/** * Improved REQUEST BODY Capture * Using correct method names discovered through inspection */ console.log("\n[*] Improved Request Body Capture\n"); Java.perform(function() { try { var AuthHeaderInterceptor = Java.use("com.adif.elcanomovil.serviceNetworking.interceptors.AuthHeaderInterceptor"); console.log("[+] Found AuthHeaderInterceptor"); AuthHeaderInterceptor.intercept.implementation = function(chain) { console.log("\n" + "=".repeat(80)); console.log("[HTTP REQUEST]"); try { // Cast chain var ChainClass = Java.use("j3.g"); var chainObj = Java.cast(chain, ChainClass); // Get request var requestField = chainObj.getClass().getDeclaredField("e"); requestField.setAccessible(true); var request = requestField.get(chainObj); if (request) { // Get URL var urlField = request.getClass().getDeclaredField("a"); urlField.setAccessible(true); var urlObj = urlField.get(request); console.log("[URL] " + urlObj.toString()); // Get method var methodField = request.getClass().getDeclaredField("b"); methodField.setAccessible(true); var method = methodField.get(request); console.log("[METHOD] " + method); // Get request headers try { var headersField = request.getClass().getDeclaredField("c"); headersField.setAccessible(true); var headers = headersField.get(request); if (headers) { console.log("\n[REQUEST HEADERS]"); var size = headers.size(); for (var i = 0; i < size; i++) { var name = headers.c(i); var value = headers.f(i); console.log(" " + name + ": " + value); } } } catch (e) { console.log("[HEADERS ERROR] " + e); } // Get request body var bodyField = request.getClass().getDeclaredField("d"); bodyField.setAccessible(true); var reqBody = bodyField.get(request); if (reqBody) { try { // Load Buffer class - we know it's r3.f from inspection var Buffer = Java.use("r3.f"); var buffer = Buffer.$new(); // Call writeTo with the buffer (buffer implements BufferedSink) reqBody.writeTo(buffer); // Try to read using readUtf8 try { var bodyContent = buffer.B0(); // readUtf8() console.log("\n[REQUEST BODY]"); if (bodyContent && bodyContent.length > 0) { if (bodyContent.length > 3000) { console.log(bodyContent.substring(0, 3000)); console.log("\n... (truncated, total: " + bodyContent.length + " chars)"); } else { console.log(bodyContent); } } else { console.log("(empty)"); } } catch (e) { // If B0() doesn't work, try other common method names console.log("[READ ERROR] " + e); console.log("[DEBUG] Trying alternative methods..."); try { // Try snapshot().utf8() var snapshot = buffer.t0(); // snapshot() if (snapshot) { var bodyContent = snapshot.Y(); // utf8() console.log("\n[REQUEST BODY]"); console.log(bodyContent); } } catch (e2) { console.log("[ALT METHOD ERROR] " + e2); } } } catch (e) { console.log("[REQUEST BODY ERROR] " + e); } } else { console.log("[REQUEST BODY] null"); } } } catch (e) { console.log("[ERROR] " + e); } console.log("=".repeat(80) + "\n"); // Call original return this.intercept(chain); }; console.log("[*] Hook installed!\n"); } catch (e) { console.log("[-] Failed: " + e); } });