前提 : 有時會遇到這樣的需求:將一些別人app上比較優(yōu)質(zhì)的內(nèi)容,用到自己產(chǎn)品中.由于別人的app做了大量的參數(shù)加密, 我們獲取不到加密規(guī)則,所以使用接口直接調(diào)用的方法就走不通.
本文就是要介紹使用逆向技術(shù)攔截目標(biāo)app的所有網(wǎng)絡(luò)請求.對于我們需要的接口數(shù)據(jù)上傳到我們自己的服務(wù)器中
工具:
monkeyDev
PPSNetworkMonitor開源庫中的代碼
代碼如下:
PPSURLSessionConfiguration.h
@interface PPSURLSessionConfiguration : NSObject
@property (nonatomic,assign) BOOL isSwizzle;
+ (PPSURLSessionConfiguration *)defaultConfiguration;
/**
* swizzle NSURLSessionConfiguration's protocolClasses method
*/
- (void)load;
/**
* make NSURLSessionConfiguration's protocolClasses method is normal
*/
- (void)unload;
@end
PPSURLSessionConfiguration.m
#import "PPSURLSessionConfiguration.h"
#import <objc/runtime.h>
#import "PPSURLProtocol.h"
@implementation PPSURLSessionConfiguration
+ (PPSURLSessionConfiguration *)defaultConfiguration {
static PPSURLSessionConfiguration *staticConfiguration;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
staticConfiguration=[[PPSURLSessionConfiguration alloc] init];
});
return staticConfiguration;
}
- (instancetype)init {
self = [super init];
if (self) {
self.isSwizzle=NO;
}
return self;
}
- (void)load {
self.isSwizzle=YES;
Class cls = NSClassFromString(@"__NSCFURLSessionConfiguration") ?: NSClassFromString(@"NSURLSessionConfiguration");
[self swizzleSelector:@selector(protocolClasses) fromClass:cls toClass:[self class]];
}
- (void)unload {
self.isSwizzle=NO;
Class cls = NSClassFromString(@"__NSCFURLSessionConfiguration") ?: NSClassFromString(@"NSURLSessionConfiguration");
[self swizzleSelector:@selector(protocolClasses) fromClass:cls toClass:[self class]];
}
- (void)swizzleSelector:(SEL)selector fromClass:(Class)original toClass:(Class)stub {
Method originalMethod = class_getInstanceMethod(original, selector);
Method stubMethod = class_getInstanceMethod(stub, selector);
if (!originalMethod || !stubMethod) {
[NSException raise:NSInternalInconsistencyException format:@"Couldn't load NEURLSessionConfiguration."];
}
method_exchangeImplementations(originalMethod, stubMethod);
}
- (NSArray *)protocolClasses {
return @[[PPSURLProtocol class]];
//如果還有其他的監(jiān)控protocol悍赢,也可以在這里加進(jìn)去
}
@end
PPSURLProtocol.h
@interface PPSURLProtocol : NSURLProtocol
+ (void)start;
+ (void)end;
@end
PPSURLProtocol.m
#import "PPSURLSessionConfiguration.h"
static NSString *const PPSHTTP = @"PPSHTTP";//為了避免canInitWithRequest和canonicalRequestForRequest的死循環(huán)
@interface PPSURLProtocol()<NSURLConnectionDelegate,NSURLConnectionDataDelegate>
@property (nonatomic, strong) NSURLConnection *connection;
@property (nonatomic, strong) NSURLRequest *pps_request;
@property (nonatomic, strong) NSURLResponse *pps_response;
@property (nonatomic, strong) NSMutableData *pps_data;
@end
@implementation PPSURLProtocol
#pragma mark - init
- (instancetype)init {
self = [super init];
if (self) {
}
return self;
}
+ (void)load {
}
+ (void)start {
PPSURLSessionConfiguration *sessionConfiguration = [PPSURLSessionConfiguration defaultConfiguration];
[NSURLProtocol registerClass:[PPSURLProtocol class]];
if (![sessionConfiguration isSwizzle]) {
[sessionConfiguration load];
}
}
+ (void)end {
PPSURLSessionConfiguration *sessionConfiguration = [PPSURLSessionConfiguration defaultConfiguration];
[NSURLProtocol unregisterClass:[PPSURLProtocol class]];
if ([sessionConfiguration isSwizzle]) {
[sessionConfiguration unload];
}
}
/**
需要控制的請求
@param request 此次請求
@return 是否需要監(jiān)控
*/
+ (BOOL)canInitWithRequest:(NSURLRequest *)request {
if (![request.URL.scheme isEqualToString:@"http"] &&
![request.URL.scheme isEqualToString:@"https"]) {
return NO;
}
//如果是已經(jīng)攔截過的 就放行
if ([NSURLProtocol propertyForKey:PPSHTTP inRequest:request] ) {
return NO;
}
return YES;
}
/**
設(shè)置我們自己的自定義請求
可以在這里統(tǒng)一加上頭之類的
@param request 應(yīng)用的此次請求
@return 我們自定義的請求
*/
+ (NSURLRequest *)canonicalRequestForRequest:(NSURLRequest *)request {
NSMutableURLRequest *mutableReqeust = [request mutableCopy];
[NSURLProtocol setProperty:@YES
forKey:PPSHTTP
inRequest:mutableReqeust];
return [mutableReqeust copy];
}
- (void)startLoading {
NSURLRequest *request = [[self class] canonicalRequestForRequest:self.request];
self.connection = [[NSURLConnection alloc] initWithRequest:request delegate:self startImmediately:YES];
self.pps_request = self.request;
}
- (void)stopLoading {
[self.connection cancel];
//獲取請求方法
NSString *requestMethod = self.pps_request.HTTPMethod;
NSLog(@"請求方法:%@\n",requestMethod);
//獲取請求頭
NSDictionary *headers = self.pps_request.allHTTPHeaderFields;
NSLog(@"請求頭:\n");
for (NSString *key in headers.allKeys) {
NSLog(@"%@ : %@",key,headers[key]);
}
//獲取請求結(jié)果
// 上傳攔截結(jié)果到我們自己服務(wù)器上
NSString *string = [self responseJSONFromData:self.pps_data];
NSLog(@"請求結(jié)果:%@",string);
if ([[self.request.URL absoluteString] containsString:@"liked"]) {
NSURLSession *session = [NSURLSession sharedSession];
NSURL *url = [NSURL URLWithString:@"xxxx"];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
request.HTTPMethod = @"POST";
request.HTTPBody = [[NSString stringWithFormat:@"json_data=%@", string] dataUsingEncoding:NSUTF8StringEncoding];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
}];
[dataTask resume];
}
}
#pragma mark - NSURLConnectionDelegate
- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error{
[self.client URLProtocol:self didFailWithError:error];
}
- (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection{
return YES;
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
[self.client URLProtocol:self didReceiveAuthenticationChallenge:challenge];
}
- (void)connection:(NSURLConnection *)connection
didCancelAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
[self.client URLProtocol:self didCancelAuthenticationChallenge:challenge];
}
#pragma mark - NSURLConnectionDataDelegate
-(NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)response{
if (response != nil) {
self.pps_response = response;
[self.client URLProtocol:self wasRedirectedToRequest:request redirectResponse:response];
}
return request;
}
- (void)connection:(NSURLConnection *)connection
didReceiveResponse:(NSURLResponse *)response {
[[self client] URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageAllowed];
self.pps_response = response;
}
- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data {
[self.client URLProtocol:self didLoadData:data];
[self.pps_data appendData:data];
NSLog(@"receiveData");
}
- (NSCachedURLResponse *)connection:(NSURLConnection *)connection
willCacheResponse:(NSCachedURLResponse *)cachedResponse {
return cachedResponse;
}
- (void)connectionDidFinishLoading:(NSURLConnection *)connection {
[[self client] URLProtocolDidFinishLoading:self];
}
//轉(zhuǎn)換json
-(id)responseJSONFromData:(NSData *)data {
if(data == nil) return nil;
NSError *error = nil;
id returnValue = [NSJSONSerialization JSONObjectWithData:data options:0 error:&error];
if(error) {
NSLog(@"JSON Parsing Error: %@", error);
//https://github.com/coderyi/NetworkEye/issues/3
return nil;
}
//https://github.com/coderyi/NetworkEye/issues/1
if (!returnValue || returnValue == [NSNull null]) {
return nil;
}
NSData *jsonData = [NSJSONSerialization dataWithJSONObject:returnValue options:NSJSONWritingPrettyPrinted error:nil];
NSString *jsonString = [[NSString alloc]initWithData:jsonData encoding:NSUTF8StringEncoding];
return jsonString;
}
- (NSMutableData *)pps_data {
if (!_pps_data) {
_pps_data = [NSMutableData data];
}
return _pps_data;
}
@end
如上兩個文件導(dǎo)入MonkeyDev中 就會在如下方法中
- (void)stopLoading {...}
攔截你所導(dǎo)入的目標(biāo)ipa的所有網(wǎng)絡(luò)請求 .
根據(jù)抓包地址確定你需要的接口數(shù)據(jù)進(jìn)行過濾
// 例如我需要的接口xxx
if ([[self.request.URL absoluteString] containsString:@"xxxx"]){}
好了 到此為止攔擊所有app的網(wǎng)絡(luò)請求就完成了, 如果有不明白或者工具不會使用的留言,看到就會回答. 感謝大家!!!
