cydia Impactor是使用Curl来与通过通信进行签名,因此一般的中间人代理工具如fidder之类的是抓取不到协议的。
DWORD esp_reg = 0;
std::size_t len111 = 0;
__declspec(naked) void new_Curl_ossl_send(void* conn, int sockindex, const void *mem, size_t len){
_asm pop esp_reg
_asm call old_Curl_ossl_send
_asm pushad
_asm mov len111, eax
Log((const char*)mem, len);
_asm popad
_asm mov eax, len111;
_asm push esp_reg
_asm retn
}
__declspec(naked) std::size_t new_Curl_ossl_recv(void* conn, int num, char *buf, size_t buffersize, bool *wouldblock){
_asm pop esp_reg
_asm call old_Curl_ossl_recv
_asm pushad
_asm mov len111, eax
Log((const char*)buf, len111);
_asm popad
_asm mov eax, len111;
_asm push esp_reg
_asm retn
}
CFHTTPMessageRef (*OldCFHTTPMessageCreateRequest)(CFAllocatorRef alloc,
CFStringRef requestMethod, CFURLRef url, CFStringRef httpVersion) = CFHTTPMessageCreateRequest;
CFHTTPMessageRef NewCFHTTPMessageCreateRequest(CFAllocatorRef alloc,
CFStringRef requestMethod,CFURLRef url,CFStringRef httpVersion){
if (OldCFHTTPMessageCreateRequest != nullptr){
char url_out[1024] = {0};
if (CFStringGetCString(CFURLGetString(url), url_out, 1024, kCFStringEncodingUTF8)){
std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);
outfile.write(url_out, strlen(url_out));
outfile.write("\r\n\r\n", 4);
outfile.close();
}
OutputDebugStringA(url_out);
return OldCFHTTPMessageCreateRequest(alloc, requestMethod, url, httpVersion);
}
return nullptr;
}
void(*OldCFHTTPMessageSetBody)(CFHTTPMessageRef message, CFDataRef bodyData) = CFHTTPMessageSetBody;
void NewCFHTTPMessageSetBody(CFHTTPMessageRef message, CFDataRef bodyData){
if (OldCFHTTPMessageSetBody != nullptr){
const UInt8* data = CFDataGetBytePtr(bodyData);
const CFIndex length = CFDataGetLength(bodyData);
if (length){
std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);
outfile.write((char*)data, length);
outfile.write("\r\n\r\n", 4);
outfile.close();
}
OldCFHTTPMessageSetBody(message, bodyData);
}
}
#elif defined(HOOK_WINHTTP)
BOOL WINAPI NewWinHttpSendRequest(
_In_ HINTERNET hRequest,
_In_opt_ LPCWSTR pwszHeaders,
_In_ DWORD dwHeadersLength,
_In_opt_ LPVOID lpOptional,
_In_ DWORD dwOptionalLength,
_In_ DWORD dwTotalLength,
_In_ DWORD_PTR dwContext
){
USES_CONVERSION;
std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);
outfile.write((char*)W2A(pwszHeaders), dwHeadersLength);
outfile.write("\r\n\r\n", 4);
outfile.close();
if (dwOptionalLength){
std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);
outfile.write((char*)lpOptional, dwOptionalLength);
outfile.write("\r\n\r\n", 4);
outfile.close();
}
return OldWinHttpSendRequest(hRequest, pwszHeaders, dwHeadersLength, lpOptional, dwOptionalLength, dwTotalLength, dwContext);
}
HINTERNET WINAPI NewWinHttpOpenRequest(
_In_ HINTERNET hConnect,
_In_ LPCWSTR pwszVerb,
_In_ LPCWSTR pwszObjectName,
_In_ LPCWSTR pwszVersion,
_In_ LPCWSTR pwszReferrer,
_In_ LPCWSTR *ppwszAcceptTypes,
_In_ DWORD dwFlags
){
HINTERNET result = OldWinHttpOpenRequest(hConnect, pwszVerb, pwszObjectName, pwszVersion, pwszReferrer, ppwszAcceptTypes, dwFlags);
IEProxy::ConfigureSSL(result);
IEProxy::ConfigureProxy(result);
return result;
}
#else
BOOL WINAPI NewHttpSendRequest(
_In_ HINTERNET hRequest,
_In_ LPCTSTR lpszHeaders,
_In_ DWORD dwHeadersLength,
_In_ LPVOID lpOptional,
_In_ DWORD dwOptionalLength
){
USES_CONVERSION;
std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);
outfile.write((char*)W2A(lpszHeaders), wcslen(lpszHeaders));
outfile.write("\r\n\r\n", 4);
outfile.close();
if (dwOptionalLength){
std::ofstream outfile("F:\\cfnetwork_hsts\\Release\\new.txt", std::ofstream::binary | std::ofstream::app);
outfile.write((char*)lpOptional, dwOptionalLength);
outfile.write("\r\n\r\n", 4);
outfile.close();
}
return OldHttpSendRequest(hRequest, lpszHeaders, dwHeadersLength, lpOptional, dwOptionalLength);
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
最后于 2018-4-23 00:28
被猪会被杀掉编辑
,原因: