/** * Request Body Capture using Reflection * Automatically finds the correct method names */ console.log("\n[*] Request Body Capture (Reflection-based)\n"); Java.perform(function() { try { var AuthHeaderInterceptor = Java.use("com.adif.elcanomovil.serviceNetworking.interceptors.AuthHeaderInterceptor"); console.log("[+] Found AuthHeaderInterceptor"); AuthHeaderInterceptor.intercept.implementation = function(chain) { console.log("\n" + "=".repeat(80)); console.log("[HTTP REQUEST]"); try { // Cast chain var ChainClass = Java.use("j3.g"); var chainObj = Java.cast(chain, ChainClass); // Get request var requestField = chainObj.getClass().getDeclaredField("e"); requestField.setAccessible(true); var request = requestField.get(chainObj); if (request) { // Get URL var urlField = request.getClass().getDeclaredField("a"); urlField.setAccessible(true); var urlObj = urlField.get(request); console.log("[URL] " + urlObj.toString()); // Get method var methodField = request.getClass().getDeclaredField("b"); methodField.setAccessible(true); var method = methodField.get(request); console.log("[METHOD] " + method); // Get request body var bodyField = request.getClass().getDeclaredField("d"); bodyField.setAccessible(true); var reqBody = bodyField.get(request); if (reqBody) { try { // Load Buffer class var Buffer = Java.use("r3.f"); var buffer = Buffer.$new(); // Call writeTo with the buffer reqBody.writeTo(buffer); // Use reflection to find readUtf8() method var methods = buffer.getClass().getMethods(); var readUtf8Method = null; for (var i = 0; i < methods.length; i++) { var method = methods[i]; var methodName = method.getName(); var returnType = method.getReturnType().getName(); var paramCount = method.getParameterTypes().length; // Look for a method that returns String and has no parameters if (returnType === "java.lang.String" && paramCount === 0) { // This is likely readUtf8() readUtf8Method = method; console.log("[DEBUG] Found string method: " + methodName + "()"); break; } } if (readUtf8Method) { readUtf8Method.setAccessible(true); var bodyContent = readUtf8Method.invoke(buffer); console.log("\n[REQUEST BODY]"); if (bodyContent && bodyContent.length > 0) { if (bodyContent.length > 3000) { console.log(bodyContent.substring(0, 3000)); console.log("\n... (truncated, total: " + bodyContent.length + " chars)"); } else { console.log(bodyContent); } } else { console.log("(empty)"); } } else { console.log("[REQUEST BODY] Could not find readUtf8() method"); } } catch (e) { console.log("[REQUEST BODY ERROR] " + e); console.log("[STACK] " + e.stack); } } else { console.log("[REQUEST BODY] null"); } } } catch (e) { console.log("[ERROR] " + e); console.log("[STACK] " + e.stack); } console.log("=".repeat(80) + "\n"); // Call original return this.intercept(chain); }; console.log("[*] Hook installed!\n"); } catch (e) { console.log("[-] Failed: " + e); } });