-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwebview_security_debug.js
More file actions
85 lines (72 loc) · 3.75 KB
/
webview_security_debug.js
File metadata and controls
85 lines (72 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
Java.perform(function () {
var WebView = Java.use("android.webkit.WebView");
var WebViewClient = Java.use("android.webkit.WebViewClient");
var SslError = Java.use("android.net.http.SslError");
// SSL 错误类型映射
var sslErrorTypes = {
0: "证书尚未生效 (NOT_YET_VALID)",
1: "证书已过期 (EXPIRED)",
2: "证书与服务器名称不匹配 (ID_MISMATCH)",
3: "证书不受信任 (UNTRUSTED)",
4: "证书日期无效 (DATE_INVALID)",
5: "证书无效 (INVALID)"
};
console.log("[*] WebView Debugging Hook Installed!");
// Hook WebView.loadUrl(String)
WebView.loadUrl.overload("java.lang.String").implementation = function (url) {
console.log("[*] WebView.loadUrl() → " + url);
this.loadUrl(url);
};
// Hook WebView.loadUrl(String, Map)
WebView.loadUrl.overload("java.lang.String", "java.util.Map").implementation = function (url, additionalHttpHeaders) {
console.log("[*] WebView.loadUrl() with Headers:");
console.log(" └── URL: " + url);
this.loadUrl(url, additionalHttpHeaders);
};
// Hook shouldOverrideUrlLoading(WebView, WebResourceRequest)
var WebResourceRequest = Java.use("android.webkit.WebResourceRequest");
WebViewClient.shouldOverrideUrlLoading.overload("android.webkit.WebView", "android.webkit.WebResourceRequest").implementation = function (view, request) {
var url = request.getUrl().toString();
console.log("[*] shouldOverrideUrlLoading() → URL: " + url);
console.log(" ├── Method: " + request.getMethod());
console.log(" └── Is Secure? " + (url.startsWith("https") ? "Yes" : "No"));
return this.shouldOverrideUrlLoading(view, request);
};
// Hook shouldInterceptRequest(WebView, WebResourceRequest)
WebViewClient.shouldInterceptRequest.overload("android.webkit.WebView", "android.webkit.WebResourceRequest").implementation = function (view, request) {
var url = request.getUrl().toString();
console.log("[*] shouldInterceptRequest() → URL: " + url);
console.log(" ├── Method: " + request.getMethod());
console.log(" └── Is Secure? " + (url.startsWith("https") ? "Yes" : "No"));
return this.shouldInterceptRequest(view, request);
};
// Hook onReceivedSslError(WebView, SslErrorHandler, SslError)
WebViewClient.onReceivedSslError.implementation = function (view, handler, error) {
var errorType = error.getPrimaryError();
var errorDesc = sslErrorTypes[errorType] || "UNKNOWN";
console.log("[!] SSL Error in WebView");
console.log(" ├── URL: " + view.getUrl());
console.log(" ├── Error Type: " + errorType + " (" + errorDesc + ")");
console.log(" ├── Certificate: " + error.getCertificate());
// 监听是否调用了 handler.proceed()
var proceedCalled = false;
var originalProceed = handler.proceed;
handler.proceed = function () {
proceedCalled = true;
originalProceed.call(this);
};
// 执行原始逻辑
this.onReceivedSslError(view, handler, error);
console.log(" └── Ignoring SSL Error? " + (proceedCalled ? "Yes" : "No"));
};
// Hook onPageStarted(WebView, String, Bitmap)
WebViewClient.onPageStarted.implementation = function (view, url, favicon) {
console.log("[*] WebView onPageStarted() → " + url);
this.onPageStarted(view, url, favicon);
};
// Hook onPageFinished(WebView, String)
WebViewClient.onPageFinished.implementation = function (view, url) {
console.log("[*] WebView onPageFinished() → " + url);
this.onPageFinished(view, url);
};
});