Frida 使用

1.安装 frida-server

adb push frida-server-15.1.12-android-arm64 /data/local/tmp
adb shell chmod 755 /data/local/tmp/frida-server-15.1.12-android-arm64

2.安装 objection

pip3 install objection
pip3 install --upgrade objection

3.启动 frida-server

adb shell /data/local/tmp/frida-server-15.1.12-android-arm64

4.使用objection 

参考资料：

https://baijiahao.baidu.com/s?id=1680254855843073847&wfr=spider&for=pc

https://blog.csdn.net/song_lee/article/details/108993169

#objection -g 包名 explore
objection -g com.immomo.momo explore

#列出所有activity
android hooking list activities

#列出内存中所有类
android hooking list classes

#根据关键字搜索内存中的类
android hooking search classes Okhttp


#列出类的所有方法
android hooking list class_methods com.fish.main.MainGameActivity


#hook 指定类
android hooking watch class com.xxx.xxx


#hook 指定方法，打印出入参，堆栈
android hooking watch class_method com.xxx.xxx.methodName --dump-args --dump-backtrace --dump-return


#关闭SSL证书锁定，可以抓包
android sslpinning disable

5.使用 frida 脚本注入

参考资料：https://blog.csdn.net/cqcre/article/details/107602760

Java.perform(function () {
    var OkHttpClient = Java.use("okhttp3.OkHttpClient");

    OkHttpClient.newCall.implementation = function (request) {
        var result = this.newCall(request);
        console.log(request.url());
        var headers = request.headers();
        for (var i=0;i<headers.size();i++) {
           console.log(headers.name(i) + "=" + headers.value(i));
        }
        console.log("====================================");
        return result;
    };

});

#列出正在运行的进程
frida-ps -U

#注入指定pid的进程
frida -U -p 11097 explore -l hook_momo_http.js