# JSON HOOK
| var my_stringify = JSON.stringify; |
| JSON.stringify = function (params) { |
| |
| debugger |
| console.log("json_stringify params:",params); |
| return my_stringify(params); |
| }; |
| |
| var my_parse = JSON.parse; |
| JSON.parse = function (params) { |
| |
| debugger |
| console.log("json_parse params:",params); |
| return my_parse(params); |
| }; |
# 请求 hook 当请求 url 里包含 anlysis 时,插入断点
| (function () { |
| var open = window.XMLHttpRequest.prototype.open; |
| window.XMLHttpRequest.prototype.open = function (method, url, async) { |
| if (url.indexOf("analysis") != -1) { |
| debugger; |
| } |
| return open.apply(this, arguments); |
| }; |
| })(); |
# 过 debugger—1 constructor 构造器构造出来的
| var _constructor = constructor; |
| Function.prototype.constructor = function(s) { |
| if (s == "debugger") { |
| console.log(s); |
| return null; |
| } |
| return _constructor(s); |
| } |
| var code = function(){ |
| var org = window.XMLHttpRequest.prototype.setRequestHeader; |
| window.XMLHttpRequest.prototype.setRequestHeader = function(key,value){ |
| if(key=='Authorization'){ |
| debugger; |
| } |
| return org.apply(this,arguments); |
| } |
| } |
| var script = document.createElement('script'); |
| script.textContent = '(' + code + ')()'; |
| (document.head||document.documentElement).appendChild(script); |
| script.parentNode.removeChild(script); |
# 请求 hook 当请求的 url 里包含 MmEwMD 时,则插入断点
| var code = function(){ |
| var open = window.XMLHttpRequest.prototype.open; |
| window.XMLHttpRequest.prototype.open = function (method, url, async){ |
| if (url.indexOf("MmEwMD")>-1){ |
| debugger; |
| } |
| return open.apply(this, arguments); |
| }; |
| } |
| var script = document.createElement('script'); |
| script.textContent = '(' + code + ')()'; |
| (document.head||document.documentElement).appendChild(script); |
| script.parentNode.removeChild(script); |
# 过 debugger—2 eval 的
| (function() { |
| 'use strict'; |
| var eval_ = window.eval; |
| window.eval = function(x) { |
| eval_(x.replace("debugger;", " ; ")); |
| } |
| ; |
| window.eval.toString = eval_.toString; |
| } |
| )(); |
# 对象属性 hook 属性自定义,hook cookie 操作
这种操作只是针对通过 js 生成的 cookie,若 cookie 是服务器后台返回的则不起效果
| (function(){ |
| |
| 'use strict' |
| |
| Object.defineProperty(document,'cookie',{ |
| |
| set: function(val){ |
| |
| debugger; |
| console.log('Hook捕获到set-cookie ->',val); |
| return val; |
| } |
| }) |
| })(); |
# eval/Function
| window.__cr_eval = window.eval; |
| var myeval = function(src) { |
| |
| console.log(src); |
| console.log("========= eval end ==========="); |
| return window.__cr_eval; |
| } |
| |
| var _myeval = myeval.bind(null); |
| _myeval.toString = window.__cr_eval.toString; |
| Object.defineProperty(window, 'eval',{value: _myeval}); |
| |
| window._cr_fun = window.Function |
| var myfun = function(){ |
| var args = Array.prototype.slice.call(arguments, 0, -1).join(","), src = arguments[arguments.lenght -1]; |
| console.log(src); |
| console.log("======== Function end ============="); |
| return window._cr_fun.apply(this, arguments) |
| } |
| |
| myfun.toString = function() {return window._cr_fun + ""} |
| Object.defineProperty(window, "Function",{value: myfun}) |
# eval 取返回值
| _eval = eval; |
| eval = (res)=>{ |
| res1 = res |
| return _eval(res) |
| } |
| |
| eval(xxxxxxxxx) |
# websocket hook
| |
| var my_stringify = JSON.stringify; |
| JSON.stringify = function (params) { |
| |
| console.log("json_stringify params:",params); |
| return my_stringify(params); |
| }; |
| |
| var my_parse = JSON.parse; |
| JSON.parse = function (params) { |
| |
| console.log("json_parse params:",params); |
| return my_parse(params); |
| }; |
| |
| |
| |
| window._WebSocket = window.WebSocket; |
| |
| |
| window._WebSocket.prototype.send = function (data) { |
| console.info("Hook WebSocket", data); |
| return this.send(data) |
| } |
| |
| Object.defineProperty(window, "WebSocket",{value: WebSocket}) |
# hook canvas (定位图片生成的地方)
| (function() { |
| 'use strict'; |
| let create_element = document.createElement.bind(doument); |
| |
| document.createElement = function (_element) { |
| console.log("create_element:",_element); |
| if (_element === "canvas") { |
| debugger; |
| } |
| return create_element(_element); |
| } |
| })(); |
# setInterval 定时器
| (function() { |
| setInterval_ = setInterval; |
| console.log("原函数已被重命名为setInterval_") |
| setInterval = function() {} |
| ; |
| setInterval.toString = function() { |
| console.log("有函数正在检测setInterval是否被hook"); |
| return setInterval_.toString(); |
| } |
| ; |
| } |
| )(); |
# setInterval 循环清除定时器
| for(var i = 0; i < 9999999; i++) window.clearInterval(i) |
# 过药监局无限 debugger
| var _constructor = constructor; |
| Function.prototype.constructor = function (s) { |
| if (s == "debugger") { |
| console.log(s); |
| return null; |
| } |
| return _constructor(s); |
| } |
| |
| var _Function = Function; |
| Function = function (s) { |
| if (s == "debugger") { |
| console.log(s); |
| return null; |
| } |
| return _Function(s); |
| } |