── conditioner_status.jpg │ ├── setting_developer.jpg │ └── conditioner.md ├── privacy │ ├── privacy-zh-Hans.md │ └── privacy-en.md └── network-en │ └── conditioner.md ├── Shu ├── demo-zh-Hans │ └── demo_list.md ├── privacy │ ├── privacy-zh-Hans.md │ └── privacy-en.md ├── guide-zh-Hans │ └── guide.md └── guide-en │ └── guide.md ├── tips-en └── dev_tip.md ├── tips-zh-Hans ├── dev_tip.md └── ssl_pinning.md ├── demo-zh-Hans └── demo_list.md ├── .gitignore └── demo-en └── demo_list.md /privacy/termsofservice-en.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Anubis/network-zh-Hans/profile.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PixelCyber/Thor/HEAD/Anubis/network-zh-Hans/profile.jpg -------------------------------------------------------------------------------- /Anubis/network-zh-Hans/conditioner_status.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PixelCyber/Thor/HEAD/Anubis/network-zh-Hans/conditioner_status.jpg -------------------------------------------------------------------------------- /Anubis/network-zh-Hans/setting_developer.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PixelCyber/Thor/HEAD/Anubis/network-zh-Hans/setting_developer.jpg -------------------------------------------------------------------------------- /Shu/demo-zh-Hans/demo_list.md: -------------------------------------------------------------------------------- 1 | ## Shu 的使用技巧 2 | 3 | Shu 现在是一个常用文件查看 + 全能解压工具 4 | 5 | 查看器即 Viewer,所以并不是 Editor 或者 Manager,可以把 Shu 作为手机上的预览应用使用。 6 | 7 | Shu 的长期目标是:万能文件查看器。 8 | 9 | 10 | ### Shu 的 HTTP 下载 11 | 12 | 轻量单线程 HTTP 下载,不支持自动解析网页中的链接,不支持音视频下载。 13 | 14 | 15 | -------------------------------------------------------------------------------- /tips-en/dev_tip.md: -------------------------------------------------------------------------------- 1 | ## Thor Debug & Analyze Tips 2 | 3 | 4 | ### Sniffer tips 5 | 6 | * Turn off local proxy to ignore local device traffic, when you sniff other device. 7 | 8 | * Use a session filter to ignore non-target traffic and improve sniffer performance. 9 | 10 | * Use a packet filter to query target records only. 11 | 12 | 13 | ### Develop & Debug tips 14 | 15 | * Set HTTP proxy with Thor proxy address like `127.0.0.1:8423` in your source code to debug traffic. 16 | 17 | * Set a keyword field in HTTP Head to identify requests, then filter this keyword with `Session Filter` in Thor. 18 | 19 | -------------------------------------------------------------------------------- /tips-zh-Hans/dev_tip.md: -------------------------------------------------------------------------------- 1 | ## Thor 网络调试技巧 2 | 3 | Thor 并非万能,只工作在系统 HTTP 层: 不支持非 HTTP 流量(TCP, UDP)及不经过系统 HTTP 代理的流量 4 | 5 | ### 抓包技巧 6 | 7 | * 抓取其它设备流量时,关闭本机监听代理,可以避免非目标数据的干扰 8 | 9 | * 关闭本机监听代理,只会忽略本机系统代理设置,手动设置的任何应用内或代码内的 localhost 代理并不受关闭影响 10 | 11 | * 合理设置过滤器,滤除非目标数据既能提高抓包效率,又能降低性能消耗 12 | 13 | * 利用搜索和筛选器,筛选已经记录的有用数据 14 | 15 | * 监控目标设备数据记录的实时更新,并实时清除历史数据 16 | 17 | 18 | ### 开发调试技巧 19 | 20 | * 应用代码中,设置 HTTP 代理为 Thor 以进行网络调试,比如 `127.0.0.1:8423` 21 | 22 | * 追踪应用代码发起的请求,可以在代码中设置『请求头』关键字段和值,并在 Thor 的过滤器中设置相应匹配关键字,以解决请求原本的信息不足以利用过滤器精准滤出的情况 23 | 24 | * [调试并防止 HTTPS MiTM 的方法](ssl_pinning.md): 实施后,用 Thor 调试得到的目标域名记录全是 CONNECT 请求,即为成功 25 | -------------------------------------------------------------------------------- /Shu/privacy/privacy-zh-Hans.md: -------------------------------------------------------------------------------- 1 | # Shu 隐私政策 2 | 3 | Shu 非常重视您的隐私。所有使用产生的数据只会存储在设备本地,不会有任何数据上传(Shu 是一个完全的本地单机应用,甚至没有远程服务器)。并且没有任何的用户行为或者应用使用统计数据产生或上传。 4 | 5 | 6 | 本文内容或者在线存储服务中所涉及的三方品牌及标识提及均为文字引用,与相关品牌及商标无关。 7 | 8 | 在线查看地址([https://github.com/PixelCyber/Thor/blob/master/Shu/privacy/privacy-zh-Hans.md](https://github.com/PixelCyber/Thor/blob/master/Shu/privacy/privacy-zh-Hans.md)) 9 | 10 | 11 | ### 我们收集或者访问哪些个人信息 12 | 13 | - 当您下载并安装 Shu 以后,在使用过程中 Shu 会静默地访问您 App 本地的购买收据文件,以向苹果服务器验证本次购买的合法性,避免盗版软件的泛滥。整个过程所涉及的操作均严格使用系统提供的接口实现,最大限度地保障了收据验证的安全性和私密性。 14 | 15 | - 您存放在 Shu 中的文件均为 App 本地保存,Shu 不会对任何数据进行在线统计或者上传,您可以随时随地查看、删除它们或者导出处理,您对所有的数据拥有唯一且完全的掌控。 16 | 17 | - 在您进行浏览相册数据或保存数据到相册的操作时,应用会向您询问相册访问权限。 18 | 19 | 20 | 我们可能随时对隐私政策进行更新。如果隐私政策作出重大变更,我们将在 App 内通告更新的隐私政策。 -------------------------------------------------------------------------------- /demo-zh-Hans/demo_list.md: -------------------------------------------------------------------------------- 1 | # Thor 的使用技巧 2 | 3 | ## 请务必阅读以下相关条款: 4 | 5 | [服务条款 & 免责声明](../privacy/termsofservice-zh-Hans.md) 6 | 7 | 8 | ## 使用帮助 9 | 10 | Thor 并非万能,只工作在系统 HTTP 层: 不支持非 HTTP 流量(TCP, UDP)及不经过系统 HTTP 代理的流量 11 | 12 | 13 | ### 0、HTTPS 解析配置 14 | 15 | #### 证书信任问题 16 | 17 | `Thor SSL CA 证书` 需要『安装』到手机系统并且『信任』才能正常解析 HTTPS 流量。 18 | 19 | 证书安全问题:每份 Thor 证书都是在第一次启动时随机生成(Thor 用户间彼此不同),不上传服务器,只存放在设备本地 Keychain,Thor 只是把`证书随机生成`自动化了。 20 | 21 | 22 | 另外,所有用 Thor 抓到的数据都只会存储在手机本地,不会有任何上传数据(Thor 只是一个本地单机应用,甚至没有服务器)。 23 | 24 | 25 | #### HTTPS 解析原理 26 | 27 | Thor 实现的 HTTPS 解析方式是 MiTM (中间人欺骗):需要用 Thor SSL CA 根证书针对特定域名生成叶子证书,用此叶子证书跟客户端(请求发起方)通信,并成功解析流量。 28 | 29 | 客户端(请求发起方)如果做了证书本地验证(即验证跟它通信的叶子证书是否是它原来商定好的证书),那么 Thor 生成的叶子证书跟客户端之间的 SSL 连接将会失败,自然就也解不了这类流量。 30 | 31 | 总之 HTTPS MiTM 不是万能的,望知晓。 32 | -------------------------------------------------------------------------------- /Anubis/privacy/privacy-zh-Hans.md: -------------------------------------------------------------------------------- 1 | # Anubis 隐私政策 2 | 3 | Anubis 非常重视您的隐私。所有使用产生的数据只会存储在设备本地,不会有任何数据上传(Anubis 是一个完全的本地单机应用,甚至没有远程服务器)。并且没有任何的用户行为或者应用使用统计数据产生或上传。 4 | 5 | 6 | 本文内容或者在线存储服务中所涉及的三方品牌及标识提及均为文字引用,与相关品牌及商标无关。 7 | 8 | 在线查看地址([https://github.com/PixelCyber/Thor/blob/master/Anubis/privacy/privacy-zh-Hans.md](https://github.com/PixelCyber/Thor/blob/master/Anubis/privacy/privacy-zh-Hans.md)) 9 | 10 | 11 | ### 我们收集或者访问哪些个人信息 12 | 13 | - 当您下载并安装 Anubis 以后,在使用过程中 Anubis 会静默地访问您 App 本地的购买收据文件,以向苹果服务器验证本次购买的合法性,避免盗版软件的泛滥。整个过程所涉及的操作均严格使用系统提供的接口实现,最大限度地保障了收据验证的安全性和私密性。 14 | 15 | - 您在 Anubis 产生的数据或者从其它 App 导入 Anubis 的数据均为 App 本地保存,Anubis 不会对任何数据进行在线统计或者上传,您可以随时随地查看、删除它们或者导出处理,您对所有的数据拥有唯一且完全的掌控。 16 | 17 | - 在您从相册中读取文件以配置请求数据时,应用会向您询问相册访问权限。 18 | 19 | 20 | 我们可能随时对隐私政策进行更新。如果隐私政策作出重大变更,我们将在 App 内通告更新的隐私政策。 -------------------------------------------------------------------------------- /privacy/privacy-zh-Hans.md: -------------------------------------------------------------------------------- 1 | # Thor 隐私政策 2 | 3 | Thor 非常重视您的隐私。所有使用产生的数据只会存储在设备本地,不会有任何数据上传(Thor 是一个完全的本地单机应用,甚至没有远程服务器)。并且没有任何的用户行为或者应用使用统计数据产生或上传。 4 | 5 | 6 | 本文内容或者在线存储服务中所涉及的三方品牌及标识提及均为文字引用,与相关品牌及商标无关。 7 | 8 | 在线查看地址([https://github.com/PixelCyber/Thor/blob/master/privacy/privacy-zh-Hans.md](https://github.com/PixelCyber/Thor/blob/master/privacy/privacy-zh-Hans.md)) 9 | 10 | 11 | ### 我们收集或者访问哪些个人信息 12 | 13 | - 当您下载并安装 Thor 以后,在使用过程中 Thor 会静默地访问您 App 本地的购买收据文件,以向苹果服务器验证本次购买的合法性,避免盗版软件的泛滥。整个过程所涉及的操作均严格使用系统提供的接口实现,最大限度地保障了收据验证的安全性和私密性。 14 | 15 | - Thor 进行抓包调试操作时,会设置自己为系统 HTTP 代理,以获得 HTTP 流量中转能力,所有的流量均在 App 本地转发至它原本的目标地址。产生的存储数据均为 App 内本地保存,Thor 不会对任何数据进行在线统计或者上传,您可以随时随地查看、删除它们或者导出处理,您对所有的数据拥有唯一且完全的掌控。 16 | 17 | - 在您进行保存数据到相册的操作时,应用会向您询问相册访问权限。 18 | 19 | 20 | 我们可能随时对隐私政策进行更新。如果隐私政策作出重大变更,我们将在 App 内通告更新的隐私政策。 -------------------------------------------------------------------------------- /Anubis/network-zh-Hans/conditioner.md: -------------------------------------------------------------------------------- 1 | ## 用 Network Link Conditioner 来模拟不良网络环境 2 | 3 | `Network Link Conditioner` 可以用来精确并持续地模拟不良的网络环境,以最大程度地测试你的 App 在各种网络环境下的运作情况。(**别忘了在完成测试后把它关掉!**) 4 | 5 | Network Link Conditioner 可以根据内置的某个预设来改变 iOS 设备的网络环境: 6 | 7 | * EDGE 8 | * 3G 9 | * DSL 10 | * WiFi 11 | * High Latency DNS 12 | * Very Bad Network 13 | * 100% Loss 14 | 15 | 参考自 [http://nshipster.cn/network-link-conditioner/](http://nshipster.cn/network-link-conditioner/) 16 | 17 | 18 | ## 在 iOS 设备上启用 Network Link Conditioner 19 | 20 | ### 1、在 Xcode 中启用 iOS 设备的开发者模式 21 | 22 | * 把你的 iOS 设备连接到 Mac 23 | 24 | * 在 Xcode 中,选择 Window > Devices and Simulators(⇧⌘2) 25 | 26 | * 在侧边栏中选择你的设备 27 | 28 | * 单击 “Use for Development” 29 | 30 | 31 | 32 | ### 2、经过 `1` 的设置后,现在可以在 iOS 设备中进行 `Network Link Conditioner` 配置 33 | 34 | 35 | #### a. Setting App > Developer > Network Link Conditioner 36 | 37 | 38 | ![](setting_developer.jpg) 39 | 40 | 41 | #### b. 开启 `Network Link Conditioner` 并配置你想要的网络环境 42 | 43 | ![](conditioner_status.jpg) 44 | 45 | 46 | #### c. 或者自定义预设配置来满足你的定制化需求 47 | 48 | ![](profile.jpg) -------------------------------------------------------------------------------- /Shu/privacy/privacy-en.md: -------------------------------------------------------------------------------- 1 | # Shu Privacy Policy 2 | 3 | Your privacy is important to Shu. 4 | 5 | All files open in Shu were stored in app local only, no data will be uploaded to remote server. (Even Shu doesn't have a remote server or something like that, it's totally a local file viewer.). 6 | 7 | Shu will not record or upload any user behavior statistics. 8 | 9 | 10 | Read it online at([https://github.com/PixelCyber/Thor/blob/master/Shu/privacy/privacy-en.md](https://github.com/PixelCyber/Thor/blob/master/Shu/privacy/privacy-en.md)) 11 | 12 | 13 | ### What personal information we collect or access 14 | 15 | - Your app receipt: Shu may request an app purchased receipt validation, it request App Store to verify the legal purchase state of your app to avoid a pirated app or jailbreak device. 16 | 17 | - Since Shu is a File Viewer, you can view, delete or share files as you need. Data will not upload anywhere, it's just stored in app local under your full control. 18 | 19 | - Shu will ask you for album accesssing, when you want to browse album or save data to it. 20 | 21 | 22 | Shu may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted in app along with the updated Privacy Policy. -------------------------------------------------------------------------------- /Anubis/privacy/privacy-en.md: -------------------------------------------------------------------------------- 1 | # Anubis Privacy Policy 2 | 3 | Your privacy is important to Anubis. 4 | 5 | All data generated in Anubis were stored in app local only, no data will be uploaded to remote server. (Even Anubis doesn't have a remote server or something like that, it's totally a local developer tool.). 6 | 7 | Anubis will not record or upload any user behavior statistics. 8 | 9 | 10 | Read it online at([https://github.com/PixelCyber/Thor/blob/master/Anubis/privacy/privacy-en.md](https://github.com/PixelCyber/Thor/blob/master/Anubis/privacy/privacy-en.md)) 11 | 12 | 13 | ### What personal information we collect or access 14 | 15 | - Your app receipt: Anubis may request an app purchased receipt validation, it request App Store to verify the legal purchase state of your app to avoid a pirated app or jailbreak device. 16 | 17 | - Since Anubis is a local developer tool, you can view, delete or share test records as you need. Data will not upload anywhere, it's just stored in app local under your full control. 18 | 19 | - Anubis will ask you for album accesssing, when you read data from album to build a request. 20 | 21 | 22 | Anubis may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted in app along with the updated Privacy Policy. -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Xcode 2 | # 3 | 4 | ## Build generated 5 | build/ 6 | DerivedData/ 7 | 8 | ## Various settings 9 | *.pbxuser 10 | !default.pbxuser 11 | *.mode1v3 12 | !default.mode1v3 13 | *.mode2v3 14 | !default.mode2v3 15 | *.perspectivev3 16 | !default.perspectivev3 17 | xcuserdata/ 18 | 19 | .DS_Store 20 | ## Other 21 | *.moved-aside 22 | *.xcuserstate 23 | 24 | ## Obj-C/Swift specific 25 | *.hmap 26 | *.ipa 27 | *.dSYM.zip 28 | *.dSYM 29 | 30 | # CocoaPods 31 | # 32 | # We recommend against adding the Pods directory to your .gitignore. However 33 | # you should judge for yourself, the pros and cons are mentioned at: 34 | # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control 35 | # 36 | # Pods/ 37 | 38 | # Carthage 39 | # 40 | # Add this line if you want to avoid checking in source code from Carthage dependencies. 41 | # Carthage/Checkouts 42 | 43 | Carthage/Build 44 | 45 | # fastlane 46 | # 47 | # It is recommended to not store the screenshots in the git repo. Instead, use fastlane to re-generate the 48 | # screenshots whenever they are needed. 49 | # For more information about the recommended setup visit: 50 | # https://github.com/fastlane/fastlane/blob/master/fastlane/docs/Gitignore.md 51 | 52 | fastlane/report.xml 53 | fastlane/screenshots 54 | 55 | 56 | -------------------------------------------------------------------------------- /demo-en/demo_list.md: -------------------------------------------------------------------------------- 1 | ## Thor FAQ 2 | 3 | 4 | ### 0. HTTPS decryption 5 | 6 | #### Why need a "Thor SSL CA" certificate 7 | 8 | HTTPS decryption need the "Thor SSL CA" installed and trusted by system to perform a MiTM for HTTPS traffics. 9 | 10 | A root certificate to perform a MiTM for decoding HTTPS traffics is an unique and standard common view and technology. 11 | 12 | 13 | "Thor SSL CA" certificate used in Thor for HTTPS decoding is safe and privacy security, it is generated randomly when Thor first launched and stored in app local keychain only. 14 | Certificates between devices or users are different. 15 | 16 | "Thor SSL CA" certificate is unnecessary, if you don't need HTTPS decryption. 17 | 18 | 19 | #### Trust "Thor SSL CA" in iOS system 20 | 21 | You need trust a CA manually after it was installed in `Profiles` since iOS10, as below 22 | 23 | 24 | `Settings > General > About > Certificate Trust Settings` 25 | 26 | 27 | #### Why need a VPN tunnel 28 | 29 | Thor is a HTTP sniffer, a source of HTTP traffics will be necessary. 30 | 31 | Thor used a VPN tunnel to set up a source of HTTP traffics from both Wi-Fi and cellular of local device. 32 | 33 | All traffics sniffed by Thor stored in app local only, no records will be uploaded to remote server. (Even Thor doesn't have a remote server or something like that, it's totally a local sniffer tool.) 34 | 35 | -------------------------------------------------------------------------------- /Anubis/network-en/conditioner.md: -------------------------------------------------------------------------------- 1 | ## Use Network Link Conditioner to simulate adverse networking environments 2 | 3 | `Network Link Conditioner` allows Mac and iOS devices to accurately and consistently simulate adverse networking environments.(**just don’t forget to turn it off after you’re done testing!**) 4 | 5 | The Network Link Conditioner can change the network environment of the iOS Simulator according to one of the built-in presets: 6 | 7 | * EDGE 8 | * 3G 9 | * DSL 10 | * WiFi 11 | * High Latency DNS 12 | * Very Bad Network 13 | * 100% Loss 14 | 15 | Refer from [http://nshipster.com/network-link-conditioner/](http://nshipster.com/network-link-conditioner/ ) 16 | 17 | 18 | ## Enable Network Link Conditioner on iOS Devices 19 | 20 | ### 1、Enable Develoopment mode on iOS with Xcode 21 | 22 | * Connect your iPhone or iPad to your Mac 23 | 24 | * In Xcode, go to Window > Devices and Simulators(⇧⌘2) 25 | 26 | * Select your device in the sidebar 27 | 28 | * Click “Use for Development” 29 | 30 | 31 | 32 | ### 2、Then, Configuration `Network Link Conditioner` on your iOS Device 33 | 34 | 35 | #### a. Setting App > Developer > Network Link Conditioner. 36 | 37 | 38 | ![](../network-zh-Hans/setting_developer.jpg) 39 | 40 | 41 | #### b. Turn `Network Link Conditioner` on, select a profile for the connection. 42 | 43 | ![](../network-zh-Hans/conditioner_status.jpg) 44 | 45 | 46 | #### c. And add or edit profiles. 47 | 48 | ![](../network-zh-Hans/profile.jpg) -------------------------------------------------------------------------------- /privacy/privacy-en.md: -------------------------------------------------------------------------------- 1 | # Thor Privacy Policy 2 | 3 | Your privacy is important to Thor. 4 | 5 | All traffics sniffed by Thor stored in app local only, no records will be uploaded to remote server. (Even Thor doesn't have a remote server or something like that, it's totally a local sniffer tool.). 6 | 7 | Thor will not record or upload any user behavior statistics. 8 | 9 | 10 | Read it online at([https://github.com/PixelCyber/Thor/blob/master/privacy/privacy-en.md](https://github.com/PixelCyber/Thor/blob/master/privacy/privacy-en.md)) 11 | 12 | 13 | ### What personal information we collect or access 14 | 15 | - Your app receipt: Thor may request an app purchased receipt validation, it request App Store to verify the legal purchase state of your app to avoid a pirated app or jailbreak device. 16 | 17 | - Thor is a HTTP sniffer, a source of HTTP traffics will be necessary. Thor used a VPN tunnel to set up a source of HTTP traffics from both Wi-Fi and cellular of local device. All traffics just forwarded to their original destination addresses with local HTTP proxy (not any remote proxy) in Thor. You can view, delete or share the recorded traffic data as you need. Data will not upload anywhere, it's just stored in app local under your full control. 18 | 19 | - Thor will ask you for album accesssing, when you save data to album. 20 | 21 | 22 | Thor may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted in app along with the updated Privacy Policy. -------------------------------------------------------------------------------- /privacy/termsofservice-zh-Hans.md: -------------------------------------------------------------------------------- 1 | # Thor 服务条款 2 | 3 | 欢迎您使用 Thor HTTP 抓包调试工具(以下统称 "Thor"、"本软件"),您应当阅读并遵守《Thor 服务条款》(以下 "本条款"、"本服务条款")。 4 | 5 | 除非您已充分阅读、完全理解并接受本条款的所有条款,否则您无权继续使用 Thor。您点击『同意』、『已阅读并同意』或者通过其它任何方式使用 Thor,即视为您已阅读并同意本条款的约束。本软件有权在必要时修改本条款。您可以在相关服务页面查阅最新版本的协议条款。本条款变更后,如果您继续使用本软件,即视为您已接受变更后的条款。 6 | 7 | 如果您因年龄、智力等因素而不具有完全民事行为能力,请在法定监护人的陪同下阅读和判断是否同意本条款。 8 | 9 | 如果您正在使用本软件的任何版本,且在任何地方任何时间阅读过本条款的任意版本,并继续使用本软件的,即表示您已同意本条款。 10 | 11 | 本条款内容或者在线存储服务中所涉及的三方品牌及标识提及均为文字引用,与相关品牌及商标无关。 12 | 13 | 本条款获取地址([https://github.com/PixelCyber/Thor/blob/master/privacy/termsofservice-zh-Hans.md](https://github.com/PixelCyber/Thor/blob/master/privacy/termsofservice-zh-Hans.md)) 14 | 15 | 16 | ## 1、【条款的范围】 17 | 18 | 本条款的内容,包括但不限于以下与本软件相关协议、规则、规范等内容,前述内容一经正式发布,即为本条款不可分割的组成部分,与其构成统一整体。 19 | 20 | 21 | ## 2、【关于本软件】 22 | 23 | 本软件是指 Thor 开发者开发并按照本条款及其它相关协议、规则之约定授权用户购买、下载、安装、使用的 Thor HTTP 抓包调试工具。 24 | 25 | 您只能通过本软件的唯一官方合法渠道『苹果 App Store』获得本软件相关版本,且应该选择与您的终端相匹配的版本,否则,您可能无法正常使用本软件,从其它任何渠道获取或破解使用的本软件的任何版本副本所产生的任何法律纠纷或造成第三方侵害的,您应当独自承担责任。 26 | 27 | 您不能通过技术手段私人提取或制作本软件的副本。 28 | 29 | 30 | 本条及本服务条款其它条款未明示授权的其它一切权力仍由本软件开发者保留。 31 | 32 | 33 | ## 3、【软件的更新】 34 | 35 | 为了改善用户体验或提高服务安全性、保证功能的一致性、遵守当地法律法规、适应应用政策变化等目的,开发者有权对本软件进行更新,或者对软件的部分功能效果进行改变。对于『苹果 App Store』中因为任何原因不再提供下载的软件版本,您不应该寻求非法手段破解的历史版本,否则造成任何法律纠纷或者第三方侵害的,您应当自己承担责任。 36 | 37 | 38 | ## 4、【用户行为规范】 39 | 40 | Thor 将会尽其商业上的合理努力保障您在本软件中的数据存储安全,但是并不能就此提供完全保证。对于自主导入三方数据的行为,包括但不限于过滤器、文件、抓包记录等,在导入前应该充分判断其可能带来的隐私风险或损害,对于自主导入的数据使自身受到损害的,您应当自己承担责任。 41 | 42 | 您在使用本软件的过程中,应遵守相关法律法规、服务条款、规则规范等,不得从事包括但不限于以下任何行为,也不得为以下任何行为提供便利: 43 | 44 | - 违反当地法律法规的行为。 45 | 46 | - 本条款及其它相关政策禁止的行为。 47 | 48 | - 对本软件进行反向工程、反向汇编、反向编译,或者以其他方式尝试变动软件功能或者运行效果。 49 | 50 | - 利用本软件对其它未授权调试的目标软件进行干扰或者影响。 51 | 52 | - 私自使用破解工具绕过本软件的授权,非法使用。 53 | 54 | 55 | ## 5、【对自己行为负责】 56 | 57 | 您充分了解并同意,您必须为自己使用本软件的一切行为负责,包括您所发表的任何内容以及由此产生的任何后果。您导致任何第三方损害的或者因自主行为导致自己受到损害的,您应当独立承担责任。 58 | 59 | 60 | ## 6、【其他】 61 | 62 | 本条款无论因何种原因部分无效或不可执行,其余条款仍有效,对双方具有约束力。 63 | 64 | 若本条款有中文、英文等多语言版本,相应内容不一致的,中国大陆地区均以此中文版的内容为准,本软件保留最终解释权。(完) 65 | -------------------------------------------------------------------------------- /Shu/guide-zh-Hans/guide.md: -------------------------------------------------------------------------------- 1 | ## Shu 的使用技巧 2 | 3 | ### 文件管理 4 | 5 | #### 文件自动归类 6 | 7 | Shu 特有『一键归组』功能,一键将常见文件按类型分组到相应的内建目录中。 8 | 9 | 一键归组入口: 10 | 11 | * 文件项左划 > 更多 > `一键归组` 12 | 13 | * 目录右上角 > 编辑 > `一键归组` 14 | 15 | 16 | #### 文件解压、提取 (V1.1.0+) 17 | 18 | * 解压文档(含密码):zip, rar, 7z, tgz, tar, bz, tbz, gz, xz, txz, xar/xip, lz4, tlz, cpio, cpgz 等 19 | * 解压镜像:iso, udf, nrg, cab, wim, dmg, vhd, vmdk, qcow, uefif 等 20 | * 解压文件系统镜像:ntfs, fat, mbr, gpt, hfs, sfs 等 21 | * 解压包文件:deb, rpm, crx, xpi, ar, PE 文件, ELF 文件, com 文件 22 | * 提取文件内素材:电子书, office 文档, pdf, sketch:右上分享 > 显示包内容 23 | * tiff, icns, gif, apng, webp 等多帧图片按帧提取:右上分享 > 单帧查看 24 | 25 | 26 | #### 文件转换 (V1.1.0+) 27 | 28 | * 文本文件编码转换:GBK, UTF-8, UTF-16 等:右上分享 > 导出为其它编码 29 | * 证书格式转换:der, pem, p12, base64 互相转换:右上分享 > 导出为其它格式 30 | * ipynb/markdown -> html:右上分享 > 导出当前网页 31 | * djvu -> jpg:右上分享 > 查看文件目录 32 | * xml, json, plist, yaml 互相转换 33 | * ps/eps -> pdf 34 | 35 | 36 | #### 打包导出 37 | 38 | * 目录打包导出 zip:目录项 > 左划 > 更多 > 打包导出 39 | 40 | * 目录内批量文件打包导出 zip: 右上编辑 > 选择文件并导出 41 | 42 | * 文件或者自定义目录重命名:目录项、文件项 > 左划 > 更多 > 重命名 43 | 44 | 45 | ### 文件传输 46 | 47 | #### 电脑/其它设备 <-> Shu 48 | 49 | * iTunes 文件共享:适合大批量,大文件导入导出,性能高。 50 | `操作方式:电脑 > iTunes > 选择你的设备 > 文件共享 > 应用 > Shu` 51 | 52 | * Wi-Fi 文件共享:适合局域网(同网段)内文件快速传输,设备兼容性好,方便快捷。 53 | 54 | * 热点 文件共享:适合自己手机建立的个人热点组建成局域网,连入其它设备进行传输。 55 | 56 | * Shu 管理的文件 -> 共享:选取要共享的文件 > 编辑 > 添加到共享 > 就能在共享目录中看到这些文件 57 | 58 | *注:只有共享目录中的文件才能通过 iTunes 共享。* 59 | 60 | 61 | #### 其它 App -> Shu 62 | 63 | * 其它 App 中的文件 -> Shu : 64 | `其它 App 中的分享、导出、用其它应用打开 入口 > 选择「用 Shu 打开」或者 「拷贝到 Shu」` 65 | 66 | * 系统相册图片批量选择 -> Shu: 67 | `相册多选图片 > 用 Shu 打开 > 随后就可以在 Shu 中把图片打包成 zip 导出` 68 | 69 | * iOS11 文件应用 -> Shu:在「文件」应用中拖拽文件到 Shu 相关目录即可 70 | 71 | #### Shu -> 其它 App 72 | 73 | * Shu -> 批量导出到系统相册:图片、视频所在目录 > 右上编辑 > 多媒体预览 > 批量操作 > 保存到相册 74 | 75 | * Shu -> 其它 App:单选或批量选择文件 > 右上导出 > 选择支持的 App 76 | 77 | * Shu -> 打包文件成 zip 导出:选择文件并导出 > 多选 78 | 79 | 80 | *如果选择导出的应用后导出失败,基本上是该导出应用自身的支持受限,Shu 改变不了这一现状。导出大文件失败时,可以考虑 iTunes 共享或 Wi-Fi 共享* 81 | 82 | 83 | 84 | ### HTTP 下载 85 | 86 | * 从剪贴板识别(批量)下载链接 87 | 88 | * 其它 App(批量)复制链接 > 打开 Shu 89 | 90 | * 其它 App(批量)导出链接 > 用 Shu 打开 91 | 92 | * 支持请求头设置,如模拟桌面浏览器的 User-Agent 93 | 94 | *注:不支持任何音视频下载。* 95 | 96 | 97 | 98 | -------------------------------------------------------------------------------- /Shu/guide-en/guide.md: -------------------------------------------------------------------------------- 1 | ## Guide for Shu 2 | 3 | 4 | ### File Managing 5 | 6 | #### File Grouping 7 | 8 | "`Auto Group`" files by types into build-in Folders. 9 | 10 | Entries: 11 | 12 | * Swipe a file item > More > `Auto Group` 13 | 14 | * Enter a folder > Edit > `Auto Group` 15 | 16 | 17 | #### File extracting 18 | 19 | * Compression file extract (password supported): zip, rar, 7z, tgz, tar, bz, tbz, gz, xz, txz, xar/xip, lz4, tlz, cpio, cpgz... 20 | 21 | * Disk image: iso, udf, nrg, cab, wim, dmg, vhd, vmdk, qcow, uefif... 22 | * File system: ntfs, fat, mbr, gpt, hfs, sfs 23 | * Package: deb, rpm, crx, xpi, ar, PE file, ELF file, com file 24 | * E-book, office documents, pdf, sketch 25 | * Extract frames of tiff, icns, gif, apng, webp 26 | 27 | 28 | #### File converting 29 | 30 | * Export text file with different string encoding: GBK, UTF-8, UTF-16... 31 | * Certificate format conversion (der, pem, p12, base64) 32 | * ipynb/markdown -> html 33 | * djvu -> jpg 34 | * xml, json, plist, yaml convert to each other 35 | * ps/eps -> pdf 36 | 37 | 38 | 39 | ### File Sharing 40 | 41 | #### Mac/PC/Another Device <-> Shu 42 | 43 | * iTunes File Sharing: better performance for huge files. 44 | `Go to: Mac/PC > iTunes > Your iOS device > File Sharing > Apps > Shu` 45 | 46 | * Wi-Fi File Sharing: convenient sharing between devices in the same LAN. 47 | 48 | * Hotspot File Sharing: convenient sharing between devices in the same hotspot network. 49 | 50 | * USB File Sharing: convenient sharing between iOS devices and macOS through USB cable. 51 | 52 | * Files in Shu -> Sharing: Select files in Shu "File" > Add to "Shared Folder" 53 | 54 | *Notice: Files in "Shared Folder" can be shared with iTunes.* 55 | 56 | 57 | #### Shu <-> Other Apps 58 | 59 | * Files in Other Apps -> Shu: 60 | `Find export/share entry in other Apps > "Open in Shu" or "Copy to Shu"` 61 | 62 | * Photos -> Shu: 63 | `Select pictures in Photos > Open in Shu > then you can export all pictures as a zip file` 64 | 65 | * "File" app -> Shu: drag files in "File" app to Shu directory. 66 | 67 | * Shu -> Other Apps: Select files > export raw file/export as zip file > choose an app to share. 68 | 69 | * Share with iTunes or Wi-Fi, if you want to export huge files.* 70 | 71 | 72 | 73 | ### HTTP downloading 74 | 75 | * Detect download url in pasteboard automatically. 76 | 77 | * Copy links in other apps > then launch Shu 78 | 79 | * Export links in other apps > Open in Shu 80 | 81 | * Custom request headers 82 | 83 | *Notice: Audio/Video can not download.* 84 | 85 | -------------------------------------------------------------------------------- /tips-zh-Hans/ssl_pinning.md: -------------------------------------------------------------------------------- 1 | # iOS 应用防 HTTPS MiTM 基本方案 2 | 3 | 4 | ## HTTPS MiTM 原理 5 | 6 | * [三种解密 HTTPS 流量的方法介绍](https://imququ.com/post/how-to-decrypt-https.html) 7 | 8 | 9 | ## 防 MiTM 原理 10 | 11 | * [HTTP Public Key Pinning 介绍](https://imququ.com/post/http-public-key-pinning.html) 12 | 13 | 14 | ## 实现方案 SSL pinning 15 | 16 | ### 面临的问题 17 | 18 | 1、SSL 叶子证书问题 19 | 20 | 域名单一且证书有效期短,大部分为一年。过期后续签时,有可能续签不同的 CA。 21 | 22 | 2、证书过期问题 23 | 24 | * SSL 证书过期后,如果未及时 renew,则影响线上 app 的验证状态。且即使 renew 也会必须发版本更新 app 中的锚点证书。 25 | 26 | * 锚点证书推荐使用 Root CA,它的有效期长,二级 CA 数量多,就算 SSL 证书续签换了中级 CA,只要签发祖先是同一个 Root CA,则线上 app 的证书验证不受影响。 27 | 28 | * app 内置验证的锚点证书可以根据情况设置多个常见 Root CA,以最大化消除 SSL 证书续签更换证书提供商带来的影响。 29 | 30 | **即使遵守以上做法,也不能避免 Root CA 过期的情况,应该在每次 app 更新时,检查更新和补齐锚点证书。** 31 | 32 | 33 | 3、越狱后替换证书绕过验证 34 | 35 | 越狱设备可以直接替换 app bundle 内的锚点证书为伪造证书,从而绕过验证。 36 | 37 | 简单的解决办法是:给内置的锚点证书生成摘要,在代码中进行校验,防止证书被篡改。 38 | 39 | 40 | ### 代码实现 41 | 42 | 1、[Swift 方案参考](https://medium.com/@kennethpoon/lets-write-swift-code-to-intercept-ssl-pinning-https-requests-12446303cc9d) 43 | 44 | 45 | 2、Objective-C + AFNetworking 方案 46 | 47 | [a. 内置多个常用 Root CA]() 48 | 49 | 在 Xcode 中添加物理引用目录,里面放入 Root CA 文件 50 | 51 | [b. 利用 Xcode build script 在编译时动态生成证书的带盐摘要文件,并打包到 app 中]() 52 | 53 | ```bash 54 | PINNED_CA_DIR="${PROJECT_DIR}/你的 Root CA 目录路径" 55 | 56 | cd "$PINNED_CA_DIR" 57 | 58 | md5 -q *.cer > ca.txt 59 | 60 | PINNED_CA_CHECK=`cat ca.txt` 61 | PINNED_CA_CHECK="$PINNED_CA_CHECK"+"${PINNED_CA_SALT}" 62 | 63 | md5 -q -s "$PINNED_CA_CHECK" > ca.check 64 | 65 | ``` 66 | 67 | 以上脚本会在编译时向 Root CA 所在目录生成两个文件: 68 | 69 | * `ca.txt`: 证书摘要列表 70 | 71 | * `ca.check`: 证书摘要列表的带盐摘要 72 | 73 | 74 | 脚本中引用的变量: 75 | 76 | * `PINNED_CA_SALT`: 盐,配置在 Xcode User-Defined 中,且 `PINNED_CA_CHECK` 可以根据需要自由组合 77 | 78 | 79 | [c. 代码校验摘要及证书验证]() 80 | 81 | 定义 AFSecurityPolicy (属于 AFNetworking) 的子类 XXSecurityPolicy 82 | 83 | ```objective-c 84 | @implementation XXSecurityPolicy 85 | 86 | + (instancetype)defaultPolicy 87 | { 88 | static XXSecurityPolicy *securityPolicy = nil; 89 | static dispatch_once_t onceToken; 90 | dispatch_once(&onceToken, ^{ 91 | @autoreleasepool { 92 | NSMutableSet *set = NSMutableSet.set; 93 | NSURL *dir = [NSBundle.mainBundle.resourceURL URLByAppendingPathComponent:@"Root CA 所在目录" isDirectory:YES]; 94 | 95 | BOOL valid = NO; 96 | do { 97 | NSURL *checkFile = [dir URLByAppendingPathComponent:@"ca.check"]; 98 | NSString *checksum = [NSString stringWithContentsOfURL:checkFile encoding:NSUTF8StringEncoding error:NULL]; 99 | checksum = [checksum stringByTrimmingCharactersInSet:NSCharacterSet.whitespaceAndNewlineCharacterSet]; 100 | if (checksum.length != 32U) { 101 | NSAssert(false, @"pinned ca files check checksum failed."); 102 | break; 103 | } 104 | 105 | NSURL *checListFile = [dir URLByAppendingPathComponent:@"ca.txt"]; 106 | NSString *checkListStr = [NSString stringWithContentsOfURL:checListFile encoding:NSUTF8StringEncoding error:NULL]; 107 | checkListStr = [checkListStr stringByTrimmingCharactersInSet:NSCharacterSet.whitespaceAndNewlineCharacterSet]; 108 | 109 | NSString *const salt = @(PINNED_CA_SALT); 110 | NSMutableString *md5Str = NSMutableString.string; 111 | [md5Str appendString:checkListStr]; 112 | [md5Str appendString:@"+"]; 113 | [md5Str appendString:salt]; 114 | NSString *md5 = md5Str.MD5_32; 115 | if (![md5 isEqualToString:checksum]) { 116 | NSAssert(false, @"pinned ca files check checksum failed."); 117 | break; 118 | } 119 | 120 | NSArray *checkList = [checkListStr componentsSeparatedByString:@"\n"]; 121 | if (checkList.count < 1) { 122 | break; 123 | } 124 | 125 | for (NSString *file in [NSFileManager.defaultManager contentsOfDirectoryAtPath:dir.path error:NULL]) { 126 | @autoreleasepool { 127 | if (![file.pathExtension isEqualToString:@"cer"]) { 128 | continue; 129 | } 130 | NSData *data = [NSData dataWithContentsOfURL:[dir URLByAppendingPathComponent:file] options:NSDataReadingUncached|NSDataReadingMappedAlways error:NULL]; 131 | if (nil != data && [checkList containsObject:data.MD5String ?: @""]) { 132 | [set addObject:data]; 133 | } 134 | } 135 | } 136 | 137 | NSAssert(set.count == checkList.count, @"pinned ca files check checksum failed."); 138 | if (set.count == checkList.count) { 139 | valid = YES; 140 | } 141 | } while (false); 142 | 143 | if (!valid) { 144 | exit(0); 145 | } 146 | #ifdef DEBUG 147 | securityPolicy = [super defaultPolicy]; 148 | #else 149 | securityPolicy = [self policyWithPinningMode:AFSSLPinningModeCertificate withPinnedCertificates:set]; 150 | #endif 151 | } 152 | }); 153 | 154 | return securityPolicy; 155 | } 156 | 157 | - (BOOL)evaluateServerTrust:(SecTrustRef)serverTrust 158 | forDomain:(NSString *)domain 159 | { 160 | if ([super evaluateServerTrust:serverTrust forDomain:domain]) { 161 | return YES; 162 | } 163 | 164 | switch (self.SSLPinningMode) { 165 | case AFSSLPinningModeNone: 166 | default: 167 | return NO; 168 | 169 | case AFSSLPinningModeCertificate: { 170 | if (self.pinnedCertificates.count < 1) { 171 | return NO; 172 | } 173 | 174 | CFIndex certificateCount = SecTrustGetCertificateCount(serverTrust); 175 | if (certificateCount < 1) { 176 | return NO; 177 | } 178 | 179 | SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, certificateCount - 1); 180 | if (NULL == certificate) { 181 | return NO; 182 | } 183 | 184 | NSData *rootCA = (__bridge_transfer NSData *)SecCertificateCopyData(certificate); 185 | if (![self.pinnedCertificates containsObject:rootCA]) { 186 | return NO; 187 | } 188 | 189 | NSMutableArray *policies = NSMutableArray.array; 190 | if (self.validatesDomainName) { 191 | [policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)domain)]; 192 | } else { 193 | [policies addObject:(__bridge_transfer id)SecPolicyCreateBasicX509()]; 194 | } 195 | 196 | SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies); 197 | NSMutableArray *pinnedCertificates = NSMutableArray.array; 198 | for (NSData *certificateData in self.pinnedCertificates) { 199 | [pinnedCertificates addObject:(__bridge_transfer id)SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData)]; 200 | } 201 | SecTrustSetAnchorCertificates(serverTrust, (__bridge CFArrayRef)pinnedCertificates); 202 | 203 | SecTrustResultType result = kSecTrustResultInvalid; 204 | OSStatus os = SecTrustEvaluate(serverTrust, &result); 205 | if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) { 206 | return YES; 207 | } 208 | 209 | if (errSecCertificateExpired == os || result == kSecTrustResultRecoverableTrustFailure) { 210 | return YES; 211 | } 212 | 213 | return NO; 214 | } 215 | } 216 | } 217 | 218 | ``` 219 | 220 | 代码中用的宏 `PINNED_CA_SALT` 在 Xcode > Build Settings > Preprocessor Macros 定义为 221 | 222 | ```bash 223 | # 后面的 PINNED_CA_SALT 是之前定义的 User-Defined 常量 224 | PINNED_CA_SALT=\"$(PINNED_CA_SALT)\" 225 | ``` 226 | 227 | *默认实现中,如果摘要校验不通过,会直接 exit 进程,可根据实际需要自行决定处理方式。* 228 | 229 | *默认实现中,如果锚点证书合法但是过期,则继续信任并通过,可根据实际需要自行决定处理方式。* 230 | --------------------------------------------------------------------------------