我是靠谱客的博主 眯眯眼犀牛,这篇文章主要介绍知识笔记 - 记录JS逆向中常用的Hook方法1. hook cookie2. hook eval3. hook 字符串方法4. hook debugger5. hook ajax,现在分享给大家,希望可以做个参考。
文章目录
- 1. hook cookie
- 2. hook eval
- 3. hook 字符串方法
- 4. hook debugger
- 5. hook ajax
1. hook cookie
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19(function() { console.log('enter cookiehook') var cookieTemp = ''; Object.defineProperty(document, 'cookie', { set: function(val) { console.log('捕获到cookie设置->', val); if (val.indexOf('target') != -1) { debugger; } cookieTemp = val; return val; }, get: function() { console.log(document.cookie) return document.cookie; }, }); })()
2. hook eval
复制代码
1
2
3
4
5
6
7
8
9
10(function() { var _eval = window.eval; window.eval = function(x){ debugger; _eval(x); }; //防检测 window.eval.toString = _eval.toString; })();
3. hook 字符串方法
复制代码
1
2
3
4
5
6
7
8
9
10
11//split方法 String.prototype._split=String.prototype.split; String.prototype.split = function(val){ debugger; return this.toString()._spilt(val) } //伪装原型链 String.prototype.split.toString=function(){ return 'function split() { [native code] }' }
4. hook debugger
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42//方式1 Function.prototype.constructor=function(){}; Function.prototype.constructor_bc=Function.prototype.constructor; Function.prototype.constructor=function(){ if (arguments==="debugger"){return} else{return Function.prototype.constructor_bc.apply(this,arguments)} }; //方式2 _eval = eval eval = function () { if (argument.indexOf("debugger") === 0) { return } return _eval.apply(argument) } //方式3 _eval = eval eval = function () { reg = RegExp(/debugger/) if (reg.exec(argument)) { return } return _eval.apply(argument) } //方式4 _Function = Function Function = function () { if (argument.indexOf("debugger") === 0) { return } return _Function.apply(argument) } //方式5 _Function = Function Function = function () { reg = RegExp(/debugger/) if (reg.exec(argument)) { return } return _Function.apply(argument) }
5. hook ajax
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120!function (t) { function n(e) { if (r[e]) return r[e].exports; var i = r[e] = { exports: {}, id: e, loaded: !1 }; return t[e].call(i.exports, i, i.exports, n), i.loaded = !0, i.exports } var r = {}; return n.m = t, n.c = r, n.p = "", n(0) }([function (t, n, r) { r(1)(window) }, function (t, n) { t.exports = function (t) { var n = "RealXMLHttpRequest"; t.hookAjax = function (t) { function r(n) { return function () { var r = this.hasOwnProperty(n + "_") ? this[n + "_"] : this.xhr[n], e = (t[n] || {}).getter; return e && e(r, this) || r } } function e(n) { return function (r) { var e = this.xhr, i = this, o = t[n]; if ("function" == typeof o) e[n] = function () { t[n](i) || r.apply(e, arguments) }; else { var u = (o || {}).setter; r = u && u(r, i) || r; try { e[n] = r } catch (t) { this[n + "_"] = r } } } } function i(n) { return function () { var r = [].slice.call(arguments); if (!t[n] || !t[n].call(this, r, this.xhr)) return this.xhr[n].apply(this.xhr, r) } } return window[n] = window[n] || XMLHttpRequest, XMLHttpRequest = function () { var t = new window[n]; for (var o in t) { var u = ""; try { u = typeof t[o] } catch (t) { } "function" === u ? this[o] = i(o) : Object.defineProperty(this, o, { get: r(o), set: e(o), enumerable: !0 }) } this.xhr = t }, window[n] }, t.unHookAjax = function () { window[n] && (XMLHttpRequest = window[n]), window[n] = void 0 }, t.default = t } }]); hookAjax( // hook functions and callbacks of XMLHttpRequest object { onreadystatechange: function (xhr) { //console.log("onreadystatechange called: %O", xhr) }, onload: function (xhr) { //console.log("onload called: %O", xhr) xhr.responseText = "hook" + xhr.responseText; }, open: function (arg, xhr) { console.log("open called: method:%s,url:%s,async:%s", arg[0], arg[1], arg[2], xhr); // arg[1] += "?hook_tag=1"; //统一添加请求头 }, send: function (arg, xhr) { console.log("send called: %O", arg[0]); xhr.setRequestHeader("_custom_header_", "ajaxhook") }, setRequestHeader: function (arg, xhr) { console.log("setRequestHeader called!", arg) }, // hook attributes of XMLHttpRequest object timeout: { setter: function (v, xhr) { //timeout shouldn't exceed 10s return Math.max(v, 1000); } } } );
最后
以上就是眯眯眼犀牛最近收集整理的关于知识笔记 - 记录JS逆向中常用的Hook方法1. hook cookie2. hook eval3. hook 字符串方法4. hook debugger5. hook ajax的全部内容,更多相关知识笔记内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复