tweak绕过反proxy抓包
PREFACE:入门 ing
有的程序做了反代理,顺便入门,写插件绕一下~
555 有跌库库带着学 555
# theos 环境搭建
后续环境搭建在这个目录下
export THEOS=/opt/theos | |
git clone --recursive <https://github.com/theos/theos.git> $THEOS |
安装 ldid,用于签名:
brew install ldid |
安装 dpkg,用于打包
brew install dpkg |
# 启动 nic 程序
$THEOS/bin/nic.pl | |
或 | |
nic.pl |
分别选择:
项目名 | |
包名 | |
author名 | |
app的bundle id;`com.apple.UIKit` 表示这里会hook所有app | |
安装插件时需要杀死的程序bundle id |
# 防抓包原理
https://juejin.cn/post/7055222090030383112
![Untitled (1)](…/…/…/Users/18238/Downloads/Untitled (1).png)
那么反反抓包原理就可以 hook 修改该值的方法,阻止其清空 proxyDictionary 列表的行为
可以通过这里查询需要的方法名
https://github.com/nst/iOS-Runtime-Headers
# 代码编写
logos 语法:https://juejin.cn/post/7027356861909172231
Tweak.x
#import <Foundation/Foundation.h> | |
%hook __NSCFURLSessionConfiguration | |
- (void)setConnectionProxyDictionary:(id)value | |
{ | |
NSLog(@"hook setConnectionProxyDictionary"); | |
NSDictionary *proxyDictionary = (NSDictionary *)value; | |
if (proxyDictionary.count != 0) { | |
%orig(value); | |
} | |
} | |
%end | |
%hook NSURLSessionConfiguration | |
+ (id) defaultSessionConfiguration | |
{ | |
NSLog(@"hook defaultSessionConfiguration"); | |
return %orig; | |
} | |
%end | |
__attribute__((constructor)) | |
void Xssssss(){ | |
NSLog(@"hook lalala"); | |
} |
Makefile
TARGET := iphone:clang:latest:7.0 | |
INSTALL_TARGET_PROCESSES = SpringBoard | |
include $(THEOS)/makefiles/common.mk | |
TWEAK_NAME = test | |
test_FILES = Tweak.x | |
test_CFLAGS = -fobjc-arc | |
include $(THEOS_MAKE_PATH)/tweak.mk | |
THEOS_DEVICE_IP = localhost | |
THEOS_DEVICE_PORT = 2222 | |
ARCHS = armv7 arm64 |
参考:https://www.jianshu.com/p/a5435650e828