var Cls_CallBack = "okhttp3.f";
var Cls_OkHttpClient = "okhttp3.x";
var Cls_Request = "okhttp3.aa";
var Cls_Response = "okhttp3.ac";
...
然後使用switchLoader方法來切換class,不過似乎失敗。
[Google Pixel::com.xxx.xxx]-> switchLoader("okhttp3.x")
Error: java.lang.ClassNotFoundException: Didn't find class "okhttp3.x" on path: DexPathList[[dex file "/data/local/tmp/okhttpfind.dex"],nativeLibraryDirectories=[/system/lib, /vendor/lib]]
Switch ClassLoader To : dalvik.system.PathClassLoader[DexPathList[[zip file "/data/app/com.xxx.xxx-1/base.apk"],nativeLibraryDirectories=[/data/app/com.xxx.xxx-1/lib/arm, /data/app/com.xxx.xxx-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]]]
Switch ClassLoader Complete !
[Google Pixel::com.xxx.xxx]-> hold()
Error: java.lang.ClassNotFoundException: Didn't find class "okhttp3.OkHttpClient" on path: DexPathList[[dex file "/data/local/tmp/okhttpfind.dex"],nativeLibraryDirectories=[/system/lib, /vendor/lib]]
at <anonymous> (frida/node_modules/frida-java-bridge/lib/env.js:124)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:443)
at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:812)
at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:112)
at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63)
at use (frida/node_modules/frida-java-bridge/index.js:245)
at <anonymous> (/okhttp_poker.js:604)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
at perform (frida/node_modules/frida-java-bridge/index.js:192)
at hold (/okhttp_poker.js:623)
at <eval> (<input>:1)
at eval (native)
at fridaReplEvaluate (/okhttp_poker.js:800)
at apply (native)
at <anonymous> (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23)
另外我有嘗試第二種方法,將find()的結果替換okhttp_poker.js中的變數。可以成功的呼叫hold()並且成功的intercept http封包,但在intercept收到的body顯示TypeError: not a function,不太確定是否有正確使用,再麻煩指教,謝謝。
不太確定我的使用方法是否正確,想詢問一下。
啟動Frida後,因為目標的APP是混淆過的,所以我使用Find()來尋找classname
然後使用switchLoader方法來切換class,不過似乎失敗。
另外我有嘗試第二種方法,將find()的結果替換okhttp_poker.js中的變數。可以成功的呼叫hold()並且成功的intercept http封包,但在intercept收到的body顯示TypeError: not a function,不太確定是否有正確使用,再麻煩指教,謝謝。