前提 : 有時會遇到這樣的需求:將一些別人app上比較優質的內容,用到自己產品中.由于別人的app做了大量的參數加密, 我們獲取不到加密規則,所以使用接口直接調用的方法就走不通.

本文就是要介紹使用逆向技術攔截目標app的所有網絡請求.對于我們需要的接口數據上傳到我們自己的服務器中

工具:

monkeyDev

PPSNetworkMonitor開源庫中的代碼

代碼如下:

PPSURLSessionConfiguration.h

@interface PPSURLSessionConfiguration : NSObject

@property (nonatomic,assign) BOOL isSwizzle;

+ (PPSURLSessionConfiguration *)defaultConfiguration;

/**

* swizzle NSURLSessionConfiguration's protocolClasses method

*/

- (void)load;

/**

* make NSURLSessionConfiguration's protocolClasses method is normal

*/

- (void)unload;

@end

PPSURLSessionConfiguration.m

#import "PPSURLSessionConfiguration.h"

#import

#import "PPSURLProtocol.h"

@implementation PPSURLSessionConfiguration

+ (PPSURLSessionConfiguration *)defaultConfiguration {

static PPSURLSessionConfiguration *staticConfiguration;

static dispatch_once_t onceToken;

dispatch_once(&onceToken, ^{

staticConfiguration=[[PPSURLSessionConfiguration alloc] init];

});

return staticConfiguration;

}

- (instancetype)init {

self = [super init];

if (self) {

self.isSwizzle=NO;

}

return self;

}

- (void)load {

self.isSwizzle=YES;

Class cls = NSClassFromString(@"__NSCFURLSessionConfiguration") ?: NSClassFromString(@"NSURLSessionConfiguration");

[self swizzleSelector:@selector(protocolClasses) fromClass:cls toClass:[self class]];

}

- (void)unload {

self.isSwizzle=NO;

Class cls = NSClassFromString(@"__NSCFURLSessionConfiguration") ?: NSClassFromString(@"NSURLSessionConfiguration");

[self swizzleSelector:@selector(protocolClasses) fromClass:cls toClass:[self class]];

}

- (void)swizzleSelector:(SEL)selector fromClass:(Class)original toClass:(Class)stub {

Method originalMethod = class_getInstanceMethod(original, selector);

Method stubMethod = class_getInstanceMethod(stub, selector);

if (!originalMethod || !stubMethod) {

[NSException raise:NSInternalInconsistencyException format:@"Couldn't load NEURLSessionConfiguration."];

}

method_exchangeImplementations(originalMethod, stubMethod);

}

- (NSArray *)protocolClasses {

return @[[PPSURLProtocol class]];

//如果還有其他的監控protocol，也可以在這里加進去

}

@end

PPSURLProtocol.h

@interface PPSURLProtocol : NSURLProtocol

+ (void)start;

+ (void)end;

@end

PPSURLProtocol.m

#import "PPSURLSessionConfiguration.h"

static NSString *const PPSHTTP = @"PPSHTTP";//為了避免canInitWithRequest和canonicalRequestForRequest的死循環

@interface PPSURLProtocol()

@property (nonatomic, strong) NSURLConnection *connection;

@property (nonatomic, strong) NSURLRequest *pps_request;

@property (nonatomic, strong) NSURLResponse *pps_response;

@property (nonatomic, strong) NSMutableData *pps_data;

@end

@implementation PPSURLProtocol

#pragma mark - init

- (instancetype)init {

self = [super init];

if (self) {

}

return self;

}

+ (void)load {

}

+ (void)start {

PPSURLSessionConfiguration *sessionConfiguration = [PPSURLSessionConfiguration defaultConfiguration];

[NSURLProtocol registerClass:[PPSURLProtocol class]];

if (![sessionConfiguration isSwizzle]) {

[sessionConfiguration load];

}

}

+ (void)end {

PPSURLSessionConfiguration *sessionConfiguration = [PPSURLSessionConfiguration defaultConfiguration];

[NSURLProtocol unregisterClass:[PPSURLProtocol class]];

if ([sessionConfiguration isSwizzle]) {

[sessionConfiguration unload];

}

}

/**

需要控制的請求

@param request 此次請求

@return 是否需要監控

*/

+ (BOOL)canInitWithRequest:(NSURLRequest *)request {

if (![request.URL.scheme isEqualToString:@"http"] &&

![request.URL.scheme isEqualToString:@"https"]) {

return NO;

}

//如果是已經攔截過的 就放行

if ([NSURLProtocol propertyForKey:PPSHTTP inRequest:request] ) {

return NO;

}

return YES;

}

/**

設置我們自己的自定義請求

可以在這里統一加上頭之類的

@param request 應用的此次請求

@return 我們自定義的請求

*/

+ (NSURLRequest *)canonicalRequestForRequest:(NSURLRequest *)request {

NSMutableURLRequest *mutableReqeust = [request mutableCopy];

[NSURLProtocol setProperty:@YES

forKey:PPSHTTP

inRequest:mutableReqeust];

return [mutableReqeust copy];

}

- (void)startLoading {

NSURLRequest *request = [[self class] canonicalRequestForRequest:self.request];

self.connection = [[NSURLConnection alloc] initWithRequest:request delegate:self startImmediately:YES];

self.pps_request = self.request;

}

- (void)stopLoading {

[self.connection cancel];

//獲取請求方法

NSString *requestMethod = self.pps_request.HTTPMethod;

NSLog(@"請求方法：%@\n",requestMethod);

//獲取請求頭

NSDictionary *headers = self.pps_request.allHTTPHeaderFields;

NSLog(@"請求頭：\n");

for (NSString *key in headers.allKeys) {

NSLog(@"%@ : %@",key,headers[key]);

}

//獲取請求結果

// 上傳攔截結果到我們自己服務器上

NSString *string = [self responseJSONFromData:self.pps_data];

NSLog(@"請求結果：%@",string);

if ([[self.request.URL absoluteString] containsString:@"liked"]) {

NSURLSession *session = [NSURLSession sharedSession];

NSURL *url = [NSURL URLWithString:@"xxxx"];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];

request.HTTPMethod = @"POST";

request.HTTPBody = [[NSString stringWithFormat:@"json_data=%@", string] dataUsingEncoding:NSUTF8StringEncoding];

NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {

}];

[dataTask resume];

}

}

#pragma mark - NSURLConnectionDelegate

- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error{

[self.client URLProtocol:self didFailWithError:error];

}

- (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection{

return YES;

}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{

[self.client URLProtocol:self didReceiveAuthenticationChallenge:challenge];

}

- (void)connection:(NSURLConnection *)connection

didCancelAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {

[self.client URLProtocol:self didCancelAuthenticationChallenge:challenge];

}

#pragma mark - NSURLConnectionDataDelegate

-(NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)response{

if (response != nil) {

self.pps_response = response;

[self.client URLProtocol:self wasRedirectedToRequest:request redirectResponse:response];

}

return request;

}

- (void)connection:(NSURLConnection *)connection

didReceiveResponse:(NSURLResponse *)response {

[[self client] URLProtocol:self didReceiveResponse:response cacheStoragePolicy:NSURLCacheStorageAllowed];

self.pps_response = response;

}

- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data {

[self.client URLProtocol:self didLoadData:data];

[self.pps_data appendData:data];

NSLog(@"receiveData");

}

- (NSCachedURLResponse *)connection:(NSURLConnection *)connection

willCacheResponse:(NSCachedURLResponse *)cachedResponse {

return cachedResponse;

}

- (void)connectionDidFinishLoading:(NSURLConnection *)connection {

[[self client] URLProtocolDidFinishLoading:self];

}

//轉換json

-(id)responseJSONFromData:(NSData *)data {

if(data == nil) return nil;

NSError *error = nil;

id returnValue = [NSJSONSerialization JSONObjectWithData:data options:0 error:&error];

if(error) {

NSLog(@"JSON Parsing Error: %@", error);

//https://github.com/coderyi/NetworkEye/issues/3

return nil;

}

//https://github.com/coderyi/NetworkEye/issues/1

if (!returnValue || returnValue == [NSNull null]) {

return nil;

}

NSData *jsonData = [NSJSONSerialization dataWithJSONObject:returnValue options:NSJSONWritingPrettyPrinted error:nil];

NSString *jsonString = [[NSString alloc]initWithData:jsonData encoding:NSUTF8StringEncoding];

return jsonString;

}

- (NSMutableData *)pps_data {

if (!_pps_data) {

_pps_data = [NSMutableData data];

}

return _pps_data;

}

@end

如上兩個文件導入MonkeyDev中 就會在如下方法中

- (void)stopLoading {...}

攔截你所導入的目標ipa的所有網絡請求 .

根據抓包地址確定你需要的接口數據進行過濾

// 例如我需要的接口xxx

if ([[self.request.URL absoluteString] containsString:@"xxxx"]){}

好了 到此為止攔擊所有app的網絡請求就完成了, 如果有不明白或者工具不會使用的留言,看到就會回答. 感謝大家!!!

總結

以上是生活随笔為你收集整理的android网络拦截,拦截所有app的网络请求的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。