Compare commits
18 Commits
9ec56ced34
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 13d89b020d | |||
| 34735c3e0e | |||
| 866701b499 | |||
| f47e9cb306 | |||
| 8c4cd61081 | |||
| cfefd337b9 | |||
| af1a9e1859 | |||
| 6c7278a064 | |||
| 58c81f32e5 | |||
| 67623951ce | |||
| 8960406388 | |||
| 51bf1e5a6f | |||
| 0e75201906 | |||
| 8aa5351ccc | |||
| 1e80a8067b | |||
| df7b021ea0 | |||
| 86f1a339d0 | |||
| b8e653e57d |
10
main.py
10
main.py
@@ -67,12 +67,10 @@ if __name__ == '__main__':
|
||||
# 是否以spawn模式运行
|
||||
is_spawn = True
|
||||
# 目标进程名
|
||||
attach_process_name = "Navi"
|
||||
attach_process_name = "百度网盘"
|
||||
# 目标包名
|
||||
package_name = "com.tencent.qqmusic"
|
||||
package_name = "com.baidu.netdisk"
|
||||
# 注入的脚本路径
|
||||
# script_path = "./hook_conversions.js"
|
||||
# script_path = "./r0capture/script.js"
|
||||
# script_path = "url_request.js"
|
||||
script_path = "hook_qqmusic.js"
|
||||
# script_path = "scripts/hook_conversions.js"
|
||||
script_path = "scripts/baidunetdisk.js"
|
||||
main(package_name,script_path, is_spawn)
|
||||
|
||||
21
scripts/baidunetdisk.js
Normal file
21
scripts/baidunetdisk.js
Normal file
@@ -0,0 +1,21 @@
|
||||
console.log("Script loaded successfully");
|
||||
|
||||
Java.perform(function () {
|
||||
var Request = Java.use("okhttp3.Request");
|
||||
|
||||
// Hook Request的toString方法
|
||||
Request.toString.implementation = function () {
|
||||
// 调用原始的toString方法并保存结果
|
||||
var result = this.toString();
|
||||
|
||||
// 打印结果
|
||||
console.log("Request.toString result: " + result);
|
||||
|
||||
// 返回原始方法调用的结果
|
||||
return result;
|
||||
};
|
||||
});
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
console.log("Script loaded successfully");
|
||||
Java.perform(function() {
|
||||
|
||||
/*
|
||||
@@ -67,11 +68,6 @@ hook list:
|
||||
} catch (e) {
|
||||
quiet_send("registerClass from X509TrustManager >>>>>>>> " + e.message);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
// Prepare the TrustManagers array to pass to SSLContext.init()
|
||||
var TrustManagers = [TrustManager.$new()];
|
||||
|
||||
32
scripts/monitor_request.js
Normal file
32
scripts/monitor_request.js
Normal file
@@ -0,0 +1,32 @@
|
||||
log_info("Script loaded successfully");
|
||||
Java.perform(function () {
|
||||
var OkHttpClient = Java.use('okhttp3.OkHttpClient');
|
||||
var Request = Java.use('okhttp3.Request');
|
||||
|
||||
OkHttpClient.newCall.implementation = function (request) {
|
||||
var url = request.url().toString();
|
||||
var method = request.method();
|
||||
var body = request.body();
|
||||
var size = body != null ? body.contentLength() / 1024 : 0;
|
||||
console.log("Method: " + method + "\nURL: " + url + "\nSize: " + size + " kb");
|
||||
|
||||
return this.newCall(request);
|
||||
};
|
||||
});
|
||||
|
||||
|
||||
function log_info(messages) {
|
||||
const now = new Date();
|
||||
const year = now.getFullYear();
|
||||
const month = String(now.getMonth() + 1).padStart(2, '0'); // Months are 0-based
|
||||
const day = String(now.getDate()).padStart(2, '0');
|
||||
const hours = String(now.getHours()).padStart(2, '0');
|
||||
const minutes = String(now.getMinutes()).padStart(2, '0');
|
||||
const seconds = String(now.getSeconds()).padStart(2, '0');
|
||||
const milliseconds = String(now.getMilliseconds()).padStart(3, '0');
|
||||
|
||||
const timestamp = `${year}-${month}-${day} ${hours}:${minutes}:${seconds}:${milliseconds}`;
|
||||
|
||||
console.log(`${timestamp} - ${messages}`);
|
||||
send(`${timestamp} - ${messages}`);
|
||||
}
|
||||
2
test.py
2
test.py
@@ -1,7 +1,7 @@
|
||||
import frida,sys
|
||||
import modules.files_utils
|
||||
|
||||
js_code = modules.files_utils.read_javascript("./hook_conversions.js")
|
||||
js_code = modules.files_utils.read_javascript("scripts/hook_conversions.js")
|
||||
device = frida.get_usb_device()
|
||||
pid = device.spawn(["com.naviapp"]) # 以挂起方式创建进程
|
||||
process = device.attach(pid)
|
||||
|
||||
Reference in New Issue
Block a user