ES-7.12-官方文档阅读-ILM-Automate rollover

🛫 系列文章导航

▒ 目录 ▒

• • 🛫 系列文章导航
  • 🛫 导读
  • • 开发环境
  • 1️⃣ 代码介绍
  • • okhttp3主逻辑
    • 拦截器
  • 2️⃣ newCall自吐
  • • 自吐frida脚本编写
    • 验证步骤
  • 3️⃣ 拦截器自吐
  • • 获取dex文件
    • 自吐frida脚本编写【通用高效】
    • 验证步骤
  • 📖 参考资料

🛫 导读

开发环境

1️⃣ 代码介绍

okhttp3主逻辑

public class example {

    // TAG即为日志打印时的标签
    private static final String TAG = "r0ysue666";

    // 新建一个Okhttp客户端（不含拦截器等各种参数的OkHttpClient对象）
    // OkHttpClient client = new OkHttpClient();

    // 新建一个拦截器
    OkHttpClient client = new OkHttpClient.Builder()
            .addNetworkInterceptor(new LoggingInterceptor())
            .build();

    void run(String url) throws IOException {
        // 构造request
        Request request = new Request.Builder()
                .url(url)
                .header("token","r0ysue")
                .build();

        // 发起异步请求
        client.newCall(request).enqueue(
                new Callback() {
                    @Override
                    public void onFailure(Call call, IOException e) {
                        call.cancel();
                    }

                    @Override
                    public void onResponse(Call call, Response response) throws IOException {
                        //打印输出
                        Log.d(TAG, response.body().string());
                    }
                }
        );
    }
}

拦截器

Response getResponseWithInterceptorChain() throws IOException {
  // Build a full stack of interceptors.
  // 收集拦截器的临时列表
  List<Interceptor> interceptors = new ArrayList<>();
  // 先添加通过 OkHttpClient.Builder # addInterceptor() 方法添加的拦截器
  interceptors.addAll(client.interceptors());
  interceptors.add(retryAndFollowUpInterceptor);
  interceptors.add(new BridgeInterceptor(client.cookieJar()));
  interceptors.add(new CacheInterceptor(client.internalCache()));
  interceptors.add(new ConnectInterceptor(client));
  if (!forWebSocket) {
    // 如果不是 WebSocket 请求，
    // 则添加通过 OkHttpClient.Builder # addNetworkInterceptor() 方法添加的拦截器
    interceptors.addAll(client.networkInterceptors());
  }
  interceptors.add(new CallServerInterceptor(forWebSocket));
  Interceptor.Chain chain = new RealInterceptorChain(interceptors, null, null, null, 0,
      originalRequest, this, eventListener, client.connectTimeoutMillis(),
      client.readTimeoutMillis(), client.writeTimeoutMillis());
  return chain.proceed(originalRequest);
}

2️⃣ newCall自吐

自吐frida脚本编写

    Java.perform(function() {
        var OkHttpClient = Java.use("okhttp3.OkHttpClient")
       
        OkHttpClient.newCall.implementation = function (request) {
            var result = this.newCall(request)
            console.log('[newCall] request = ', request.toString())
            return result
        };
    
    });

验证步骤

3️⃣ 拦截器自吐

获取dex文件

自吐frida脚本编写【通用高效】

    Java.perform(function () {

        Java.openClassFile("/data/local/tmp/okhttp3logging.dex").load();

        var MyInterceptor = Java.use("com.r0ysue.okhttp3demo.LoggingInterceptor");

        var MyInterceptorObj = MyInterceptor.$new();
        var Builder = Java.use("okhttp3.OkHttpClient$Builder");
        console.log(Builder);
        Builder.build.implementation = function () {
            this.networkInterceptors().add(MyInterceptorObj);
            return this.build();
        };
        console.log("hook_okhttp3...");
    });

验证步骤

📖 参考资料