// headers hook 当header中包含Authorization时,则插入断点 var code = function () { var org = window.XMLHttpRequest.prototype.setRequestHeader; window.XMLHttpRequest.prototype.setRequestHeader = function (key, value) { if (key == 'Authorization') { debugger; } return org.apply(this, arguments); } } var script = document.createElement('script'); script.textContent = '(' + code + ')()'; (document.head || document.documentElement).appendChild(script); script.parentNode.removeChild(script); // 请求hook 当请求的url里包含MmEwMD时,则插入断点 var code = function () { var open = window.XMLHttpRequest.prototype.open; window.XMLHttpRequest.prototype.open = function (method, url, async) { if (url.indexOf("MmEwMD") > -1) { debugger; } return open.apply(this, arguments); }; } var script = document.createElement('script'); script.textContent = '(' + code + ')()'; (document.head || document.documentElement).appendChild(script); script.parentNode.removeChild(script); // 过debugger—1 constructor 构造器构造出来的 var _constructor = constructor; Function.prototype.constructor = function (s) { if (s == "debugger") { console.log(s); return null; } return _constructor(s); } // 过debugger—2 eval的 (function () { 'use strict'; var eval_ = window.eval; window.eval = function (x) { eval_(x.replace("debugger;", " ; ")); } ; window.eval.toString = eval_.toString; } )(); // JSON HOOK var my_stringify = JSON.stringify; JSON.stringify = function (params) { //这里可以添加其他逻辑比如 debugger console.log("json_stringify params:", params); return my_stringify(params); }; var my_parse = JSON.parse; JSON.parse = function (params) { //这里可以添加其他逻辑比如 debugger console.log("json_parse params:", params); return my_parse(params); }; // 对象属性hook 属性自定义,hook cookie操作 (function () { // 严格模式,检查所有错误 'use strict' // document 为要hook的对象 ,属性是cookie Object.defineProperty(document, 'cookie', { // hook set方法也就是赋值的方法,get就是获取的方法 set: function (val) { // 这样就可以快速给下面这个代码行下断点,从而快速定位设置cookie的代码 debugger; // 在此处自动断下 console.log('Hook捕获到set-cookie ->', val); return val; } }) })(); // eval/Function window.__cr_eval = window.eval; var myeval = function (src) { // src就是eval运行后 最终返回的值 console.log(src); console.log("========= eval end ==========="); return window.__cr_eval; } var _myeval = myeval.bind(null); _myeval.toString = window.__cr_eval.toString; Object.defineProperty(window, 'eval', { value: _myeval }); window._cr_fun = window.Function var myfun = function () { var args = Array.prototype.slice.call(arguments, 0, -1).join(","), src = arguments[arguments.lenght - 1]; console.log(src); console.log("======== Function end ============="); return window._cr_fun.apply(this, arguments) } myfun.toString = function () { return window._cr_fun + "" } //小花招,这里防止代码里检测原生函数 Object.defineProperty(window, "Function", { value: myfun }) // eval 取返回值 _eval = eval; eval = (res) => { res1 = res // 返回值 return _eval(res) } eval(xxxxxxxxx) // websocket hook // 1、webcoket 一般都是json数据格式传输,那么发生之前需要JSON.stringify var my_stringify = JSON.stringify; JSON.stringify = function (params) { //这里可以添加其他逻辑比如 debugger console.log("json_stringify params:", params); return my_stringify(params); }; var my_parse = JSON.parse; JSON.parse = function (params) { //这里可以添加其他逻辑比如 debugger console.log("json_parse params:", params); return my_parse(params); }; // 2 webScoket 绑定在windows对象,上,根据浏览器的不同,websokcet名字可能不一样 //chrome window.WebSocket firfox window.MozWebSocket; window._WebSocket = window.WebSocket; // hook send window._WebSocket.prototype.send = function (data) { console.info("Hook WebSocket", data); return this.send(data) } Object.defineProperty(window, "WebSocket", { value: WebSocket }) // hook canvas (定位图片生成的地方) (function () { 'use strict'; let create_element = document.createElement.bind(doument); document.createElement = function (_element) { console.log("create_element:", _element); if (_element === "canvas") { debugger; } return create_element(_element); } })(); // setInterval 定时器 (function () { setInterval_ = setInterval; console.log("原函数已被重命名为setInterval_") setInterval = function () { } ; setInterval.toString = function () { console.log("有函数正在检测setInterval是否被hook"); return setInterval_.toString(); } ; } )(); // setInterval 循环清除定时器 for (var i = 0; i < 9999999; i++) window.clearInterval(i)