通过hook okhttp3来进行抓包
下面是获取别人的内容的方法:
Java.perform(function() {
console.log("[*] 开始使用Frida choose调用newCall");
var Request = Java.use('okhttp3.Request$Builder');
var ResponseBody = Java.use("okhttp3.ResponseBody");
// 构造请求对象
var requestBuilder = Request.$new()
.url('https://edith.xiaohongshu.com/api/sns/v3/user/info?user_id=612368ee000000000101cd0c&profile_page_head_exp=1')
.get();
var newRequest = requestBuilder.build();
// 使用choose查找wv3.b的实例并调用newCall
Java.choose('wv3.b', {
onMatch: function(instance) {
console.log('[+] 找到wv3.b实例');
// 调用newCall方法
var call = instance.newCall(newRequest);
var response = call.execute();
// 获取响应信息
console.log("[+] 请求URL: " + response.request().url().toString());
console.log("[+] 响应状态码: " + response.code());
console.log("[+] 响应头: " + response.headers());
// 获取并打印响应体
if (response.body()) {
var bodyString = response.body().string();
console.log("[+] 响应体内容: " + bodyString);
}
},
onComplete: function() {
console.log("[*] 实例搜索完成");
}
});
});
xposed发送消息:
package com.example.xposed;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
public class MainHook implements IXposedHookLoadPackage {
private static final String TAG = "MainHook";
private static final String TARGET_CLASS = "ny1.y1"; // 小红书app的目标类
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (!lpparam.packageName.equals("com.xingin.xhs")) { // 小红书包名
return;
}
XposedBridge.log("[+] 开始Hook小红书");
Class<?> targetClass = XposedHelpers.findClass(TARGET_CLASS, lpparam.classLoader);
// Hook J4方法
XposedBridge.hookAllMethods(targetClass, "J4", new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log("[*] 小红书J4方法被调用");
Object message = param.getResult();
if (message != null) {
try {
String desiredReceiverId = "612368ee000000000101cd0c"; // 目标接收者ID
XposedHelpers.callMethod(message, "setReceiverId", desiredReceiverId);
XposedHelpers.callMethod(message, "setChatId", desiredReceiverId);
String senderId = (String)XposedHelpers.callMethod(message, "getSenderId");
XposedHelpers.callMethod(message, "setLocalChatUserId", desiredReceiverId + "@" + senderId);
XposedBridge.log("[+] 小红书J4: 修改消息接收者为: " + desiredReceiverId);
} catch(Exception e) {
XposedBridge.log("[-] 小红书J4: 修改接收者失败: " + e.getMessage());
}
}
}
});
// 测试发送消息
XposedBridge.hookAllConstructors(targetClass, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
try {
String purifyContent = "测试消息";
int type = 1;
Object model = null;
String quoteId = "";
Object quoteContent = null;
// 调用O0发送消息
try {
XposedHelpers.callMethod(param.thisObject, "O0", purifyContent, type, model, quoteId, quoteContent, 1);
XposedBridge.log("[+] 小红书O0方法调用成功");
} catch(Exception e) {
XposedBridge.log("[-] 小红书O0调用失败: " + e.getMessage());
}
} catch(Exception e) {
XposedBridge.log("[-] 小红书执行出错: " + e.getMessage());
}
}
});
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
