Android安全專項之Xposed劫持使用者名稱密碼實踐
Xposed是個強大的工具,可以hook所有的java方法,下面用Xposed來截獲App的使用者名稱密碼,預設你已經安裝好Xposed環境了
AS中建立帶有Login介面的項目
然後一路Next,建立成功後,運行,App介面如下:<喎?http://www.bkjia.com/kf/ware/vc/" target="_blank" class="keylink">vcD4NCjxwPjxpbWcgYWx0PQ=="這裡寫圖片描述" src="http://www.bkjia.com/uploads/allimg/160311/041H955X-1.png" title="\" />
為了使用Xposed劫持應用的使用者名稱和密碼,我們需要知道該應用的包名和要hook的方法,我們只要找到點擊SIGN IN OR REGISTER按鈕的點擊事件處理方法,只要hook這個方法,我們就能擷取到輸入框中的資訊。
xposed.doctorq.com.qq4xposed hook的方法:
xposed.doctorq.com.qq4xposed.LoginActivity.attemptLogin
在hook的beforeHookedMethod方法中擷取下面兩個屬性的值:
Xposed Module稱為Xposed外掛程式,利用Xposed進行實際劫持的項目。
我們建立一個不帶介面的Android項目,建立一個類,實現IXposedHookLoadPackage:
public class LoginHook implements IXposedHookLoadPackage{ @Override public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable { if(!loadPackageParam.packageName.equals("xposed.doctorq.com.qq4xposed")) return; findAndHookMethod("xposed.doctorq.com.qq4xposed.LoginActivity", loadPackageParam.classLoader, "attemptLogin", new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { XposedBridge.log("已經HOOK"); Class o = param.thisObject.getClass(); XposedBridge.log(o.getName()); Field.setAccessible(o.getDeclaredFields(), true); Field fieldEmail = findField(o, "mEmailView"); Field fieldPassword = findField(o,"mPasswordView"); AutoCompleteTextView autoTextView = (AutoCompleteTextView)fieldEmail.get(param.thisObject); EditText editText = (EditText)fieldPassword.get(param.thisObject); String email = autoTextView.getText().toString(); String password = editText.getText().toString(); Toast.makeText((Activity)param.thisObject,"郵箱: " + email + ",密碼 : " + password,Toast.LENGTH_LONG).show(); } @Override protected void afterHookedMethod(MethodHookParam param) throws Throwable { } }); }}將xposed_init檔案修改如下:
安裝該應用,在Xposed Installer中勾選,重啟生效,操作之前的App,正常輸入郵箱和密碼:
使用Xposed進行hook的時候,痛點不是如何使用Xposed,而是如何找到要被hook的方法,比如你如何hook QQ登入方法,這就需要反編譯QQ的Apk找到登入入口,要是學會這一點,隨便一個App你都能Hook。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
