-
Notifications
You must be signed in to change notification settings - Fork 4
/
agent.js
85 lines (67 loc) · 3.56 KB
/
agent.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
/*
* Auto-generated by Frida. Please modify to match the signature of -[ZHRequestHandle sendRequestWithURL:parameter:security:weakself:showHUDView:showHUDText:completionBlock:errorBlock:].
* This stub is currently auto-generated from manpages when available.
*
* For full API reference, see: http://www.frida.re/docs/javascript-api/
*/
{
/**
* Called synchronously when about to call -[ZHRequestHandle sendRequestWithURL:parameter:security:weakself:showHUDView:showHUDText:completionBlock:errorBlock:].
*
* @this {object} - Object allowing you to store state for use in onLeave.
* @param {function} log - Call this function with a string to be presented to the user.
* @param {array} args - Function arguments represented as an array of NativePointer objects.
* For example use Memory.readUtf8String(args[0]) if the first argument is a pointer to a C string encoded as UTF-8.
* It is also possible to modify arguments by assigning a NativePointer object to an element of this array.
* @param {object} state - Object allowing you to keep state across function calls.
* Only one JavaScript function will execute at a time, so do not worry about race-conditions.
* However, do not use this to store function arguments across onEnter/onLeave, but instead
* use "this" which is an object for keeping state local to an invocation.
*/
onEnter: function (log, args, state) {
//log("-[ZHRequestHandle sendRequestWithURL:" + args[2] + " parameter:" + args[3] + " security:" + args[4] + " weakself:" + args[5] + " showHUDView:" + args[6] + " showHUDText:" + args[7] + " completionBlock:" + args[8] + " errorBlock:" + args[9] + "]");
//console.log(new ObjC.Object(args[3]).$className);
log("[+] INTO HOOK METHOD");
var url = new ObjC.Object(args[2]);
var dict = new ObjC.Object(args[3]);
var enumerator = dict.keyEnumerator();
var key;
var result = {};
while((key = enumerator.nextObject()) !== null) {
var value = dict.objectForKey_(key);
console.log(key + ":" + value);
result[key] = value.toString();
}
result['orig_request_url'] = url.toString();
send({from:'/http', payload:JSON.stringify(result)});
var op = recv('input', function onMessage(value){
log("[-] Forwarding from content: " + value.payload);
var NSMutableDictionary = ObjC.classes.NSMutableDictionary;
var NSDictionary = ObjC.classes.NSDictionary;
var tmpdict = NSMutableDictionary.alloc().init();
var ret_json = JSON.parse(value.payload);
for (var key in ret_json) {
log("[-] ret Key: " + key + " Value: " + ret_json[key]);
tmpdict.setObject_forKey_(ret_json[key], key);
}
var modify_dict = NSDictionary.dictionaryWithDictionary_(tmpdict);
//console.log("Result Dictionary:" + new ObjC.Object(modify_dict).$className);
// Modify orig arg
args[3] = modify_dict;
});
op.wait();
//console.log(JSON.stringify(result));
},
/**
* Called synchronously when about to return from -[ZHRequestHandle sendRequestWithURL:parameter:security:weakself:showHUDView:showHUDText:completionBlock:errorBlock:].
*
* See onEnter for details.
*
* @this {object} - Object allowing you to access state stored in onEnter.
* @param {function} log - Call this function with a string to be presented to the user.
* @param {NativePointer} retval - Return value represented as a NativePointer object.
* @param {object} state - Object allowing you to keep state across function calls.
*/
onLeave: function (log, retval, state) {
}
}