xposed module 获取花呗账单
xposed module 获取花呗账单
目标
xposed module获取android花呗的近几月的账单信息
分析
- 花呗在android有支付宝和淘宝两个入口,支付宝感觉上更难实现(没有研究过),所以从淘宝切入
- 淘宝上进入花呗是通过webview打开页面
- charles能抓取到花呗在webview里请求账单的请求,发现请求中值得注意的只有cookie,所以只要能得到cookie就能模拟请求去获得账单
- module只要能拿到淘宝登录过后进入花呗后的cookie
- 拿到cookie请求账单,要注意每次请求response headers里的set-cookie header头
实现
package com.wrq.hook;
import android.webkit.CookieManager;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import static de.robv.android.xposed.XposedBridge.hookAllConstructors;
import static de.robv.android.xposed.XposedHelpers.findClass;
import de.robv.android.xposed.XC_MethodHook;
import java.net.URL;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
public class Test implements IXposedHookLoadPackage {
//用来在Logcat看的标签
private static String TAG = "hook-bill";
private boolean hooked = false;
public static void logInfo(String info) {
XposedBridge.log(TAG + " info: " + info);
}
public static void logError(Exception e) {
XposedBridge.log(TAG + " error: " + e);
}
public void setHooked(boolean hooked) {
this.hooked = hooked;
}
public boolean getHooked() {
return hooked;
}
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
// 打印装载的apk程序包名
logInfo("Launch app:" + loadPackageParam.packageName);
//如果加载的包不是淘宝return
if(!loadPackageParam.packageName.equals("com.taobao.taobao")) return;
try {
final Class<?> httpUrlConnection = findClass("java.net.HttpURLConnection", loadPackageParam.classLoader);
//hook http连接建立的构造函数
hookAllConstructors(httpUrlConnection, new XC_MethodHook() {
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
try {
//如果已经获取到cookie
if(getHooked()) return;
if (param.args.length != 1 || param.args[0].getClass() != URL.class) return;
//判断请求地址是否是花呗账单请求地址
if(!param.args[0].toString().contains("renderMonthBillList")) return;
setHooked(true);
//获取cookie
String cookie = CookieManager.getInstance().getCookie("https://pcreditweb.alipay.com");
logInfo("cookie:" + cookie);
} catch(Exception e) {
logError(e);
}
}
});
} catch (Exception e) {
logError(e);
}
}
}