1.安装 frida-server
adb push frida-server-15.1.12-android-arm64 /data/local/tmp adb shell chmod 755 /data/local/tmp/frida-server-15.1.12-android-arm64
2.安装 objection
pip3 install objection
pip3 install --upgrade objection
3.启动 frida-server
adb shell /data/local/tmp/frida-server-15.1.12-android-arm64
4.使用objection
参考资料:
https://baijiahao.baidu.com/s?id=1680254855843073847&wfr=spider&for=pc
https://blog.csdn.net/song_lee/article/details/108993169
#objection -g 包名 explore
objection -g com.immomo.momo explore
#列出所有activity
android hooking list activities
#列出内存中所有类
android hooking list classes
#根据关键字搜索内存中的类
android hooking search classes Okhttp
#列出类的所有方法
android hooking list class_methods com.fish.main.MainGameActivity
#hook 指定类
android hooking watch class com.xxx.xxx
#hook 指定方法,打印出入参,堆栈
android hooking watch class_method com.xxx.xxx.methodName --dump-args --dump-backtrace --dump-return
#关闭SSL证书锁定,可以抓包
android sslpinning disable
5.使用 frida 脚本注入
参考资料:https://blog.csdn.net/cqcre/article/details/107602760
Java.perform(function () { var OkHttpClient = Java.use("okhttp3.OkHttpClient"); OkHttpClient.newCall.implementation = function (request) { var result = this.newCall(request); console.log(request.url()); var headers = request.headers(); for (var i=0;i<headers.size();i++) { console.log(headers.name(i) + "=" + headers.value(i)); } console.log("===================================="); return result; }; });
#列出正在运行的进程
frida-ps -U
#注入指定pid的进程
frida -U -p 11097 explore -l hook_momo_http.js
#spawn模式会直接调起进程,可以注入启动前期,通过 -f 参数指定spawn模式
frida -U -f tv.w.com -l hool_live.js