跳转至

一键 hook 自吐脚本网页版

前言

本文介绍在 js 逆向中可能会用到的自吐脚本,原理与 app 逆向中 安卓自吐的几种方法frida 自吐算法脚本中的一致。

目前常用的 js hook 自吐脚本如下:

1. 前提条件

自测在 Nexus 5xroot 安卓 8.1.0 同样成功

js hook 自吐脚本使用前准备如下:

  • 浏览器:用于调试,Googlefirefox 等不限制
  • 油猴插件:用于编写和管理 js hook 的脚本

2. 操作步骤

2.1. 浏览器安装油猴

这里不再详细说明如何在浏览器上安装油猴插件,这里放上官方安装及使用说明链接。

各浏览器安装油猴的方法:Greasy Fork 官方文档

2.2. 编写 js 自吐脚本

同样,这里不再介绍如何通过油猴来编写脚本,具体请在官网中查看,这里只展示对应的脚本内容。

2.2.1. 一键 hook 加密算法

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
// ==UserScript==
// @name         一键Hook加密算法
// @namespace    By:亮亮
// @version      1.2
// @description  一键Hook Crypto RSA 几个基本的方法  AES DES 3DES Hmac  SHA
// @author       liangliang
// @match        https://*/*
// @match        http://*/*
// @icon         data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==
// @grant        none
// ==/UserScript==

(function() {
    'use strict';
    console.log("亮亮网页Hook脚本初始化成功");
    //过dubugger
    var constructorEx = constructor;
    Function.prototype.constructor = function(s) {
        if (s == "debugger") {
            return null;
        }
        return constructorEx(s);
    }

    window.SHook = true
    window.IsDebugger = false
    function hex2b64(h) {
        var b64map = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
        var i;
        var c;
        var ret = "";
        for (i = 0; i + 3 <= h.length; i += 3) {
            c = parseInt(h.substring(i, i + 3), 16);
            ret += b64map.charAt(c >> 6) + b64map.charAt(c & 63);
        }
        if (i + 1 == h.length) {
            c = parseInt(h.substring(i, i + 1), 16);
            ret += b64map.charAt(c << 2);
        } else if (i + 2 == h.length) {
            c = parseInt(h.substring(i, i + 2), 16);
            ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4);
        }
        while ((ret.length & 3) > 0)
            ret += "=";
        return ret;
    }
    if (window.CryptoJS != undefined) {
        var Crypto = window.CryptoJS
        //AES加解密
        if (Crypto.AES != undefined) {
            var AESencrypt = Crypto.AES.encrypt
            var AESdecrypt = Crypto.AES.decrypt
            window.CryptoJS.AES.encrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return AESencrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到AES加密:');
                var AESKey = arguments[1]
                var AESIv = arguments[2]["iv"]
                console.log("EnData:" + CryptoJS.enc.Utf8.stringify(Data))
                console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey))
                console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv))
                if (IsDebugger == true) {
                    debugger ;
                }
                return AESencrypt(arguments[0], arguments[1], arguments[2])
            }
            window.CryptoJS.AES.decrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return AESdecrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到AES解密:');
                var AESKey = arguments[1]
                var AESIv = arguments[2]["iv"]
                console.log("DeData:" + Data)
                console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey))
                console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv))
                if (IsDebugger == true) {
                    debugger ;
                }
                return AESdecrypt(arguments[0], arguments[1], arguments[2])
            }
        }
        //DES加解密
        if (Crypto.DES != undefined) {
            var DESencrypt = Crypto.DES.encrypt
            var DESdecrypt = Crypto.DES.decrypt
            window.CryptoJS.DES.encrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return DESencrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到DES加密:');
                var AESKey = arguments[1]
                var AESIv = arguments[2]["iv"]
                console.log("EnData:" + CryptoJS.enc.Utf8.stringify(Data))
                console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey))
                console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv))
                if (IsDebugger == true) {
                    debugger ;
                }
                return AESencrypt(arguments[0], arguments[1], arguments[2])
            }
            window.CryptoJS.DES.decrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return AESdecrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到DES解密:');
                var AESKey = arguments[1]
                var AESIv = arguments[2]["iv"]
                console.log("DeData:" + Data)
                console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey))
                console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv))
                if (IsDebugger == true) {
                    debugger ;
                }
                return DESdecrypt(arguments[0], arguments[1], arguments[2])
            }
        }
        //3DES加解密
        if (Crypto.TripleDES != undefined) {
            var TripleDESencrypt = Crypto.TripleDES.encrypt
            var TripleDESdecrypt = Crypto.TripleDES.decrypt
            window.CryptoJS.TripleDES.encrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return TripleDESencrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到TripleDES加密:');
                var AESKey = arguments[1]
                var AESIv = arguments[2]["iv"]
                console.log("EnData:" + CryptoJS.enc.Utf8.stringify(Data))
                console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey))
                console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv))
                if (IsDebugger == true) {
                    debugger ;
                }
                return AESencrypt(arguments[0], arguments[1], arguments[2])
            }
            window.CryptoJS.TripleDES.decrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return AESdecrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到TripleDES解密:');
                var AESKey = arguments[1]
                var AESIv = arguments[2]["iv"]
                console.log("DeData:" + Data)
                console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey))
                console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv))
                if (IsDebugger == true) {
                    debugger ;
                }
                return TripleDESdecrypt(arguments[0], arguments[1], arguments[2])
            }
        }
        //Hmac
        var HMAC_MD5encrypt = Crypto.HmacMD5
        var HMAC_SHA1encrypt = Crypto.HmacSHA1
        var HMAC_SHA256encrypt = Crypto.HmacSHA256
        var HMAC_SHA384encrypt = Crypto.HmacSHA384
        var HMAC_SHA512encrypt = Crypto.HmacSHA512

        if (Crypto.HmacMD5 != undefined) {
            window.CryptoJS.HmacMD5 = function() {
                var Data = arguments[0];
                if (Data == "" || window.SHook == false) {
                    return HMAC_MD5encrypt(arguments[0], arguments[1]);
                }
                ;console.log("检测到HmacMD5加密:");
                var HmacKey = arguments[1];
                console.log("EnData:" + Data);
                console.log("HmacKey:" + HmacKey);
                if (IsDebugger == true) {
                    debugger ;
                }
                return HMAC_MD5encrypt(arguments[0], arguments[1]);
            }
        }
        if (Crypto.HmacSHA1 != undefined) {
            window.CryptoJS.HmacSHA1 = function() {
                var Data = arguments[0];
                if (Data == "" || window.SHook == false) {
                    return HMAC_SHA1encrypt(arguments[0], arguments[1]);
                }
                ;console.log("检测到HmacSHA1加密:");
                var HmacKey = arguments[1];
                console.log("EnData:" + Data);
                console.log("HmacKey:" + HmacKey);
                if (IsDebugger == true) {
                    debugger ;
                }
                return HMAC_SHA1encrypt(arguments[0], arguments[1]);
            }
        }
        if (Crypto.HmacSHA256 != undefined) {
            window.CryptoJS.HmacSHA256 = function() {
                var Data = arguments[0];
                if (Data == "" || window.SHook == false) {
                    return HMAC_SHA256encrypt(arguments[0], arguments[1]);
                }
                ;console.log("检测到HmacSHA256加密:");
                var HmacKey = arguments[1];
                console.log("EnData:" + Data);
                console.log("HmacKey:" + HmacKey);
                if (IsDebugger == true) {
                    debugger ;
                }
                return HMAC_SHA256encrypt(arguments[0], arguments[1]);
            }
        }
        if (Crypto.HmacSHA384 != undefined) {
            window.CryptoJS.HmacSHA384 = function() {
                var Data = arguments[0];
                if (Data == "" || window.SHook == false) {
                    return HMAC_SHA384encrypt(arguments[0], arguments[1]);
                }
                ;console.log("检测到HmacSHA384加密:");
                var HmacKey = arguments[1];
                console.log("EnData:" + Data);
                console.log("HmacKey:" + HmacKey);
                if (IsDebugger == true) {
                    debugger ;
                }
                return HMAC_SHA384encrypt(arguments[0], arguments[1]);
            }
        }
        if (Crypto.HmacSHA512 != undefined) {
            window.CryptoJS.HmacSHA512 = function() {
                var Data = arguments[0];
                if (Data == "" || window.SHook == false) {
                    return HMAC_SHA512encrypt(arguments[0], arguments[1]);
                }
                ;console.log("检测到HmacSHA512加密:");
                var HmacKey = arguments[1];
                console.log("EnData:" + Data);
                console.log("HmacKey:" + HmacKey);
                if (IsDebugger == true) {
                    debugger ;
                }
                return HMAC_SHA512encrypt(arguments[0], arguments[1]);
            }
        }
        //Rabbit加解密
        if (Crypto.TripleDES != undefined) {
            var Rabbitencrypt = Crypto.Rabbit.encrypt
            var Rabbitdecrypt = Crypto.Rabbit.decrypt
            window.CryptoJS.Rabbit.encrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return Rabbitencrypt(arguments[0], arguments[1])
                }
                console.log('检测到Rabbit加密:');
                console.log("EnData:" + Data)
                console.log("Key:" + arguments[1])
                if (IsDebugger == true) {
                    debugger ;
                }
                return Rabbitencrypt(arguments[0], arguments[1])
            }
            window.CryptoJS.Rabbit.decrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return Rabbitdecrypt(arguments[0], arguments[1])
                }
                console.log('检测到Rabbit解密:');
                console.log("DeData:" + Data)
                console.log("Key:" + arguments[1])
                if (IsDebugger == true) {
                    debugger ;
                }
                return Rabbitdecrypt(arguments[0], arguments[1])
            }
        }
        //PBKDF2加解密
        if (Crypto.PBKDF2 != undefined) {
            var PBKDF2encrypt = Crypto.PBKDF2
            window.CryptoJS.PBKDF2 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return PBKDF2encrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到PBKDF2加密:');
                console.log("EnData:" + Data)
                console.log("Salt:" + arguments[1])
                console.log("KeySize:" + arguments[2]['keySize'])
                console.log("iterations:" + arguments[2]['iterations'])
                if (IsDebugger == true) {
                    debugger ;
                }
                return PBKDF2encrypt(arguments[0], arguments[1], arguments[2])
            }
        }
        //PBKDF2加解密
        if (Crypto.EvpKDF != undefined) {
            var EvpKDFencrypt = Crypto.EvpKDF
            window.CryptoJS.EvpKDF = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return EvpKDFencrypt(arguments[0], arguments[1], arguments[2])
                }
                console.log('检测到EvpKDF加密:');
                console.log("EnData:" + Data)
                console.log("Salt:" + arguments[1])
                console.log("KeySize:" + arguments[2]['keySize'])
                console.log("iterations:" + arguments[2]['iterations'])
                if (IsDebugger == true) {
                    debugger ;
                }
                return EvpKDFencrypt(arguments[0], arguments[1], arguments[2])
            }
        }
        //Md5加密
        if (Crypto.MD5 != undefined) {
            var MD5encrypt = Crypto.MD5
            window.CryptoJS.MD5 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return MD5encrypt(arguments[0])
                }
                console.log('检测到MD5加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return MD5encrypt(arguments[0])
            }
        }
        //SHA1加密
        if (Crypto.SHA1 != undefined) {
            var SHA1encrypt = Crypto.SHA1
            window.CryptoJS.SHA1 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return SHA1encrypt(arguments[0])
                }
                console.log('检测到SHA1加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return SHA1encrypt(arguments[0])
            }
        }
        //SHA3加密
        if (Crypto.SHA3 != undefined) {
            var SHA3encrypt = Crypto.SHA3
            window.CryptoJS.SHA3 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return SHA3encrypt(arguments[0])
                }
                console.log('检测到SHA3加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return SHA3encrypt(arguments[0])
            }
        }
        //SHA224加密
        if (Crypto.SHA224 != undefined) {
            var SHA224encrypt = Crypto.SHA224
            window.CryptoJS.SHA224 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return SHA224encrypt(arguments[0])
                }
                console.log('检测到SHA224加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return SHA224encrypt(arguments[0])
            }
        }
        //SHA256加密
        if (Crypto.SHA256 != undefined) {
            var SHA256encrypt = Crypto.SHA256
            window.CryptoJS.SHA256 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return SHA256encrypt(arguments[0])
                }
                console.log('检测到SHA256加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return SHA256encrypt(arguments[0])
            }
        }
        //SHA384加密
        if (Crypto.SHA384 != undefined) {
            var SHA384encrypt = Crypto.SHA384
            window.CryptoJS.SHA384 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return SHA384encrypt(arguments[0])
                }
                console.log('检测到SHA384加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return SHA384encrypt(arguments[0])
            }
        }
        //SHA512加密
        if (Crypto.SHA512 != undefined) {
            var SHA512encrypt = Crypto.SHA512
            window.CryptoJS.SHA512 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return SHA512encrypt(arguments[0])
                }
                console.log('检测到SHA512加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return SHA512encrypt(arguments[0])
            }
        }
        //RIPEMD160加密
        if (Crypto.RIPEMD160encrypt != undefined) {
            var RIPEMD160encrypt = Crypto.RIPEMD160
            window.CryptoJS.RIPEMD160 = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return RIPEMD160encrypt(arguments[0])
                }
                console.log('检测到RIPEMD160加密:');
                console.log("EnData:" + Data)
                if (IsDebugger == true) {
                    debugger ;
                }
                return RIPEMD160encrypt(arguments[0])
            }
        }
    }
    //RSA  加解密
    if (window.biToHex != undefined) {
        var ToHex = window.biToHex
        if (window.encryptedString != undefined) {
            var RsaEncrypt = window.encryptedString
            window.encryptedString = function() {
                var KeyPair = arguments[0];
                var Data = arguments[1]
                if (Data == "" || window.SHook == false) {
                    return RsaEncrypt(KeyPair, Data)
                }
                console.log('检测到RSA加密:');
                var PublicKey = ToHex(KeyPair.e).substr(2)
                //取右边6位就是公钥了
                var Modulus = "00" + ToHex(KeyPair.m);
                //前面补俩个0
                console.log("EnData:" + Data);
                console.log("PublicKey:" + PublicKey);
                console.log("Modulus:" + Modulus);
                if (IsDebugger == true) {
                    debugger ;
                }
                return RsaEncrypt(KeyPair, Data)
            }
        }
        if (window.decryptedString != undefined) {
            var RsaDecrypt = window.decryptedString
            window.decryptedString = function() {
                var KeyPair = arguments[0];
                var Data = arguments[1]
                if (Data == "" || window.SHook == false) {
                    return RsaEncrypt(KeyPair, Data)
                }
                console.log('检测到RSA加密:');
                var PublicKey = ToHex(KeyPair.e).substr(2)
                //取右边6位就是公钥了
                var Modulus = "00" + ToHex(KeyPair.m);
                //前面补俩个0
                console.log("EnData:" + Data);
                console.log("PublicKey:" + PublicKey);
                console.log("Modulus:" + Modulus);
                if (IsDebugger == true) {
                    debugger ;
                }
                return RsaDecrypt(KeyPair, Data)
            }
        }
    }
    if (window.JSEncrypt != undefined) {
        var RSA = window.JSEncrypt.prototype
        if (RSA.encrypt != undefined) {
            var RSA_encrypt = RSA.encrypt
            window.JSEncrypt.prototype.encrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return hex2b64(RSA.key.encrypt(Data))
                }
                console.log('检测到RSA加密:');
                console.log('EnData:' + Data);
                if (IsDebugger == true) {
                    debugger ;
                }
                return hex2b64(RSA.key.encrypt(Data))
            }
        }
        if (RSA.decrypt != undefined) {
            var RSA_decrypt = RSA.decrypt
            window.JSEncrypt.prototype.decrypt = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return hex2b64(RSA.key.decrypt(Data))
                }
                console.log('检测到RSA解密:');
                console.log('DeData:' + Data);
                if (IsDebugger == true) {
                    debugger ;
                }
                return hex2b64(RSA.key.decrypt(Data))
            }
        }
        if (RSA.setPublicKey != undefined) {
            var RSA_setPublicKey = RSA.setPublicKey
            window.JSEncrypt.prototype.setPublicKey = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return RSA.setKey(Data)
                    return
                }
                console.log('检测到RSA设置公钥:');
                console.log('PublicKey:' + Data);
                if (IsDebugger == true) {
                    debugger ;
                }
                return RSA.setKey(Data)
            }
        }
        if (RSA.setPrivateKey != undefined) {
            var RSA_setPrivateKey = RSA.setPrivateKey
            window.JSEncrypt.prototype.setPrivateKey = function() {
                var Data = arguments[0]
                if (Data == "" || window.SHook == false) {
                    return RSA.setKey(Data)
                }
                console.log('检测到RSA设置私钥:');
                console.log('PrivateKey:' + Data);
                if (IsDebugger == true) {
                    debugger ;
                }
                return RSA.setKey(Data)
            }
        }

    }
}
)();

2.2.2. hook base64 脚本

若碰到类似 base64 的编码时,可以先尝试使用此脚本

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
// ==UserScript==
// @name         HookBase64
// @namespace    https://login1.scrape.center/
// @version      0.1
// @description  Hook Base64 encode function
// @author       Germey
// @match        https://login1.scrape.center/
// @grant        none
// ==/UserScript==
(function () {
  "use strict";
  function hook(object, attr) {
    var func = object[attr];
    object[attr] = function () {
      console.log("hooked", object, attr);
      var ret = func.apply(object, arguments);
      debugger;
      return ret;
    };
  }
  hook(window, "btoa");
})();

2.2.3. hook headers 脚本

js hook request 请求头 headers 中的参数的脚本,记得修改需要 hookheaders 的参数 key 的值。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
// ==UserScript==
// @name         RequestHeadersHook
// @namespace    By: Ayuge
// @version      0.1
// @description  Hook Base64 encode function
// @author       Ayuge
// @match        https://*/*
// @match        http://*/*
// @grant        none
// ==/UserScript==
var hook = function () {
    var org = window.XMLHttpRequest.prototype.setRequestHeader;
    window.XMLHttpRequest.prototype.setRequestHeader = function (key, value) {
        if (key == '4c652017c70bc313bbdd') {
            debugger;
        }
        return org.apply(this, arguments);
    }
}
var script = document.createElement('script');
script.textContent = '(' + hook + ')()';
(document.head || document.documentElement).appendChild(script);
script.parentNode.removeChild(script);

2.2.3. 其它 js hook 脚本

其他的 hook 自吐脚本会在参考文章中补充。

3. 参考文章

评论

回到页面顶部