/** * Inspect RequestBody to see what methods we can use */ console.log("\n[*] Inspecting RequestBody\n"); Java.perform(function() { try { var AuthHeaderInterceptor = Java.use("com.adif.elcanomovil.serviceNetworking.interceptors.AuthHeaderInterceptor"); console.log("[+] Found AuthHeaderInterceptor"); AuthHeaderInterceptor.intercept.implementation = function(chain) { try { // Cast chain var ChainClass = Java.use("j3.g"); var chainObj = Java.cast(chain, ChainClass); // Get request var requestField = chainObj.getClass().getDeclaredField("e"); requestField.setAccessible(true); var request = requestField.get(chainObj); if (request) { // Get request body from field "d" var bodyField = request.getClass().getDeclaredField("d"); bodyField.setAccessible(true); var reqBody = bodyField.get(request); if (reqBody) { console.log("\n" + "=".repeat(80)); console.log("[REQUEST BODY CLASS] " + reqBody.$className); // List ALL methods console.log("\n[ALL METHODS]:"); var methods = reqBody.getClass().getMethods(); for (var i = 0; i < methods.length; i++) { var method = methods[i]; var paramTypes = method.getParameterTypes(); var paramStr = ""; for (var j = 0; j < paramTypes.length; j++) { if (j > 0) paramStr += ", "; paramStr += paramTypes[j].getName(); } console.log(" " + method.getName() + "(" + paramStr + ") -> " + method.getReturnType().getName()); } console.log("=".repeat(80) + "\n"); // Only print once AuthHeaderInterceptor.intercept.implementation = this.intercept; } } } catch (e) { console.log("[ERROR] " + e); console.log("[STACK] " + e.stack); } // Call original return this.intercept(chain); }; console.log("[*] Hook installed!\n"); } catch (e) { console.log("[-] Failed: " + e); } });