思路:socket包大部分都是密文的,常规的抓包工具Charles、Fiddler等一般都无法抓到,所以使用frida进行hook抓包。但frida抓的socket太多了,进一步用Wireshark抓包看想要的数据是哪些包,根据某些特征给frida过滤。
function jhexdump(array) {
var ptr_array = Memory.alloc(array.length);
for(var i = 0; i < array.length; ++i)
Memory.writeS8(ptr_array.add(i), array[i]);
console.log(hexdump(ptr_array,{
length: 0x520}), "\r\n");
console.log("ptr: ",ptr(ptr_array).readCString());
}
function hook_socket(){
Java.perform(function(){
Java.use("java.net.SocketOutputStream").write.overload('[B', 'int', 'int').implementation = function(bytearry,int1,int2){
var result = this.write(bytearry,int1,int2);
console.log(jhexdump(bytearry));
return result;
}
Java.use("java.net.SocketInputStream").read.overload('[B', 'int', 'int').implementation = function(bytearry,int1,int2){
var result = this.read(bytearry,int1,int2);
console.log(jhexdump(bytearry));
return result;
}
})
}
function main(){
hook_socket()
}
setImmediate(main)