2021Android网络库详解-tale.docx

AndrOid网络库详解-tale网络摩：HttpUR1.ConnectionHttPUR1.COnneCtiOn介绍HttPUR1.eOnneCtiOn的使用步骤HOOKHttpUR1.Connection网络库，OkhttP3+(OggingOKHttP简介OKHttP的功能HOOK0kHttp3网络库:RetrofitRetrofit简介，Retrofit使用步骤，HOOKRetrofit参考资料网络库:HttpUR1.ConnectionHttPUR1.COnneCtiOn介绍-种多用途轻量极的HTTP客户端使用它来进行HTTP操作可以适用于大多数的应用程序虽然HttPUR1.ConneCtiOn的APl提供的比较简单，但是同时这也使得我们可以更加容易地去使用和扩展它继承至UR1.ConneetiOn,抽象类无法直接实例化对象通过调用OPenColleCtiOnO方法获得对象实例默认是带gzip压缩的；HttPUR1.COnneetiOn的使用步骤使用HttPUR1.COnneCtiOrI的步3聚如下:PlainTextQ复制代码1 1创建一个UR1.*j象：UR1.url=newUR1.(https:/);2 2调用UR1.对象的OPenCOnneCtion()来获取HttPUR1.COnneCtiOn对象实例：HttpUR1.Connectionconn=(HttpUR1.Connection)url.OpenConnection();3设置HTTP请求使用的方法：GET或者POST或者其他请求方式比如：PUTconn.SetRequestMethod(11GET11);4设置连接超时,读取超时的毫秒数以及服务器希望得到的一些消息头conn.SetConnectTimeout(6*1000);conn.SetReadTimeout(6*1000);5 5调用getlnputStream()法获得服务器返回的输入流然后输入流进行读取了InputStreamin=conn.getInputStreamO;6 6最后调用disconnect()方法才夺HTTP连接关掉ConrI.discOrIneCt();HOOKHttpUR1.ConnectionPlainTextQ复制代码1创建一个UR1.对象：UR1.url=newUR1.(https:/);如果想自吐UR1.(https:/)则应该hookUR1.的构造函数PlainText(5复制代码1workon(google:8.1.0)usb#androidhookingsearchclassesUR1.-.h'j?iVJFMkb(google:8.1.0)androidhookingsearchclassesUR1.1.libcore.io.ClossPothUR1.StreamHandlcr；android.icu.impl.UR1.HandlerSUR1.Vxsitorandroid.text.style.UR1.Sponcom.android.okhttp.HttpHandlerSCIeartextUR1.FIterCofn.android,okhttp.HttpUrlSBuiIdercom.android.okhttp.OkUrIFactorycom.android.okhttp.internal.UR1.Filtercom.ondroid.okhttp.internal.hue.DelegatingHttpsUR1.Connectioncom.Qndraoid.okhttp.internal.hue.HttpsUR1.ConnectioImpl).HttpUR1.Connection).JarURlC.MalformedUR1.E.UR,UR1.C.UR1.StreamHondler.UR1.StreafnKondlerF.ssl.HttpsUR1.ConnectionIibcorc.io.ClOssPothUR1.StreamHondlerIibcore.io.ClassPathUR1.StreamHondlerSClassPothUR1.ConectionIibcore.io.ClassPathUR1.StreamHa11dlerSClassPathUR1.ConnectxonSlFound20classes需单独hook构造函数.UR1.$initPlainTextQ复制代码workon(google:8.1.0)usb#androidhookingwatchClaSS_.UR1.$init-dump-args-dump-backtrace-dump-re2turnMtwort可以发现在手机每点击一下刷新验证码就会弹出新的请求)*vM.Utl.V<)MRtt)M.fWtwt11”)4M(ctHl.*Hl(tern<tttt><Wtlw>M4)wmH)<Mt>CM.JM.4M)<tmt><WtlWMMM4)0MX6MMrl4MMWIMe<l.<(,fwtmrtfWttf*MWtl.et0e<ltiMsmllit)cm.w1.a*aor,t<<51M9Cf<bmm91<.Rtmrt<Mtetae*<WtU7<*<MMCylaY)mi14)S¼jwT4U<11(AfMTej*3>)>wM).twttrforwCfsturtToifc.)avo2M>三twrVWlee然后可以编写自吐脚本,打印出经过的UrI地址PlainTextQ复制代码1frida-U-work-120201013.js-no-pauseJava.perfon(functionnet»UR1.*UR1.Java.use<*.UR1.").$lnlt.overload(*java.Ung.Strln').lapIeaientation«funvrresultthsSinit(str)c<Misole.lo("resulttstr三>,result,str)jreturnresult;11tIpUR1.ConnectlonSetRequeitProperty傅Java,use<''com.android.okhttp.internal,hue.HttpUR1.Coofiectionl«plM).setRe<)u«stPropvrresultths.setRequestroperty(strlfstr2);1516console.log(w.SetRequestPropertyresultrstrl(str2->"fresult,Strltttr2);returnresult:PROB1.EMSOUTPUTDFBUGCONSO1.£TtRMINA1.2:Python7÷(D×Comands:helpobject?exltqult->Exit.Moreinfoathttps:/ww.frid«.re<focsbomeSpamedco.xMwork*.ResuaingMlf)thread!(PixelX1.:workJ->result,str>un<fefInedhttp:Zyxl2>fjjcjy.c<NPublicControl/GetViliditKodeZti*e>2212e222352.SetRequestMethodresult,str1,str2->undefinedGET.SetReQuestPropertyresult,strl,str2->.SetRequestPropcrtyresuIt,strlfstr2->.SetRequestPropertyresult,strltstr2->t)Gecko201llFlrefox33.SetReQuestPropertyresult,stri,str2->Ufxtefinedurdefine4uftdefIneduMefinedAcceptAccept-1.ngugezb-cn,zh；Q»e.8,en-tjs；Q».5ren;q«0.3USerzstMotilU5.e(WindowsWT6.1;WoW64;rv33.Accept-CncodifiQgzipfdeflateresult.str=>undefinedhttp:/yxl2.fjjcjy.coPublicControlGetValidateCode7tie=2212222352result.str三>undefined22liI3frida-U-work-I220113.1s-o-pauseFrid12.11.1-AWOrld-CI$dynamicInstruaentAtiontoolkit->DispUysthehelpsystem->DisplayInfomatiof)about,object,使用该自吐脚本尝试另一款APP做实验PlainTextQ复制代码1frida-U-fcom.cz.1.abySister-120201013.js-no-pauser*Mi".StytEeiyetriurvtmr*lt”1>w>MsettaMttelMjRiUrlCmtctioI÷OJAHe,gatocV*mdT'UaMfwW<<f.ecE<MevyMB.U>l¼JWUMrvKJr0>>9MUr>MWR>pMB4EMM.ertUMf.1.UrnrygutB三jMcC«c，i>tbo，trWZmeIapVr*cCl5，2ArtiVJ54SMc0jAt，cf<c0M*NIWmAJTCJMrfttcMjMS>tWMmn<2hMMMMmMpUHM4tetlMmTMMetZMrt>rwe<t.rvuUttri9ttrsM，g<CWirwtUTFTetl0eitee*trfMuM.Hd.HC.VMtflnMS,¼eM3,IW4.(cttetlbU：l¾U.;WMsmr).><t-，：rcmm;nncla九.j11i.rani.,msm.w;.wrcm.4M.2U2sm11cms3m)田ZI