{"id":110515,"date":"2020-06-01T22:18:16","date_gmt":"2020-06-01T14:18:16","guid":{"rendered":"http:\/\/4563.org\/?p=110515"},"modified":"2020-06-01T22:18:16","modified_gmt":"2020-06-01T14:18:16","slug":"%e9%a5%bf%e4%ba%86%e4%b9%88%e3%80%81%e6%8a%96%e9%9f%b3-pojie-flaskfrida-rpc","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=110515","title":{"rendered":"\u997f\u4e86\u4e48\u3001\u6296\u97f3 pojie-flask+frida-rpc"},"content":{"rendered":"
\n
\n
\n

\u997f\u4e86\u4e48\u3001\u6296\u97f3 pojie-flask+frida-rpc <\/h1>\n

<\/p>\n

\n
\u8cc7\u6df1\u5927\u4f6c : zhaoboy666 <\/span> <\/i> 0<\/span> <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n
<\/p>\n

\u539f\u8d34 https:\/\/juejin.im\/post\/5ed302666fb9a047e25d6410 \u4e5f\u662f\u81ea\u5df1\u7684\uff0c\u6015\u6392\u7248\u4e71\u4e86 \u4e4b\u524d\u997f\u4e86\u4e48\u662f\u4e0d\u9700\u8981\u52a0\u5bc6\u53c2\u6570\uff0c\u73b0\u5728\u9700\u8981\u52a0\u5bc6\u53c2\u6570\uff0c\u542c\u8bf4\u7684\u3002\u4ed6\u7684\u52a0\u5bc6\u53c2\u6570\u6709\u4e09\u4e2a\uff0c\u4e4b\u524d\u8fdb\u884c\u8bc4\u4f30\u7684\u65f6\u5019\uff0c\u4e3a\u4e86\u5feb\u901f\u5f00\u53d1\uff0c\u5c31\u662f\u7528\u4e86 frida \u7684 rpc \u8fdb\u884c\u4e86\u52a0\u5bc6\u53c2\u6570\u8c03\u7528\u3002<\/p>\n

\u997f\u4e86\u4e48\u52a0\u5bc6\u53c2\u6570\u5206\u522b\uff1a ex_r<\/code> ex_dr<\/code> ex_d<\/code>\uff08\u8fd9\u91cc\u7684\u997f\u4e86\u4e48\u7248\u672c\u5fd8\u8bb0\u4e86\uff09<\/p>\n

\"\u997f\u4e86\u4e48\u3001\u6296\u97f3 \u4e0a\u8fb9\u56fe\u662f\u4e4b\u524d\u8bc4\u4f30\u7684\u65f6\u5019\u505a\u7684\uff0c\u5e74\u4ee3\u4e45\u8fdc\u5fd8\u8bb0\u4e86\u7248\u672c\uff0c\u4e0d\u8fc7\u4eca\u5929\u7684\u91cd\u70b9\u4e0d\u662f\u8fd9\u4e2a\uff0c\u662f\u7528 flask+frida-rcp \u642d\u5efa\u7684 web \u670d\u52a1\u3002 \u76ee\u524d\u5728\u516c\u53f8\u5f00\u53d1\u7684\u65f6\u5019\u7528\u5728\u5f88\u591a\u5730\u65b9\uff0c\u6bd4\u5982\uff1a\u67d0\u5b9d\u7684 xsign \u3001\u5fae\u89c6\u6570\u636e\u6293\u53d6\uff08\u6ca1\u65f6\u95f4\u641e\uff0c\u5b9e\u73b0\u4e00\u534a\uff09\u3001\u67d0\u97f3\u7684 x-gorgon \u3001\u5feb\u624b\u7684 sig \u548c sig3 \u3001\u67d0\u67e5\u67e5\u3001\u67d0\u773c\u67e5\u7b49\u7b49 app \u3002<\/p>\n

\u5bf9\u4e8e flask \u7684 web \u670d\u52a1\u7b80\u5355\u5feb\u6377\uff0c\u52a0\u4e4b\u4e4b\u524d\u662f\u505a web \u7684\u6211\uff0c\u5c31\u66f4\u52a0\u719f\u7ec3\u3002\u5c0f\u767d\u4e0a\u624b\u4e5f\u5f88\u5feb\u7684\uff0c\u4e0d\u8fc7\u4e0d\u540c app \u7684\u5bf9\u8fd9\u79cd\u65b9\u5f0f\u652f\u6301\u662f\u4e0d\u540c\u7684\uff0c\u6709\u7684 app \u52a0\u58f3\u4e4b\u540e\uff0cfrida \u5728 attach \u7684\u65f6\u5019\u53ef\u80fd\u51fa\u73b0\u5954\u6e83\uff0c\u8fd9\u4e2a\u90fd\u662f\u5751\uff0c\u9700\u8981\u81ea\u5df1\u60f3\u529e\u6cd5\u4e86\u3002<\/p>\n

\u997f\u4e86\u4e48<\/h2>\n

\u4e0b\u9762\u5c31\u7785\u7785\u4ee3\u7801\uff0c\u4ee3\u7801\u901a\u4fd7\u6613\u61c2\u3002 \"\u997f\u4e86\u4e48\u3001\u6296\u97f3 \u5bf9\u4e8e\u997f\u4e86\u4e48\u4f20\u7684url_path<\/code>\u4f20\u8fdb\u6765\u5c31\u884c\u4e86\u3002 \u770b\u770b test.js \u4ee3\u7801\u3002 \"\u997f\u4e86\u4e48\u3001\u6296\u97f3 \u8fd9\u4e2a\u7531\u4e8e\u65f6\u95f4\u4e45\u8fdc\uff0c\u6ca1\u6cd5\u6d4b\u8bd5\u5b83\u8fd0\u884c\u6548\u679c\uff0c\u8bfb\u8005\u53ef\u4ee5\u81ea\u884c\u6d4b\u8bd5\u3002<\/p>\n

\u6296\u97f3<\/h2>\n

\u6296\u97f3\u7684\u4e5f\u4e0d\u96be\uff0c\u7785\u7785\u4ee3\u7801\u5c31 OK \u3002<\/p>\n

 @app.route('\/test') def hello_world():     args = request.args['url_path']     res = script.exports.callsecretfunctioneleme(args)     return jsonify(res)   @app.route('\/dy') def dy_test():     #\u6d4f\u89c8\u5668\u8bbf\u95ee\u4e0d\u5efa\u8bae\u7528 get\uff0c\u4f1a\u8fdb\u884c urlencode,\u53ef\u4ee5\u81ea\u5df1\u5b9e\u73b0 post \u65b9\u5f0f\u6d4b\u8bd5\u3002     url = 'https:\/\/aweme-lq.snssdk.com\/aweme\/v1\/aweme\/post\/?max_cursor=0&user_id=1028768810424894&count=20&retry_type=no_retry&iid=184358846342967&device_id=2277828257122173&ac=wifi&channel=wandoujia_aweme1&aid=1128&app_name=aweme&version_code=670&version_name=6.7.0&device_platform=android&ssmix=a&device_type=Pixel&device_brand=google&language=zh&os_api=27&os_version=8.1.0&uuid=351615082104688&openudid=3d57b21540251c2e&manifest_version_code=670&resolution=1080*1794&dpi=420&update_version_code=6702&_rticket=1590890088312&app_type=normal&js_sdk_version=1.16.3.5&ts=1590890117&sec_user_id=MS4wLjABAAAA-7QwzV-uUTfGr3sbh6ZjhKMDNJDtH5AXBrX07t7QCkZdHY3xksemJ472P_IH6-lN'     # url = request.args['url'] #     res = script.exports.callsecretfunctionedy(url)     return res <\/code><\/pre>\n
test.js \u4ee3\u7801\u6211\u4f1a\u653e\u5728\u5c0f\u767d\u516c\u4f17\u53f7\u4e0a\u9762\uff0c\u67e5\u770b\u5386\u53f2\u6587\u7ae0\u5373\u53ef\u3002<\/p>\n
\u6d4b\u8bd5<\/h2>\n
\u7531\u4e8e\u997f\u4e86\u4e48\u5fd8\u8bb0\u90a3\u4e2a\u7248\u672c\u4e86\uff0c\u5c31\u4e0d\u6d4b\u8bd5\u4e86\uff0c\u8fd9\u91cc\u53ea\u6d4b\u8bd5\u6296\u97f3\u7684 rpc \u4ee3\u7801\u3002<\/p>\n
\"\u997f\u4e86\u4e48\u3001\u6296\u97f3<\/p>\n
\u5570\u55e6\u51e0\u53e5<\/h2>\n
\u5728\u5927\u6982 10 \u4e2a\u6708\u524d\uff0c\u6d4b\u8bd5\u8fc7 frida \u7684 rpc \u5e76\u53d1\uff0c\u5728\u6a21\u62df\u5668\u4e0b\u642d\u5efa\u5728\u516c\u7f51\u4e0a\uff0c\u5e76\u53d1\u53ea\u80fd\u8bf4\u8fd8\u884c\u3002 \u4ee5\u4e0a\u4ec5\u7528\u4e8e\u5b66\u4e60\u4ea4\u6d41\uff0c\u8bf7\u52ff\u7528\u4e8e\u4efb\u4f55\u975e\u6cd5\u7528\u9014\u3002 \u5173\u6ce8 [\u5c0f\u767d\u6280\u672f\u793e] \u91cc\u9762\u6709\u5f88\u591a\u722c\u866b-\u9006\u5411\u6587\u7ae0\u7b49\u4f60\u7814\u7a76\u3002<\/p>\n<\/p><\/div>\n
 \u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (5<\/span>)        <\/div>\n
 <\/div>\n<\/p><\/div>\n<\/p><\/div>\n
    \n
  • \n
    \n
    \n
     \u8cc7\u6df1\u5927\u4f6c : oszlso <\/span>  <\/div>\n
     <\/i>            <\/span> <\/div>\n<\/p><\/div>\n
                                                                 \u72af\u6cd5\u3002\u3002\u3002                                                            <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
     \u8cc7\u6df1\u5927\u4f6c : bengol <\/span>  <\/div>\n
     <\/i>            <\/span> <\/div>\n<\/p><\/div>\n
                                                                 \u5df2\u5411\u516c\u53f8\u53cd\u9988                                                            <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
     \u8cc7\u6df1\u5927\u4f6c : tempdban <\/span>  <\/div>\n
     <\/i>            <\/span> <\/div>\n<\/p><\/div>\n
                                                                 \u54c8\u54c8\u54c8\u4e0a\u53cd\u9988\u8b66\u544a                                                            <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
     \u8cc7\u6df1\u5927\u4f6c : hahalo <\/span>  <\/div>\n
     <\/i>            <\/span> <\/div>\n<\/p><\/div>\n
                                                                 \u67e5\u6c34\u8868\u8b66\u544a                                                            <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
     \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : zhaoboy666 <\/span>  <\/div>\n
     <\/i>            <\/span> <\/div>\n<\/p><\/div>\n
                                                                 @bengol \u53ef\u4ee5\u554a \u4ec5\u4ec5\u5b66\u4e60\u7528\u9014\uff0c\u5e0c\u671b\u8d35\u53f8\u80fd\u7ee7\u7eed\u5b8c\u5584\u5b89\u5168\u65b9\u9762                                                            <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n","protected":false},"excerpt":{"rendered":"
    \u997f\u4e86\u4e48\u3001\u6296\u97f3 pojie-flas…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/110515"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110515"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/110515\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110515"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}