您现在的位置是: 网站首页> 学习笔记> JS逆向 JS逆向

常用的JS hook代码

2021-01-06 [JS逆向] [hook] 7787人已围观

hook eval

// 保存原始方法
window.__cr_eval = window.eval;
// 重写eval方法
var myeval = function(src){
    console.log(src);
    console.log("=============== eval end ===============");
    debugger;
    return window.__cr_eval(src);
}
var _myeval = myeval.bind(null);
// 这里主要是屏蔽js中对原生函数native属性的检测
_myeval.toString = window.__cr_eval.toString;
Object.defineProperty(window, 'eval', {value: _myeval});

hook Function

window.__cr_fun = window.Function;
var myfun = function(){
    var args = Array.prototype.slice.call(arguments, 0, -1).join(","), src = arguments[arguments.length - 1]
    console.log(src);
    console.log("=============== Function end ===============");
    debugger;
    return window.__cr_fun.apply(this, arguments);
}
// 这里主要是屏蔽js中对原生函数native属性的检测
myfun.toString = function(){return window.__cr_fun + ""}
Object.defineProperty(window, 'Function', {value: myfun});

hook JSON.stringify、JSON.parse

var my_stringify = JSON.stringify;
JSON.stringify = function(params){
    console.log("hook", params);
    debugger;
    return my_stringify(params);
};

var my_parse = JSON.parse;
JSON.parse = function(params){
    console.log("hook", params);
    debugger;
    return my_parse(params);
};

hook某一个cookie设置的地方

(function () {
   Object.defineProperty(document, 'cookie', {
       set: function (cookie) {
           if(cookie.indexOf('RM4hZBv0dDon443M') != -1){
                debugger;
           }
           return cookie;
       }
   })
})();

hook所有cookie

var cookie_cache = document.cookie;
Object.defineProperty(document, 'cookie', {
    get: function(){
        console.log('Getting cookie');
        return cookie_cache;
    },
    set: function(val){
        console.log('Stting cookie', val);
        var cookie = val.split(';')[0];
        var ncookie = cookie.split('=');
        var flag = false;
        var cache = cookie_cache.split('; ');
        cache = cache.map(function(a){
            if (a.split('=')[0] === ncookie[0]){
                falg = true;
                return cookie;
            }
            return a;
        })
        cookie_cache = cache.join('; ');
        if(!falg){
            cookie_cache += cookie + '; ';
        }
        this._value = val;
        return cookie_cache;
    },
});

hook window对象

var window_flag_1 = 'object1'; // 修改为需要hook的对象
var window_flag_2 = 'object2'; // hook对象的对象

var key_value_map = {};
var window_value = window[window_flag_1];

Object.defineProperty(window, window_flag_1, {
    get: function(){
        console.log('Getting', window, window_flag_1, '=', window_value);
        debugger;
        return window_value;
    },
    set: function(val){
        console.log('Setting', window, window_flag_1, '=', val);
        debugger;
        window_value = val;
        key_value_map[window[window_flag_1]] = window_flag_1;
        set_obj_attr(window[window_flag_1], window_flag_2);
    },
});

function set_obj_attr(obj, attr){
    var obj_arrt_value = obj[attr];
    Object.defineProperty(obj, attr, {
        get:function(){
            console.log('Getting', key_value_map[obj], attr, '=', obj_arrt_value);
            debugger;
            return obj_arrt_value
        },
        set: function(val){
            console.log('Setting', key_value_map[obj], attr, '=', val);
            debugger;
            obj_arrt_value = val;
        },
    });
};

hook WebSocket

WebSocket.prototype.senda = WebSocket.prototype.send;
WebSocket.prototype.send = function(data){
    console.log('Hook WebSocket', data);
    return this.senda(data);
};

文章评论

暂无评论

添加评论





本栏推荐

站点信息

  • 建站时间:2021-01-01
  • 网站程序:Django 3.1.2
  • 文章统计:53篇
  • 文章评论:36条
  • 统计数据