Frida 脚本抓取 HttpURLConnection 请求和响应
引入 Java 类:
引入 okhttp3.OkHttpClient、okhttp3.OkHttpClient$Builder、okhttp3.Interceptor、okhttp3.ResponseBody 等类。
创建自定义拦截器:
- 通过 Java.registerClass 创建自定义拦截器 MyInterceptor。
- 拦截器中重写 intercept 方法,处理并打印请求和响应信息。
重载 OkHttpClient.Builder 的 build 方法:
- 通过 overload 确保正确的方法重载。
- 在 build 方法中添加自定义拦截器。
- 确保在构建 OkHttpClient 之前添加拦截器。
异常处理:
捕获并打印所有异常,确保脚本执行的每一步都能输出详细的错误信息以便调试。
Java.perform(function () {// 抓取 HttpURLConnection 请求和响应var HttpURLConnection = Java.use('java.net.HttpURLConnection');HttpURLConnection.getInputStream.implementation = function () {var url = this.getURL().toString();var method = this.getRequestMethod();console.log('[*] HTTP Request: ' + method + ' ' + url);// 打印请求头var headers = this.getRequestProperties();headers.keySet().toArray().forEach(function (key) {var values = headers.get(key).toArray().join(', ');console.log('[*] Header: ' + key + ': ' + values);});// 打印请求体if (this.getDoOutput()) {var outputStream = this.getOutputStream();var writer = new Java.use('java.io.OutputStreamWriter')(outputStream);var body = this.getLocalData().toString();console.log('[*] Body: ' + body);}var inputStream = this.getInputStream();// 读取响应var reader = new Java.use('java.io.InputStreamReader')(inputStream);var bufferedReader = new Java.use('java.io.BufferedReader')(reader);var response = '';var line;while ((line = bufferedReader.readLine()) !== null) {response += line + '\n';}console.log('[*] HTTP Response: ' + response);return inputStream;};// 抓取 OkHttp 请求和响应try {var OkHttpClient = Java.use('okhttp3.OkHttpClient');var OkHttpClientBuilder = Java.use('okhttp3.OkHttpClient$Builder');var Interceptor = Java.use('okhttp3.Interceptor');var Response = Java.use('okhttp3.Response');var ResponseBody = Java.use('okhttp3.ResponseBody');// 创建自定义的 Interceptor 实现var MyInterceptor = Java.registerClass({name: 'com.custom.MyInterceptor',implements: [Interceptor],methods: {intercept: function (chain) {try {var request = chain.request();var url = request.url().toString();var method = request.method();console.log('[*] OkHttp Request: ' + method + ' ' + url);var headers = request.headers();for (var i = 0; i < headers.size(); i++) {console.log('[*] Header: ' + headers.name(i) + ': ' + headers.value(i));}var body = request.body();if (body) {var buffer = Java.use('okio.Buffer').$new();body.writeTo(buffer);var requestBody = buffer.readUtf8();console.log('[*] Body: ' + requestBody);}var response = chain.proceed(request);// 打印响应var responseBody = response.body().string();console.log('[*] OkHttp Response: ' + responseBody);// 需要重新创建响应,因为 response.body().string() 会消耗掉响应体var newResponseBody = ResponseBody.create(response.body().contentType(), responseBody);var newResponse = response.newBuilder().body(newResponseBody).build();return newResponse;} catch (e) {console.log('Interceptor Error: ' + e);throw e;}}}});// 重载 OkHttpClient.Builder 的 build 方法OkHttpClientBuilder.build.overload().implementation = function () {console.log('[*] Adding interceptor to OkHttpClient');this.addInterceptor(MyInterceptor.$new());return this.build();};console.log('Script successfully loaded');} catch (e) {console.log('Error: ' + e);}
});frida -U -l script.js -n com.simple.android 抓包
