hook后 app 请求会失败

Question

hook后 app 请求会失败

pytomtoto opened this issue 2 years ago · 2 comments

message: {'type': 'send', 'payload': 'HttpsURLConnection.setDefaultHostnameVerifier invoked'} data: None
Error: Implementation for setDefaultHostnameVerifier expected return value compatible with void
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:621)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)
message: {'type': 'send', 'payload': 'Overriding SSLContext.init() with the custom TrustManager'} data: None
message: {'type': 'send', 'payload': 'HttpsURLConnection.setDefaultHostnameVerifier invoked'} data: None
Error: Implementation for setDefaultHostnameVerifier expected return value compatible with void
    at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:621)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)
message: {'type': 'send', 'payload': 'Overriding SSLContext.init() with the custom TrustManager'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x check() called. Not throwing an exception.'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x check() called. Not throwing an exception.'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x check() called. Not throwing an exception.'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x check() called. Not throwing an exception.'} data: None
message: {'type': 'send', 'payload': 'TrustManagerImpl verifyChain called'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x check() called. Not throwing an exception.'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x check() called. Not throwing an exception.'} data: None

Answer 1 · 2022-06-26T04:58:28.000Z

frida -U 18186 --no-pause -l hooks.js

output

     ____
    / _  |   Frida 15.1.27 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to MI 8 SE (id=e6386adc)
Attaching...                                                            
[-] Cronet pinner not found
message: {'type': 'send', 'payload': 'Custom, Empty TrustManager ready'} data: None
message: {'type': 'send', 'payload': 'OkHTTP 3.x Found'} data: None
message: {'type': 'send', 'payload': 'com.squareup.okhttp not found'} data: None
message: {'type': 'send', 'payload': 'registerClass from hostnameVerifier >>>>>>>> Missing implementation for: boolean verify(java.lang.String, javax.net.ssl.SSLSession)'} data: None
[MI 8 SE::PID::18186 ]-> message: {'type': 'send', 'payload': 'Xutils hooks not Found'} data: None
message: {'type': 'send', 'payload': 'httpclientandroidlib Hooks not found'} data: None
message: {'type': 'send', 'payload': 'OpenSSLSocketImpl pinner not found'} data: None
message: {'type': 'send', 'payload': 'Trustkit pinner not found'} data: None

Answer 2 · 2022-06-26T05:00:16.000Z

使用okhttp 3.x 的这部分js app会退出

setTimeout(function(){
        Java.perform(function () {
            //okttp3.x unpinning
            try {
                var CertificatePinner = Java.use("okhttp3.CertificatePinner");
                CertificatePinner.check.overload('java.lang.String', '[Ljava.security.cert.Certificate;').implementation = function(p0, p1){
                    // do nothing
                    console.log("Called! [Certificate]");
                    return;
                };
                CertificatePinner.check.overload('java.lang.String', 'java.util.List').implementation = function(p0, p1){
                    // do nothing
                    console.log("Called! [List]");
                    return;
                };
            } catch (e) {
             console.log("okhttp3 not found");
            }
            //okhttp unpinning
            try {
                var OkHttpClient = Java.use("com.squareup.okhttp.OkHttpClient");
                OkHttpClient.setCertificatePinner.implementation = function(certificatePinner){
                    // do nothing
                    console.log("Called!");
                    return this;
                };

                // Invalidate the certificate pinnet checks (if "setCertificatePinner" was called before the previous invalidation)
                var CertificatePinner = Java.use("com.squareup.okhttp.CertificatePinner");
                CertificatePinner.check.overload('java.lang.String', '[Ljava.security.cert.Certificate;').implementation = function(p0, p1){
                    // do nothing
                    console.log("Called! [Certificate]");
                    return;
                };
                CertificatePinner.check.overload('java.lang.String', 'java.util.List').implementation = function(p0, p1){
                    // do nothing
                    console.log("Called! [List]");
                    return;
                };
            } catch (e) {
             console.log("okhttp not found");
            }


        });

},0);