cydia Impactor是使用Curl来与通过通信进行签名，因此一般的中间人代理工具如fidder之类的是抓取不到协议的。

DWORD esp_reg = 0;

std::size_t len111 = 0;

__declspec(naked) void new_Curl_ossl_send(void* conn, int sockindex, const void *mem, size_t len){

  _asm pop esp_reg

  _asm call old_Curl_ossl_send

  _asm pushad

  _asm mov len111, eax

  Log((const char*)mem, len);

  _asm popad

  _asm mov eax, len111;

  _asm push esp_reg

  _asm retn

}

__declspec(naked) std::size_t new_Curl_ossl_recv(void* conn, int num, char *buf, size_t buffersize, bool *wouldblock){

  _asm pop esp_reg

  _asm call old_Curl_ossl_recv

  _asm pushad

  _asm mov len111, eax

  Log((const char*)buf, len111);

  _asm popad

  _asm mov eax, len111;

  _asm push esp_reg

  _asm retn

}

CFHTTPMessageRef (*OldCFHTTPMessageCreateRequest)(CFAllocatorRef alloc,

CFStringRef requestMethod, CFURLRef url, CFStringRef httpVersion) = CFHTTPMessageCreateRequest;

CFHTTPMessageRef NewCFHTTPMessageCreateRequest(CFAllocatorRef alloc,

CFStringRef requestMethod,CFURLRef url,CFStringRef httpVersion){

if (OldCFHTTPMessageCreateRequest != nullptr){

char url_out[1024] = {0};

if (CFStringGetCString(CFURLGetString(url), url_out, 1024, kCFStringEncodingUTF8)){

std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);

outfile.write(url_out, strlen(url_out));

outfile.write("\r\n\r\n", 4);

outfile.close();

}

OutputDebugStringA(url_out);

return OldCFHTTPMessageCreateRequest(alloc, requestMethod, url, httpVersion);

}

return nullptr;

}

void(*OldCFHTTPMessageSetBody)(CFHTTPMessageRef message, CFDataRef bodyData) = CFHTTPMessageSetBody;

void NewCFHTTPMessageSetBody(CFHTTPMessageRef message, CFDataRef bodyData){

if (OldCFHTTPMessageSetBody != nullptr){

const UInt8* data = CFDataGetBytePtr(bodyData);

const CFIndex length = CFDataGetLength(bodyData);

if (length){

std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);

outfile.write((char*)data, length);

outfile.write("\r\n\r\n", 4);

outfile.close();

}

OldCFHTTPMessageSetBody(message, bodyData);

}

}

#elif defined(HOOK_WINHTTP)

BOOL WINAPI NewWinHttpSendRequest(

  _In_     HINTERNET hRequest,

  _In_opt_ LPCWSTR   pwszHeaders,

  _In_     DWORD     dwHeadersLength,

  _In_opt_ LPVOID    lpOptional,

  _In_     DWORD     dwOptionalLength,

  _In_     DWORD     dwTotalLength,

  _In_     DWORD_PTR dwContext

  ){

  USES_CONVERSION;

  std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);

  outfile.write((char*)W2A(pwszHeaders), dwHeadersLength);

  outfile.write("\r\n\r\n", 4);

  outfile.close();

  if (dwOptionalLength){

    std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);

    outfile.write((char*)lpOptional, dwOptionalLength);

    outfile.write("\r\n\r\n", 4);

    outfile.close();

  }

  return OldWinHttpSendRequest(hRequest, pwszHeaders, dwHeadersLength, lpOptional, dwOptionalLength, dwTotalLength, dwContext);

}

HINTERNET WINAPI NewWinHttpOpenRequest(

  _In_ HINTERNET hConnect,

  _In_ LPCWSTR   pwszVerb,

  _In_ LPCWSTR   pwszObjectName,

  _In_ LPCWSTR   pwszVersion,

  _In_ LPCWSTR   pwszReferrer,

  _In_ LPCWSTR   *ppwszAcceptTypes,

  _In_ DWORD     dwFlags

  ){

  HINTERNET result = OldWinHttpOpenRequest(hConnect, pwszVerb, pwszObjectName, pwszVersion, pwszReferrer, ppwszAcceptTypes, dwFlags);

  IEProxy::ConfigureSSL(result);

  IEProxy::ConfigureProxy(result);

  return result;

}

#else

BOOL WINAPI NewHttpSendRequest(

  _In_ HINTERNET hRequest,

  _In_ LPCTSTR   lpszHeaders,

  _In_ DWORD     dwHeadersLength,

  _In_ LPVOID    lpOptional,

  _In_ DWORD     dwOptionalLength

  ){

  USES_CONVERSION;

  std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);

  outfile.write((char*)W2A(lpszHeaders), wcslen(lpszHeaders));

  outfile.write("\r\n\r\n", 4);

  outfile.close();

  if (dwOptionalLength){

    std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);

    outfile.write((char*)lpOptional, dwOptionalLength);

    outfile.write("\r\n\r\n", 4);

    outfile.close();

  }

  return OldHttpSendRequest(hRequest, lpszHeaders, dwHeadersLength, lpOptional, dwOptionalLength);

}

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课