dasemu/adif-api-reverse-engineering
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Agregados varios //TODO para revisar

Browse Source
This commit is contained in:
Dasemu
2025-12-04 21:22:05 +01:00
parent e0133d2ca2
commit ec57ac366d
9 changed files with 837 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
frida_scripts/frida_capture_request_body.js
View File

@@ -1,36 +1,77 @@
/**
* Capture REQUEST BODY using writeTo() method
* Capture REQUEST BODY by hooking MoshiRequestBodyConverter
*/
console.log("\n[*] Capturing REQUEST Bodies\n");
console.log("\n[*] Capturing REQUEST Bodies via MoshiRequestBodyConverter\n");
Java.perform(function() {
// Hook MoshiRequestBodyConverter.convert() directly
try {
var MoshiRequestBodyConverter = Java.use("retrofit2.converter.moshi.MoshiRequestBodyConverter");
console.log("[+] Found MoshiRequestBodyConverter");
var convertOriginal = MoshiRequestBodyConverter.convert.overload('java.lang.Object');
convertOriginal.implementation = function(obj) {
// BEFORE calling original, serialize the object ourselves to capture it
try {
// Get the adapter field to serialize the object
var adapterField = this.getClass().getDeclaredField("adapter");
adapterField.setAccessible(true);
var adapter = adapterField.get(this);
// Create our own buffer and writer to capture the JSON
var Buffer = Java.use("r3.f");
var tempBuffer = Buffer.$new();
// Create JsonWriter with buffer
var JsonWriter = Java.use("Z2.t");
var JsonWriterConstructor = JsonWriter.class.getDeclaredConstructor([Java.use("r3.i").class]);
JsonWriterConstructor.setAccessible(true);
var tempWriter = JsonWriterConstructor.newInstance([tempBuffer]);
// Serialize to our buffer
adapter.toJson(tempWriter, obj);
tempWriter.close();
// Read the JSON
var jsonContent = tempBuffer.B0(); // readUtf8()
console.log("\n" + "=".repeat(80));
console.log("[CAPTURED REQUEST BODY]");
if (jsonContent && jsonContent.length > 0) {
if (jsonContent.length > 3000) {
console.log(jsonContent.substring(0, 3000));
console.log("\n... (truncated, total: " + jsonContent.length + " chars)");
} else {
console.log(jsonContent);
}
} else {
console.log("(empty)");
}
console.log("=".repeat(80) + "\n");
} catch (e) {
console.log("[CAPTURE ERROR] " + e);
}
// Call original to return the actual RequestBody
return convertOriginal.call(this, obj);
};
console.log("[*] MoshiRequestBodyConverter hook installed!\n");
} catch (e) {
console.log("[-] Failed to hook MoshiRequestBodyConverter: " + e);
}
// Also hook the Auth interceptor to show URLs
try {
var AuthHeaderInterceptor = Java.use("com.adif.elcanomovil.serviceNetworking.interceptors.AuthHeaderInterceptor");
console.log("[+] Found AuthHeaderInterceptor");
// Try to find Buffer class
var Buffer = null;
var bufferNames = ["r.f", "r3.f", "okio.Buffer", "r3.Buffer"];
for (var i = 0; i < bufferNames.length; i++) {
try {
Buffer = Java.use(bufferNames[i]);
console.log("[+] Found Buffer class: " + bufferNames[i]);
break;
} catch (e) {
// Try next
}
}
if (!Buffer) {
console.log("[-] Could not find Buffer class, trying without pre-loading");
}
AuthHeaderInterceptor.intercept.implementation = function(chain) {
console.log("\n" + "=".repeat(80));
console.log("[HTTP REQUEST]");
try {
// Cast chain
var ChainClass = Java.use("j3.g");
@@ -46,87 +87,26 @@ Java.perform(function() {
var urlField = request.getClass().getDeclaredField("a");
urlField.setAccessible(true);
var urlObj = urlField.get(request);
console.log("[URL] " + urlObj.toString());
// Get method
var methodField = request.getClass().getDeclaredField("b");
methodField.setAccessible(true);
var method = methodField.get(request);
console.log("[METHOD] " + method);
// Get request body
var bodyField = request.getClass().getDeclaredField("d");
bodyField.setAccessible(true);
var reqBody = bodyField.get(request);
if (reqBody) {
try {
// If Buffer wasn't found, try to load it now
if (!Buffer) {
var bufferNames = ["r.f", "r3.f", "okio.Buffer", "r3.Buffer"];
for (var i = 0; i < bufferNames.length; i++) {
try {
Buffer = Java.use(bufferNames[i]);
break;
} catch (e) {}
}
}
if (Buffer) {
// Create a temporary buffer
var buffer = Buffer.$new();
// Try to cast buffer to BufferedSink if needed
try {
var BufferedSink = Java.use("r3.i");
var sink = Java.cast(buffer, BufferedSink);
// Call writeTo passing the sink
reqBody.writeTo(sink);
} catch (e) {
// If cast fails, try direct call
reqBody.writeTo(buffer);
}
// Read the content as UTF-8 string
var bodyContent = buffer.B0(); // readUtf8()
console.log("\n[REQUEST BODY]");
if (bodyContent && bodyContent.length > 0) {
if (bodyContent.length > 2000) {
console.log(bodyContent.substring(0, 2000));
console.log("\n... (truncated, total: " + bodyContent.length + " chars)");
} else {
console.log(bodyContent);
}
} else {
console.log("(empty)");
}
} else {
console.log("\n[REQUEST BODY] Could not load Buffer class");
}
} catch (e) {
console.log("[REQUEST BODY ERROR] " + e);
}
} else {
console.log("[REQUEST BODY] null");
}
console.log("\n[REQUEST] " + method + " " + urlObj.toString());
}
} catch (e) {
console.log("[ERROR] " + e);
console.log("[URL CAPTURE ERROR] " + e);
}
console.log("=".repeat(80) + "\n");
// Call original
return this.intercept(chain);
};
console.log("[*] Hook installed!\n");
console.log("[*] Interceptor hook installed!\n");
} catch (e) {
console.log("[-] Failed: " + e);
console.log("[-] Failed to hook AuthHeaderInterceptor: " + e);
}
});