我有一个简单的应用程序,我试图绕过它的 ssl pinning,但没有运气。已经做了android sslpinning disable但没用。
基于这篇文章https://blog.nviso.eu/2020/11/19/proxying-android-app-traffic-common-issues-checklist/然后我用来apktool反编译我的应用程序然后在所有 smali 类中搜索任何可能正在使用grep -ri "java/lang/String;\[Ljava/lang/String;)L" smali有 3 个 smali 文件进行固定,我在最后一个 smali 文件中找到了 okhttp3 的东西smali_classes3。
这是输出:
smali_classes3/okhttp3/CertificatePinner$Builder.smali: "(Ljava/lang/String;[Ljava/lang/String;)Lokhttp3/CertificatePinner$Builder;",
smali_classes3/okhttp3/CertificatePinner$Builder.smali:.method public final varargs add(Ljava/lang/String;[Ljava/lang/String;)Lokhttp3/CertificatePinner$Builder;
所以我创建了这个脚本hook2.js
Java.perform(function(){
var Pinner = Java.use("okhttp3.CertificatePinner$Builder");
Pinner.Builder.overload('java.lang.String', '[Ljava.lang.String;').implementation = function(Builder, b)
{
console.log("Disabling pin for " + Builder);
return this;
}
});
并尝试使用反对注入它:
objection explore --startup-script hook2.js
我收到一个错误
Importing and running startup script at: <_io.TextIOWrapper name='hook2.js' mode='r' encoding='cp1252'>
[{'type': 'error', 'description': "TypeError: cannot read property 'overload' of undefined", 'stack': "TypeError: cannot read property 'overload' of undefined\n at <anonymous> (/script2.js:3)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:11)\n at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)\n at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:11)\n at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)\n at perform (frida/node_modules/frida-java-bridge/index.js:192)\n at <eval> (/script2.js:8)", 'fileName': '/script2.js', 'lineNumber': 3, 'columnNumber': 1}]
我怎样才能正确注入这个或者我的脚本是错误的?