创建 url_request.js

hook_conversions.js

@@ -1,4 +1,4 @@
-console.log("Script loaded successfully");
+log_info("Script loaded successfully");
 // hook_okhttp_client()
 if (Java.available) {
     hook_json()
@@ -145,8 +145,8 @@ function hook_json() {
         var JSONObject = Java.use('org.json.JSONObject');
         JSONObject.toString.overload().implementation = function () {
             var result = this.toString.call(this);
-            // console.log("Serialized JSONObject: " + result);
+            // get_conversions(result)
-            log_info("Serialized JSONObject: " + result)
+            // log_info("Serialized JSONObject: " + result)
             return result;
         };
     });
@@ -166,6 +166,7 @@ function log_info(messages) {
     const timestamp = `${year}-${month}-${day} ${hours}:${minutes}:${seconds}:${milliseconds}`;
 
     console.log(`${timestamp} - ${messages}`);
+    send(`${timestamp} - ${messages}`);
 }
 
 function check_class(class_name) {
@@ -185,4 +186,12 @@ function check_class(class_name) {
         }
     });
     return classFound;
-}
+}
+
+recv('input_data', function(payload) {
+    console.log(typeof(payload))
+
+    console.log(JSON.stringify(payload))
+    console.log('Received data from Python: ' + payload.payload.data);
+});
+

main.py

@@ -8,7 +8,8 @@ import time
 FIRST_WRITE = True  # 全局变量，用于跟踪是否是首次写入
 
 def on_message(message, data):
-    modules.files_utils.write_log(message)
+    print(message)
+    # modules.files_utils.write_log(message)
     # print(message)
     # if message['type'] == 'send':
     #     print(message['payload'])
@@ -24,6 +25,7 @@ def attach_method(is_spawn):
 
 
 def main(package_name,script_path,is_spawn):
+    # 从Python发送数据到Frida的JavaScript脚本
     print(f"script_path: {script_path}")
     js_code = modules.files_utils.read_javascript(script_path)
     # print(js_code)
@@ -39,6 +41,8 @@ def main(package_name,script_path,is_spawn):
         script = process.create_script(js_code)
         script.on("message", on_message)
         script.load()
+        data_to_send = {'data': 'Hello from Python!'}
+        script.post({'type': 'input_data', 'payload': data_to_send})
         device.resume(pid)  # 加载完脚本后, 恢复进程运行
         sys.stdin.read()
     else:
@@ -69,4 +73,5 @@ if __name__ == '__main__':
     # 注入的脚本路径
     script_path = "./hook_conversions.js"
     # script_path = "./r0capture/script.js"
+    # script_path = "url_request.js"
     main(package_name,script_path, is_spawn)

test.js

@@ -0,0 +1,20 @@
+Java.perform(function() {
+    var ByteArrayOutputStream = Java.use('java.io.ByteArrayOutputStream');
+    var HttpsURLConnection = Java.use('javax.net.ssl.HttpsURLConnection');
+
+    HttpsURLConnection.getOutputStream.implementation = function() {
+        var outputStream = this.getOutputStream();
+
+        // 创建一个新的 ByteArrayOutputStream 实例，以便于我们读取数据。
+        var byteArrayOutputStream = ByteArrayOutputStream.$new();
+
+        outputStream.write.overload('[B').implementation = function(buffer) {
+            byteArrayOutputStream.write(buffer);
+            console.log("[*] Data written to URL:", this.getURL().toString());
+            console.log("[*] Data:", byteArrayOutputStream.toString('UTF-8'));
+            return outputStream.write(buffer);
+        };
+
+        return outputStream;
+    };
+});

url_request.js

@@ -0,0 +1,82 @@
+Java.perform(function() {
+    var URL = Java.use("java.net.URL");
+    var HttpsURLConnection = Java.use("javax.net.ssl.HttpsURLConnection");
+    var HttpURLConnection = Java.use("java.net.HttpURLConnection");
+    var OutputStreamWriter = Java.use("java.io.OutputStreamWriter");
+    var BufferedReader = Java.use("java.io.BufferedReader");
+    var InputStreamReader = Java.use("java.io.InputStreamReader");
+    var OutputStream = Java.use('java.io.OutputStream');
+    var OkHttpClient = Java.use('okhttp3.OkHttpClient');
+
+    URL.$init.overload('java.lang.String').implementation = function(url) {
+        console.log("[*] URL init:", url.toString());
+        return this.$init(url);
+    };
+
+    HttpsURLConnection.setDoOutput.implementation = function(value) {
+        console.log("[*]HttpsURLConnection setDoOutput:", value);
+        return this.setDoOutput(value);
+    };
+
+    HttpsURLConnection.setRequestProperty.implementation = function(key, value) {
+        console.log("[*] setRequestProperty:", key, value);
+        return this.setRequestProperty(key, value);
+    };
+
+
+    HttpsURLConnection.getOutputStream.implementation = function() {
+        console.log("[*] getOutputStream");
+        return this.getOutputStream();
+    };
+
+
+
+    HttpURLConnection.setRequestProperty.implementation = function(key, value) {
+        console.log("[*] setRequestProperty:", key, value);
+        return this.setRequestProperty(key, value);
+    };
+
+    HttpURLConnection.setDoOutput.implementation = function(value) {
+        console.log("[*]HttpURLConnection setDoOutput:", value);
+        return this.setDoOutput(value);
+    };
+
+    // HttpURLConnection.getOutputStream.implementation = function() {
+    //     console.log("[*] getOutputStream");
+    //     var outputStream = this.getOutputStream();
+    //
+    //     outputStream.write.overload('[B').implementation = function(buffer) {
+    //         console.log("[*] Data written:", Java.array('byte', buffer).toString());
+    //         return this.write(buffer);
+    //     };
+    //     return outputStream;
+    // };
+
+    // OutputStream.write.overload('[B').implementation = function(buffer) {
+    //     console.log("[*] Data written:", Java.array('byte', buffer).toString());
+    //     return this.write(buffer);
+    // };
+
+    BufferedReader.readLine.overload().implementation = function() {
+        var line = this.readLine();
+        // console.log("[*] BufferedReader.readLine:", line);
+        return line;
+    };
+
+    InputStreamReader.$init.overload('java.io.InputStream').implementation = function(stream) {
+        console.log("[*] InputStreamReader.init:", stream);
+        return this.$init(stream);
+    };
+
+    OkHttpClient.newCall.overload('okhttp3.Request').implementation = function(request) {
+        console.log("[*] Request URL:", request.url().toString());
+        console.log("[*] Request Headers:", request.headers().toString());
+
+        if (request.method() == "POST") {
+            console.log("[*] Request Body:", request.body().toString());
+        }
+
+        return this.newCall(request);
+    };
+});
+