siyujie / okhttplogger-frida Goto Github PK

创建一个简单的demo，引用okhtt3版本3.12.0， 可以正常使用和获取数据，但是当引用版本为最新，例如4.10.0后，就闪退了。
打上日志后发现是在
function getFieldValue(object, fieldName)
方法里面的
var FieldClazz = Java.use(fieldValue.$className)
出问题了，直接闪退，即使使用try都不行捕获日志。此时field.$className的值为okhttp3.Headers（两个版本的值都是一样，不知道最新版为什么运行到这里会闪退）。

Error: invalid argument value
at frida/node_modules/frida-java-bridge/lib/env.js:166
at frida/node_modules/frida-java-bridge/lib/env.js:544
at frida/node_modules/frida-java-bridge/lib/class-factory.js:776
at frida/node_modules/frida-java-bridge/lib/class-factory.js:703
at getWrapper (/okhttp_poker.js:327)
at /okhttp_poker.js:506
at je (frida/node_modules/frida-java-bridge/lib/class-factory.js:633)
at frida/node_modules/frida-java-bridge/lib/class-factory.js:616

hook过程出现了这个错误，导致软件内动作都在加载中没有拿到返回结果。

如果body类型是multipart/form-data， 就会出错

Spawned com.xunmeng.pinduoduo. Resuming main thread!

执行hold()报错

Error: java.lang.ClassNotFoundException: Didn't find class "okio.Buffer" on path: DexPathL
ist[[dex file "/data/local/tmp/okhttpfind.dex"],nativeLibraryDirectories=[/system/lib, /ve
ndor/lib]]
at (frida/node_modules/frida-java-bridge/lib/env.js:124)
at (frida/node_modules/frida-java-bridge/lib/class-factory.js:443)
at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:812)
at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:112)
at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63)
at use (frida/node_modules/frida-java-bridge/index.js:246)
at (/okhttp_poker.js:606)
at (frida/node_modules/frida-java-bridge/lib/vm.js:11)
at perform (frida/node_modules/frida-java-bridge/index.js:193)
at hold (/okhttp_poker.js:623)
at (:1)
at eval (native)
at fridaReplEvaluate (/okhttp_poker.js:800)
at apply (native)
at (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23)

Error: java.lang.ClassNotFoundException: Didn't find class "com.singleman.SingleMan" on path: DexPathList[[],nativeLibraryDirectories=[/system/lib64, /system_ext/lib64]]
大神，我记得之前是可以使用的，今天再使用就报这个问题，dex文件已经push到手机里了，求帮助！

不太確定我的使用方法是否正確，想詢問一下。

啟動Frida後，因為目標的APP是混淆過的，所以我使用Find()來尋找classname

var Cls_CallBack = "okhttp3.f";
var Cls_OkHttpClient = "okhttp3.x";
var Cls_Request = "okhttp3.aa";
var Cls_Response = "okhttp3.ac";
...

然後使用switchLoader方法來切換class，不過似乎失敗。

[Google Pixel::com.xxx.xxx]-> switchLoader("okhttp3.x")
Error: java.lang.ClassNotFoundException: Didn't find class "okhttp3.x" on path: DexPathList[[dex file "/data/local/tmp/okhttpfind.dex"],nativeLibraryDirectories=[/system/lib, /vendor/lib]]

Switch ClassLoader To :  dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.xxx.xxx-1/base.apk"],nativeLibraryDirectories=[/data/app/com.xxx.xxx-1/lib/arm, /data/app/com.xxx.xxx-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]]]


Switch ClassLoader Complete !

[Google Pixel::com.xxx.xxx]-> hold()
Error: java.lang.ClassNotFoundException: Didn't find class "okhttp3.OkHttpClient" on path: DexPathList[[dex file "/data/local/tmp/okhttpfind.dex"],nativeLibraryDirectories=[/system/lib, /vendor/lib]]
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/env.js:124)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:443)
    at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:812)
    at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:112)
    at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63)
    at use (frida/node_modules/frida-java-bridge/index.js:245)
    at <anonymous> (/okhttp_poker.js:604)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
    at perform (frida/node_modules/frida-java-bridge/index.js:192)
    at hold (/okhttp_poker.js:623)
    at <eval> (<input>:1)
    at eval (native)
    at fridaReplEvaluate (/okhttp_poker.js:800)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23)

另外我有嘗試第二種方法，將find()的結果替換okhttp_poker.js中的變數。可以成功的呼叫hold()並且成功的intercept http封包，但在intercept收到的body顯示TypeError: not a function，不太確定是否有正確使用，再麻煩指教，謝謝。

┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
| URL: https://xxx.xxx.com/xxx/xxx?xxx=xxx
|
| Method: GET
|
| Request Headers: 12
|   ┌─userkey: xxx
|   ┌─areaid: 1
|   ┌─appid: 10
|   ┌─channelId: xxx
|   ┌─deviceId: xxx
|   ┌─User-Agent: xxx/5.4.5 Android/7.1.1 (Google Pixel)
|   ┌─channelid: xxx
|   ┌─useridx: xxx
|   ┌─deviceType: android
|   ┌─androidId: xxx
|   ┌─version: 5.4.5
|   └─bundleid: com.xxx.xxx
|
|--> END
|
| URL: https://xxx.xxx.xxx/xxx/xxx?xxx=xxx
|
| Status Code: 200 / OK
|
| Response Headers: 12
|   ┌─Server: nginx
|   ┌─Date: Thu, 31 Dec 2020 09:01:00 GMT
|   ┌─Content-Type: application/json; charset=utf-8
|   ┌─Content-Length: 1128
|   ┌─Connection: keep-alive
|   ┌─Cache-Control: public, max-age=446
|   ┌─Expires: Thu, 31 Dec 2020 09:09:26 GMT
|   ┌─Last-Modified: Thu, 31 Dec 2020 08:59:26 GMT
|   ┌─Vary: *
|   ┌─X-AspNetMvc-Version: 5.2
|   ┌─X-AspNet-Version: 4.0.30319
|   └─X-Powered-By: ASP.NET
|
| Response Body:
print response error : TypeError: not a function
└────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Start Find~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Find Result~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
var Cls_Call = "okhttp3.e";
var Cls_CallBack = "okhttp3.f";
var Cls_OkHttpClient = "okhttp3.x";
var Cls_Request = "okhttp3.z";
var Cls_Response = "okhttp3.b0";
var Cls_ResponseBody = "okhttp3.c0";
var Cls_okio_Buffer = "okio.c";
var F_header_namesAndValues = "a";
var F_req_body = "d";
var F_req_headers = "c";
var F_req_method = "b";
var F_req_url = "a";
var F_rsp$builder_body = "g";
var F_rsp_body = "g";
var F_rsp_code = "c";
var F_rsp_headers = "f";
var F_rsp_message = "d";
var F_rsp_request = "a";
var M_CallBack_onFailure = "onFailure";
var M_CallBack_onResponse = "onResponse";
var M_Call_enqueue = "E3";
var M_Call_execute = "execute";
var M_Call_request = "W";
var M_Client_newCall = "a";
var M_buffer_readByteArray = "a1";
var M_contentType_charset = "b";
var M_reqbody_contentLength = "a";
var M_reqbody_contentType = "b";
var M_reqbody_writeTo = "h";
var M_rsp$builder_build = "c";
var M_rspBody_contentLength = "contentLength";
var M_rspBody_contentType = "contentType";
var M_rspBody_create = "create";
var M_rspBody_source = "source";
var M_rsp_newBuilder = "s";

这是find()找到后的
通过修改okhttp_poker.js填入后
再次执行hold()
提示

TypeError: cannot read property 'overload' of undefined
    at <anonymous> (/okhttp_poker.js:609)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
    at perform (frida/node_modules/frida-java-bridge/index.js:192)
    at hold (/okhttp_poker.js:623)
    at <eval> (<input>:1)
    at eval (native)
    at fridaReplEvaluate (/okhttp_poker.js:800)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23)

目前看到很多主流的app也在用这个框架,能否适配呢?

Failed to spawn: process not found

请问okhttpfind的作用是什么呢？
可以直接写Java.use('okhttp3.OkHttpClient')吗？
我测试的时候直接写Java.use('okhttp3.OkHttpClient')发现只能hook到APP自身的流量，而无法hook到APP集成的第三方库的流量，求给小白指条路，不明白是为什么会这样，万分感谢！

Error: invoke(): argument types do not match any of:
.overload('java.lang.Object', '[Ljava.lang.Object;')
at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:563)
at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:966)
at e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547)
at onResponse (/okhttp_poker.js:538)
at apply (native)
at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:613)
at (frida/node_modules/frida-java-bridge/lib/class-factory.js:592)

hold后可以抓到请求 但是app一直在转圈 并回显了这个错误 (新版 旧版都测试过)

动图在哪里？

print request error : Error: writeTo(): argument types do not match any of:
.overload('okio.g')
at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:563)
at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:966)
at e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547)
at printerRequest (/okhttp_poker.js:171)
at printAll (/okhttp_poker.js:106)
at (/okhttp_poker.js:89)
at (frida/node_modules/frida-java-bridge/lib/vm.js:16)
at perform (frida/node_modules/frida-java-bridge/index.js:193)
at buildNewResponse (/okhttp_poker.js:98)
at (/okhttp_poker.js:510)
at apply (native)
at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:613)
at (frida/node_modules/frida-java-bridge/lib/class-factory.js:592)

佬，报错了，拿不到Request Body
快手10.0.23，原生安卓7

我已经尝试改下。已经成功。
https://github.com/friddle/OkHttpLogger-Frida/blob/master/okhttp_poker_gzip.js
但是不是很熟悉frida的写法。代码质量不行。所以没有pull request。只提供参考下

抖音15.5.0

frida14.2.2 加载错误
Resuming main thread! [VTR AL00::com.xxxx.xxxx]-> Error: File not found at load (frida/node_modules/frida-java-bridge/lib/class-factory.js:1177) at <anonymous> (/okhttp_poker.js:774) at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12) at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:237) at <anonymous> (frida/node_modules/frida-java-bridge/index.js:229) at apply (native) at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:613) at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:592)

如题，Process crashed: Bad access due to invalid address
有的app正，某外卖第三方配送app 就这样

用来hook 一款新氧医美的app的okhttp3, 用-f的方式启动,会直接报process terminal.
打开app去掉-f 可以正常启动,然后find 显示为混淆.
先搜索玻尿酸,运行hold()
然后点击进入详情页
就会出现标题显示的错误.
能指教一下有什么办法可以获取这个app的包吗?

File Request Body Omit.....
File Response Body Omit.....

这种请求是什么情况呀

Error: java.lang.ClassNotFoundException: Didn't find class "com.bytedance.frameworks.baselib.network.http.cronet.impl.b$a" on path: DexPathList[[dex file "/data/local/tmp/okhttpfind.dex"],nativeLibraryDirectories=[/system/lib, /vendor/lib]]

Using aweme_httpcat.js

RT

print request error : Error: writeTo(): argument types do not match any of:
.overload('okio.g')
at pe (frida/node_modules/frida-java-bridge/lib/class-factory.js:549)
at frida/node_modules/frida-java-bridge/lib/class-factory.js:951
at printerRequest (/okhttp_poker.js:171)
at printAll (/okhttp_poker.js:106)
at /okhttp_poker.js:89
at frida/node_modules/frida-java-bridge/lib/vm.js:11
at frida/node_modules/frida-java-bridge/index.js:304
at buildNewResponse (/okhttp_poker.js:98)
at /okhttp_poker.js:510

Abort message: 'art/runtime/class_linker.cc:2761] Check failed: found_virtual Didn't find oat method index for virtual method: java.math.BigDecimal android.icu.math.BigDecimal.toBigDecimal()'
eax 00000000 ebx 00002557 ecx 00002557 edx 00000006
esi ffff96cc edi ffff9550
xcs 00000023 xds 0000002b xes 0000002b xfs 0000006b xss 0000002b
eip f7f1bd30 ebp ffff95d0 esp ffff94e8 flags 00000296

┌─access-control-allow-origin: *
| ┌─access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
| ┌─access-control-allow-headers: *
| ┌─access-control-allow-credentials: false
| ┌─access-control-max-age: 86400
| ┌─x-b3-spanid: 576a4a993db7a726
| ┌─x-nike-zhenghe-version: v4.9.0
| ┌─x-nike-zhenghe-cli-version: v9.5.1
| ┌─x-nike-zhenghe-count: 118381
| ┌─x-nike-zhenghe-timing-ms: 4
| └─x-nike-zhenghe-target-host: public.prod.commerce.origin.nike.com.cn
|
| Response Body:
print response error : TypeError: not a function
hold()后提示该错误。返回数据的协议头存在 但是body报错

........... hookRealCall : okhttp3.RealCall
Error: invoke(): argument types do not match any of:
.overload('java.lang.Object', '[Ljava.lang.Object;')
at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:563)
at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:966)
at e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547)
at onFailure (/okhttp_poker.js:540)
at apply (native)
at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:613)
at (frida/node_modules/frida-java-bridge/lib/class-factory.js:592)