xposed module 获取花呗账单

xposed module 获取花呗账单

---

目标

xposed module获取android花呗的近几月的账单信息

---

分析

1. 花呗在android有支付宝和淘宝两个入口，支付宝感觉上更难实现(没有研究过)，所以从淘宝切入
2. 淘宝上进入花呗是通过webview打开页面
3. charles能抓取到花呗在webview里请求账单的请求，发现请求中值得注意的只有cookie，所以只要能得到cookie就能模拟请求去获得账单
4. module只要能拿到淘宝登录过后进入花呗后的cookie
5. 拿到cookie请求账单，要注意每次请求response headers里的set-cookie header头

实现

package com.wrq.hook;

import android.webkit.CookieManager;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import static de.robv.android.xposed.XposedBridge.hookAllConstructors;
import static de.robv.android.xposed.XposedHelpers.findClass;
import de.robv.android.xposed.XC_MethodHook;
import java.net.URL;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;

public class Test implements IXposedHookLoadPackage {

    //用来在Logcat看的标签
    private static String TAG = "hook-bill";
    private boolean hooked = false;

    public static void logInfo(String info) {
        XposedBridge.log(TAG + " info: " +  info);
    }

    public static void logError(Exception e) {
        XposedBridge.log(TAG + " error: " + e);
    }

    public void setHooked(boolean hooked) {
        this.hooked = hooked;
    }

    public boolean getHooked() {
        return hooked;
    }

    @Override
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        // 打印装载的apk程序包名
        logInfo("Launch app:" + loadPackageParam.packageName);
        //如果加载的包不是淘宝return
        if(!loadPackageParam.packageName.equals("com.taobao.taobao")) return;

        try {
            final Class<?> httpUrlConnection = findClass("java.net.HttpURLConnection", loadPackageParam.classLoader);
            //hook http连接建立的构造函数
            hookAllConstructors(httpUrlConnection, new XC_MethodHook() {
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    try {
                        //如果已经获取到cookie
                        if(getHooked()) return;
                        if (param.args.length != 1 || param.args[0].getClass() != URL.class) return;

                        //判断请求地址是否是花呗账单请求地址
                        if(!param.args[0].toString().contains("renderMonthBillList")) return;

                        setHooked(true);
                        //获取cookie
                        String cookie = CookieManager.getInstance().getCookie("https://pcreditweb.alipay.com");
                        logInfo("cookie:" + cookie);
                    } catch(Exception e) {
                        logError(e);
                    }
                }
            });
        } catch (Exception e) {
            logError(e);
        }
    }
}