/** * Intercept at OkHttp level to capture request bodies */ console.log("\n[*] OkHttp Request Interceptor\n"); Java.perform(function() { // Hook the RealCall.execute method which actually sends the request try { var RealCall = Java.use("i3.j"); // OkHttp's RealCall console.log("[+] Found RealCall"); RealCall.g.implementation = function(chain) { console.log("\n" + "=".repeat(80)); console.log("[HTTP REQUEST INTERCEPTED]"); try { // Get the request from chain var request = chain.b(); if (request) { console.log("[URL] " + request.g().toString()); console.log("[METHOD] " + request.f()); // Get the body var body = request.d(); if (body) { try { var Buffer = Java.use("r3.f"); var buffer = Buffer.$new(); // Write body to buffer body.writeTo(buffer); // Read as string var bodyStr = buffer.B0(); console.log("\n[REQUEST BODY]"); if (bodyStr && bodyStr.length > 0) { console.log(bodyStr); } else { console.log("(empty)"); } } catch (e) { console.log("[BODY ERROR] " + e); } } else { console.log("[BODY] null"); } } } catch (e) { console.log("[ERROR] " + e); } console.log("=".repeat(80) + "\n"); // Call original return this.g(chain); }; console.log("[*] Hook installed!\n"); } catch (e) { console.log("[-] Failed to hook RealCall: " + e); } });