1隙券、安裝python3
brew install python3
2、安裝frida
pip3 install frida-tools 指令安裝frida
3闹司、在iOS設(shè)備安裝frida
在cydia中添加frida源 https://build.frida.re娱仔,點(diǎn)擊 添加源 進(jìn)行添加,
在cydia添加frida源后,搜索frida,根據(jù)iOS設(shè)備版本安裝對(duì)應(yīng)的frida服務(wù)端
4游桩、frida的使用
- frida-ps -U 查看通過(guò)USB連接的iOS設(shè)備上運(yùn)行的程序
- frida-ps -Ua 查看正在運(yùn)行的應(yīng)用程序
- frida-ps -Uai 查看iOS設(shè)備中已經(jīng)安裝的應(yīng)用程序
- frida-trace -U -f <bundleId> -m "-[* *]" 用于追蹤iOS應(yīng)用的方法調(diào)用牲迫,當(dāng)然我們使用某個(gè)功能時(shí),如果這個(gè)功能調(diào)用的方法包含有我們需要追蹤的方法借卧,則會(huì)打印出來(lái)
5盹憎、frida抓取網(wǎng)絡(luò)請(qǐng)求包主要代碼,攔截block
if(ObjC.available){ //判斷Object-C類方法是否已經(jīng)加載進(jìn)來(lái)
console.log('\n[*] Starting Hooking');
var _className = "AFHTTPSessionManager"; //類名
var _methodName = "- POST:parameters:progress:success:failure:"; //方法名
var hooking = ObjC.classes[_className][_methodName]; //通過(guò)ObjC.classes返回當(dāng)前注冊(cè)類的映射表找到想要hook的類名、方法名
console.log('className is: ' + _className + ' and methodName is: ' + _methodName);
const pendingBlocks = new Set()
Interceptor.attach(hooking.implementation,{
onEnter: function(args) {
//args[0]:self
//args[1]:The selector
//args[2]:方法的第一個(gè)參數(shù)開(kāi)始
var param = new ObjC.Object(args[2]);
console.log('請(qǐng)求url:'+param);
var param2 = new ObjC.Object(args[3]);
console.log('請(qǐng)求參數(shù):'+param2);
const block = new ObjC.Block(args[5]);
pendingBlocks.add(block); // Keep it alive
const appCallback = block.implementation;
block.implementation = (success1, success2) => {
console.log('網(wǎng)絡(luò)請(qǐng)求成功回調(diào)success1'+success1+'success2'+success2);
const result = appCallback(success1, success2);
pendingBlocks.delete(block);
return result;
};
},
onLeave:function(returnValue){
//如下代碼則是我們?cè)诤瘮?shù)調(diào)用之后 打印函數(shù)的返回值及函數(shù)返回值類型
console.log('Return value of: ');
console.log(' ' + this._className + ' --> ' + this._methodName);
var typeValue = Object.prototype.toString.call(returnValue);
console.log("\t[-] Type of return value: " + typeValue);
console.log("\t[-] Return Value: " + returnValue);
}
});
}
