引入 Java 类:
引入 okhttp3.OkHttpClient、okhttp3.OkHttpClient$Builder、okhttp3.Interceptor、okhttp3.ResponseBody 等类。
创建自定义拦截器:
- 通过 Java.registerClass 创建自定义拦截器 MyInterceptor。
- 拦截器中重写 intercept 方法,处理并打印请求和响应信息。
重载 OkHttpClient.Builder 的 build 方法:
- 通过 overload 确保正确的方法重载。
- 在 build 方法中添加自定义拦截器。
- 确保在构建 OkHttpClient 之前添加拦截器。
异常处理:
捕获并打印所有异常,确保脚本执行的每一步都能输出详细的错误信息以便调试。
Java.perform(function () {
// 抓取 HttpURLConnection 请求和响应
var HttpURLConnection = Java.use('java.net.HttpURLConnection');
HttpURLConnection.getInputStream.implementation = function () {
var url = this.getURL().toString();
var method = this.getRequestMethod();
console.log('[*] HTTP Request: ' + method + ' ' + url);
// 打印请求头
var headers = this.getRequestProperties();
headers.keySet().toArray().forEach(function (key) {
var values = headers.get(key).toArray().join(', ');
console.log('[*] Header: ' + key + ': ' + values);
});
// 打印请求体
if (this.getDoOutput()) {
var outputStream = this.getOutputStream();
var writer = new Java.use('java.io.OutputStreamWriter')(outputStream);
var body = this.getLocalData().toString();
console.log('[*] Body: ' + body);
}
var inputStream = this.getInputStream();
// 读取响应
var reader = new Java.use('java.io.InputStreamReader')(inputStream);
var bufferedReader = new Java.use('java.io.BufferedReader')(reader);
var response = '';
var line;
while ((line = bufferedReader.readLine()) !== null) {
response += line + '\n';
}
console.log('[*] HTTP Response: ' + response);
return inputStream;
};
// 抓取 OkHttp 请求和响应
try {
var OkHttpClient = Java.use('okhttp3.OkHttpClient');
var OkHttpClientBuilder = Java.use('okhttp3.OkHttpClient$Builder');
var Interceptor = Java.use('okhttp3.Interceptor');
var Response = Java.use('okhttp3.Response');
var ResponseBody = Java.use('okhttp3.ResponseBody');
// 创建自定义的 Interceptor 实现
var MyInterceptor = Java.registerClass({
name: 'com.custom.MyInterceptor',
implements: [Interceptor],
methods: {
intercept: function (chain) {
try {
var request = chain.request();
var url = request.url().toString();
var method = request.method();
console.log('[*] OkHttp Request: ' + method + ' ' + url);
var headers = request.headers();
for (var i = 0; i < headers.size(); i++) {
console.log('[*] Header: ' + headers.name(i) + ': ' + headers.value(i));
}
var body = request.body();
if (body) {
var buffer = Java.use('okio.Buffer').$new();
body.writeTo(buffer);
var requestBody = buffer.readUtf8();
console.log('[*] Body: ' + requestBody);
}
var response = chain.proceed(request);
// 打印响应
var responseBody = response.body().string();
console.log('[*] OkHttp Response: ' + responseBody);
// 需要重新创建响应,因为 response.body().string() 会消耗掉响应体
var newResponseBody = ResponseBody.create(response.body().contentType(), responseBody);
var newResponse = response.newBuilder()
.body(newResponseBody)
.build();
return newResponse;
} catch (e) {
console.log('Interceptor Error: ' + e);
throw e;
}
}
}
});
// 重载 OkHttpClient.Builder 的 build 方法
OkHttpClientBuilder.build.overload().implementation = function () {
console.log('[*] Adding interceptor to OkHttpClient');
this.addInterceptor(MyInterceptor.$new());
return this.build();
};
console.log('Script successfully loaded');
} catch (e) {
console.log('Error: ' + e);
}
});
frida -U -l script.js -n com.simple.android 抓包
