具体代码如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | # -*- coding: UTF-8 -*- from·fastapi import FastAPI import uvicorn import frida jsCode = """ function hookTest(username, passward){ var result; Java.perform(function(){ var time = new Date().getTime(); time = '1597582774344'; var string = Java.use('java.lang.String'); var signData = string.$new('equtype=ANDROID&loginImei=Android352689082129358&timeStamp=' + time + '&userPwd=' + passward + '&username=' + username + '&key=sdlkjsdljf0j2fsjk'); var Utils = Java.use('com.dodonew.online.util.Utils'); var sign = Utils.md5(signData).toUpperCase(); console.log('sign: ', sign); var encryptData = '{"equtype":"ANDROID","loginImei":"Android352689082129358","sign":"'+ sign +'","timeStamp":"'+ time +'","userPwd":"' + passward + '","username":"' + username + '"}'; var RequestUtil = Java.use('com.dodonew.online.http.RequestUtil'); var Encrypt = RequestUtil.encodeDesMap(encryptData, '65102933', '32028092'); console.log('Encrypt: ', Encrypt); result = Encrypt; }); return result; } rpc.exports = { xiaobai: hookTest }; """; #调用frida脚本 链接多个设备 process = frida.get_device_manager().add_remote_device('192.168.1.11:27042').attach("com.dodonew.online") script = process.create_script(jsCode) print('[*] Running 小白') script.load() app = FastAPI() @app.get("/get") #注意这里url上没有定义参数 async def getEchoApi(item_id, item_user, item_pass): #fastapi会聪明的发现它不是URL参数,然后自动将他识别为param参数 #RPC远程调用 result = script.exports.xiaobai(item_user, item_pass) return {"item_id": item_id, "item_retval": result} if __name__ == '__main__': uvicorn.run(app, port = 8080) |
原文链接:http://www.baipiaozhong.xyz/272/,转载请注明出处。
评论0