连续复制
一键复制
一键打包
hook eval
(function() {
'use strict';
//过debuger
var eval_ = window.eval;
window.eval = function(x) {
eval_(x.replace("debugger;", " ; "));
};
//防debuger检测
window.eval.toString = eval_.toString;
})();hook debugger
//方式1
Function.prototype.constructor = function() {};
Function.prototype.constructor_bc = Function.prototype.constructor;
Function.prototype.constructor = function() {
if (arguments === "debugger") { return } else { return Function.prototype.constructor_bc.apply(this, arguments) }
};
// 方式2
var n_eval = eval
eval = function() {
if (arguments.indexOf("debugger") === 0) {
return
}
return n_eval.apply(arguments)
}
// 方式3
var n_eval = eval
eval = function() {
var reg = RegExp(/debugger/)
if (reg.exec(arguments)) {
return
}
return n_eval.apply(arguments)
}
// 方式4
var n_Function = Function
Function = function() {
if (arguments.indexOf("debugger") === 0) {
return
}
return n_Function.apply(arguments)
}
// 方式5
var n_Function = Function
Function = function() {
reg = RegExp(/debugger/)
if (reg.exec(arguments)) {
return
}
return n_Function.apply(arguments)
}hook cookie
// 当前版本hook工具只支持Content-Type为html的自动hook
(function() {
'use strict';
var cookie_cache = document.cookie;
Object.defineProperty(document, 'cookie', {
get: function() {
console.log(cookie_cache);
return cookie_cache;
},
set: function(val) {
debugger;
var cookie = val.split(";")[0];
var ncookie = cookie.split("=");
var flag = false;
var cache = cookie_cache.split(";");
cache = cache.map(function(a) {
if (a.split("=")[0] === ncookie[0]) {
flag = true;
return cookie;
}
return a;
});
cookie_cache = cache.join(";");
if (!flag) {
cookie_cache += cookie + ";";
}
},
});
})();hook ajax
! function(t) {
function n(e) {
if (r[e]) return r[e].exports;
var i = r[e] = {
exports: {},
id: e,
loaded: !1
};
return t[e].call(i.exports, i, i.exports, n),
i.loaded = !0,
i.exports
}
var r = {};
return n.m = t,
n.c = r,
n.p = "",
n(0)
}([function(t, n, r) {
r(1)(window)
},
function(t, n) {
t.exports = function(t) {
var n = "RealXMLHttpRequest";
t.hookAjax = function(t) {
function r(n) {
return function() {
var r = this.hasOwnProperty(n + "_") ? this[n + "_"] : this.xhr[n],
e = (t[n] || {}).getter;
return e && e(r, this) || r
}
}
function e(n) {
return function(r) {
var e = this.xhr,
i = this,
o = t[n];
if ("function" == typeof o) e[n] = function() {
t[n](i) || r.apply(e, arguments)
};
else {
var u = (o || {}).setter;
r = u && u(r, i) || r;
try {
e[n] = r
} catch (t) {
this[n + "_"] = r
}
}
}
}
function i(n) {
return function() {
var r = [].slice.call(arguments);
if (!t[n] || !t[n].call(this, r, this.xhr)) return this.xhr[n].apply(this.xhr, r)
}
}
return window[n] = window[n] || XMLHttpRequest,
XMLHttpRequest = function() {
var t = new window[n];
for (var o in t) {
var u = "";
try {
u = typeof t[o]
} catch (t) {}
"function" === u ? this[o] = i(o) : Object.defineProperty(this, o, {
get: r(o),
set: e(o),
enumerable: !0
})
}
this.xhr = t
},
window[n]
},
t.unHookAjax = function() {
window[n] && (XMLHttpRequest = window[n]),
window[n] = void 0
},
t.default = t
}
}
]);
hookAjax(
// hook functions and callbacks of XMLHttpRequest object
{
onreadystatechange: function(xhr) {
//console.log("onreadystatechange called: %O", xhr)
},
onload: function(xhr) {
//console.log("onload called: %O", xhr)
xhr.responseText = "hook" + xhr.responseText;
},
open: function(arg, xhr) {
console.log("open called: method:%s,url:%s,async:%s", arg[0], arg[1], arg[2], xhr);
// arg[1] += "?hook_tag=1";
//统一添加请求头
},
send: function(arg, xhr) {
console.log("send called: %O", arg[0]);
xhr.setRequestHeader("_custom_header_", "ajaxhook")
},
setRequestHeader: function(arg, xhr) {
console.log("setRequestHeader called!", arg)
},
// hook attributes of XMLHttpRequest object
timeout: {
setter: function(v, xhr) {
//timeout shouldn't exceed 10s
return Math.max(v, 1000);
}
}
}
);这段代码防止反hook的检测
orig = window.eval;
window.eval = function(str) { debugger;
orig(str); }
window.eval.toString = function() { return orig.toString(); }防原型链检测
//如hook了split方法
String.prototype.split_bk = String.prototype.split;
String.prototype.split = function(val) {
str = this.toString()
debugger;
return str.spilt_bk(val)
}
//伪装原型链
String.prototype.split.toString = function() {
return 'function split() { [native code] }'
}新增一些hook方法
// Hook Cookie
(function() {
'use strict';
var cookieTemp = '';
Object.defineProperty(document, 'cookie', {
set: function(val) {
if (val.indexOf('__dfp') != -1) {
debugger;
}
console.log('Hook捕获到cookie设置->', val);
cookieTemp = val;
return val;
},
get: function() {
return cookieTemp;
},
});
})();
(function() {
'use strict';
var org = document.cookie.__lookupSetter__('cookie');
document.__defineSetter__('cookie', function(cookie) {
if (cookie.indexOf('__dfp') != -1) {
debugger;
}
org = cookie;
});
document.__defineGetter__('cookie', function() {
return org;
});
})();Hook Header
// Hook Header
(function() {
var org = window.XMLHttpRequest.prototype.setRequestHeader;
window.XMLHttpRequest.prototype.setRequestHeader = function(key, value) {
if (key == 'Authorization') {
debugger;
}
return org.apply(this, arguments);
};
})();Hook URL
// Hook URL
(function() {
var open = window.XMLHttpRequest.prototype.open;
window.XMLHttpRequest.prototype.open = function(method, url, async) {
if (url.indexOf("login") != -1) {
debugger;
}
return open.apply(this, arguments);
};
})();Hook JSON.stringify
// Hook JSON.stringify
(function() {
var stringify = JSON.stringify;
JSON.stringify = function(params) {
console.log("Hook JSON.stringify ——> ", params);
debugger;
return stringify(params);
}
})();Hook JSON.parse
// Hook JSON.parse
(function() {
var parse = JSON.parse;
JSON.parse = function(params) {
console.log("Hook JSON.parse ——> ", params);
debugger;
return parse(params);
}
})();Hook eval
// Hook eval
(function() {
// 保存原始方法
window.__cr_eval = window.eval;
// 重写 eval
var myeval = function(src) {
console.log(src);
console.log("=============== eval end ===============");
debugger;
return window.__cr_eval(src);
}
// 屏蔽 JS 中对原生函数 native 属性的检测
var _myeval = myeval.bind(null);
_myeval.toString = window.__cr_eval.toString;
Object.defineProperty(window, 'eval', { value: _myeval });
})();Hook Function
// Hook Function
(function() {
// 保存原始方法
window.__cr_fun = window.Function;
// 重写 function
var myfun = function() {
var args = Array.prototype.slice.call(arguments, 0, -1).join(","),
src = arguments[arguments.length - 1];
console.log(src);
console.log("=============== Function end ===============");
debugger;
return window.__cr_fun.apply(this, arguments);
}
// 屏蔽js中对原生函数native属性的检测
myfun.toString = function() {
return window.__cr_fun + ""
}
Object.defineProperty(window, 'Function', { value: myfun });
})();获取Canvas指纹DataURL
// 获取Canvas指纹DataURL
function getCanvasData() {
t = []
a = document.createElement("canvas");
a.width = 2e3,
a.height = 200,
a.style.display = "inline";
var n = a.getContext("2d");
n.rect(0, 0, 10, 10),
n.rect(2, 2, 6, 6),
t.push("canvas winding:" + (!1 === n.isPointInPath(5, 5, "evenodd") ? "yes" : "no")),
n.textBaseline = "alphabetic",
n.fillStyle = "#f60",
n.fillRect(125, 1, 62, 20),
n.fillStyle = "#069",
n.font = '11pt no-real-font-123',
n.fillText("Cwm fjordbank glyphs vext quiz", 2, 15),
n.fillStyle = "rgba(102, 204, 0, 0.2)",
n.font = "18pt Arial",
n.fillText("Cwm fjordbank glyphs vext quiz", 4, 45),
n.globalCompositeOperation = "multiply",
n.fillStyle = "rgb(255,0,255)",
n.beginPath(),
n.arc(50, 50, 50, 0, 2 * Math.PI, !0),
n.closePath(),
n.fill(),
n.fillStyle = "rgb(0,255,255)",
n.beginPath(),
n.arc(100, 50, 50, 0, 2 * Math.PI, !0),
n.closePath(),
n.fill(),
n.fillStyle = "rgb(255,255,0)",
n.beginPath(),
n.arc(75, 100, 50, 0, 2 * Math.PI, !0),
n.closePath(),
n.fill(),
n.fillStyle = "rgb(255,0,255)",
n.arc(75, 75, 75, 0, 2 * Math.PI, !0),
n.arc(75, 75, 25, 0, 2 * Math.PI, !0),
n.fill("evenodd");
return "canvas fp:" + a.toDataURL()
}Hook toDataURL
// Hook toDataURL
var toDataURL = HTMLCanvasElement.prototype.toDataURL;
HTMLCanvasElement.prototype.toDataURL = function(type, encoderOptions) {
var uri = toDataURL.call(this, type, encoderOptions);
console.log(uri);
return uri;
}
评论已关闭