zoukankan      html  css  js  c++  java
  • mac下自定义伪协议配置

    之前查了很多资料,最近也在挖掘研究这方面的漏洞.

    windows的很简单,在注册表配置就好了,但是mac os 是unix的,没有注册表这么一说。

    但是发现腾讯等配置了自定义等协议,例如:tencent://xxxxx,

    那么他们是怎么配置的,查了写资料,比较少。分享一下:

    mac应用程序安装的时候在安装软件有一个info.plist,可以在配置文件中配置CFBundleURLName.

    1. Use Script Editor to save this script as an Application Bundle (no startup screen):

    on open location localURL
        
        set oldDelims to AppleScript's text item delimiters
        set AppleScript's text item delimiters to "local://"
        set thePath to item 2 of the text items of localURL
        set AppleScript's text item delimiters to oldDelims
        
        tell application "System Events"
            open ((POSIX file thePath) as string)
        end tell
        
    end open location

    2.Use the method described here and here to set CFBundleSignature to LOCL and add

    <key>CFBundleURLTypes</key>
    <array>
        <dict>
            <key>CFBundleURLName</key>
            <string>Local File</string>
            <key>CFBundleURLSchemes</key>
            <array>
                <string>local</string>
            </array>
        </dict>
    </array>
    <key>NSUIElement</key>
    <true/>

    to the application bundle's Info.plist file, then change the PkgInfo file to contain APPLLOCL
    3.Use the More Internet preference pane to add 'local' as a new protocol and choose the new application as the handler.
    4.Make hyperlinks in the form local:///path/to/your/local/folder. Clicking those links should then open that file or folder.

    更详细的可以到苹果开发文档参考:

    https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html

    以我的电脑为例:

     例如在链接中<a href="ssh://xxx">click me</a>那么就会唤iTerm程序来执行ssh

     关于伪协议,其中有很多好玩的东西,大家可以自己挖掘。

    参考:

    http://hublog.hubmed.org/archives/001154.html

    https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html

    https://code.i-harness.com/zh-CN/q/7321d

  • 相关阅读:
    一键启动frida server的cmd脚本
    AES加密的S盒和逆S盒的推导代码备份(C实现)
    windows android ndk的某些编译工具报错乱码0x5 或拒绝访问05
    cygwin的sh: line 15: $' ': command not found错误
    一种JNI混淆方案
    android上的bin/sbin/xbin等各种目录
    Mac OSX bash function 备份
    Xposed免重启调试工具类
    vscode调试vue代码
    爬取ESRI疫情地图数据
  • 原文地址:https://www.cnblogs.com/sevck/p/8534624.html
Copyright © 2011-2022 走看看