-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdamai.py
80 lines (66 loc) · 2.44 KB
/
damai.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import frida, sys
def on_message(message, data):
if message['type'] == 'send':
print("[*] {0}".format(message['payload']))
else:
print(message)
jscode = """
Java.perform(function () {
// Function to hook is defined here
//所有响应
var Response = Java.use('mtopsdk.network.domain.Response');
Response.$init.overload('mtopsdk.network.domain.Response$Builder').implementation = function() {
//PrintStack()
console.log("Response " + arguments[0].body)
var ret = this.$init.apply(this, arguments);
//all request
console.log("Response " + this.toString())
return ret;
};
//所有请求
var RequestBuilder = Java.use('mtopsdk.network.domain.Request$Builder');
RequestBuilder.build.overload().implementation = function() {
//PrintStack()
var ret = this.build.apply(this, arguments);
//all request
console.log("RequestBuilder " + ret.toString())
return ret;
};
//所有请求
var ANetworkCallImpl = Java.use('mtopsdk.network.impl.ANetworkCallImpl');
ANetworkCallImpl.$init.overload('mtopsdk.network.domain.Request', 'android.content.Context').implementation = function() {
//PrintStack()
console.log('ANetworkCallImpl ' + arguments[0])
var ret = this.$init.apply(this, arguments);
return ret;
};
//所有请求url
var AbstractNetworkConverter = Java.use(
'mtopsdk.mtop.protocol.converter.impl.AbstractNetworkConverter'
);
AbstractNetworkConverter.buildBaseUrl.overload(
'mtopsdk.framework.domain.MtopContext',
'java.lang.String',
'java.lang.String'
).implementation = function() {
console.log("buildBaseUrl "+arguments[1]+' '+arguments[2])
var ret = this.buildBaseUrl.apply(this, arguments);
//url
console.log("buildBaseUrl "+ret)
return ret;
};
// 禁用spdy协议
var SwitchConfig = Java.use('mtopsdk.mtop.global.SwitchConfig');
SwitchConfig.setGlobalSpdySslSwitchOpen.overload().implementation = function() {
var ret = this.isGlobalSpdySwitchOpen.apply(this, arguments);
console.log('isGlobalSpdySwitchOpenl ' + ret)
return false;
};
});
"""
process = frida.get_usb_device().attach('cn.damai')
script = process.create_script(jscode)
# script.on('message', on_message)
print('[*] Running CTF')
script.load()
sys.stdin.read()