JavaScrip中常用的HOOK腳本分享

更新時(shí)間：2024年12月18日 09:10:31 作者：田小濤

Hook?技術(shù)又叫做鉤子函數(shù),簡(jiǎn)單來(lái)說(shuō),就是把系統(tǒng)的程序拉出來(lái)變成我們自己執(zhí)行代碼片段,本文為大家整理了一些JavaScrip中常用的HOOK腳本,需要的可以參考下

Hook定義

Hook 技術(shù)又叫做鉤子函數(shù)，在系統(tǒng)沒(méi)有調(diào)用該函數(shù)之前，鉤子程序就先捕獲該消息，鉤子函數(shù)先得到控制權(quán)

這時(shí)鉤子函數(shù)既可以加工處理（改變）該函數(shù)的執(zhí)行行為，還可以強(qiáng)制結(jié)束消息的傳遞

簡(jiǎn)單來(lái)說(shuō)，就是把系統(tǒng)的程序拉出來(lái)變成我們自己執(zhí)行代碼片段。

在 js 中，系統(tǒng)程序可以指瀏覽器API，也可以指代碼中實(shí)現(xiàn)的一些方法等

Hook 步驟

1、尋找 hook 點(diǎn)

2、編寫(xiě) hook 邏輯

3、調(diào)試

注：最常用的是hook cookie response open 表單

常見(jiàn)hook腳本

COOKIE

(function() {
    //嚴(yán)謹(jǐn)模式 檢查所有錯(cuò)誤
    'use strict';
    var cookieTemp = "";
    Object.defineProperty(document, 'cookie', {
        set: function(val) {
 
                console.log('Hook捕獲到cookie設(shè)置->', val);
                cookieTemp = val;
                return val;
        },
        get: function()
        {
            return cookieTemp;
        }
    });
})();

HEADER

(function () {
    var org = window.XMLHttpRequest.prototype.setRequestHeader;
    window.XMLHttpRequest.prototype.setRequestHeader = function (key, value) {
        if (key == 'Authorization') {
            debugger;
        }
        return org.apply(this, arguments);
    };
})();

URL / XHR

(function () {
    var open = window.XMLHttpRequest.prototype.open;
    window.XMLHttpRequest.prototype.open = function (method, url, async) {
        if (url.indexOf("login") != -1) {
            debugger;
        }
        return open.apply(this, arguments);
    };
})();

FETCH

(function () {
    let fetchCache = Object.getOwnPropertyDescriptor(window, "fetch");
    Object.defineProperty(window, "fetch", {
        value: function (url) {
            console.log("Hook fetch url => ", url);
            debugger;
            return fetchCache.value.apply(this, arguments);
        }
    });
})();

EVAL

(function() {
    var eval_ = eval;
    // 重寫(xiě) eval
    var myeval = function(src) {
        if(src.includes('debugger')){
            src = src.replace(/debugger\s*;?/g, '')
        }
        return eval_(src);
    }
    var myeval_ = myeval.bind(null);
    myeval_.toString = function(){
        return eval_.toString();
    };
    Object.defineProperty(window, 'eval', {
        value: myeval_
    });
})();
 
 
var a=eval+""
var _eval=eval
eval=function(arg){
console.log(arg)
    return _eval(arg)
}
eval.toString=function(){return "function eval() { [native code] }"}
var _old=Function.prototype.toString.call
Function.prototype.toString.call=function(arg){
    if(arg==eval)
    return "function eval() { [native code] }"
    return _old(arg);
 
}
console.log(Function.prototype.toString.call(eval))

JSON

// JSON.stringify   ------------------------------------------
(function() {
    var stringify = JSON.stringify;
    JSON.stringify = function(params) {
        console.log("Hook JSON.stringify ——> ", params);
        debugger;
        return stringify(params);
    }
})();
 
// JSON.parse   ------------------------------------------
(function() {
    var parse = JSON.parse;
    JSON.parse = function(params) {
        console.log("Hook JSON.parse ——> ", params);
        debugger;
        return parse(params);
    }
})();

無(wú)限 DEBUGGER

(function () {
    let constructorCache = Function.prototype.constructor;
    Function.prototype.constructor = function (string) {
        if (string === "debugger") {
            console.log("Hook constructor debugger!");
            return function () {};
        }
        return constructorCache(string);
    };
})();
 
 
 
Function.prototype.constructor_bk = Function.prototype.constructor
Function.prototype.constructor = function(){
    if (arguments[0]=="debugger"){
        return function () {};
    }else{
        return Function.prototype.constructor_bk.apply(this, arguments)
    }
}

WEBSOCKET

WebSocket

(function () {
    let sendCache = WebSocket.prototype.send;
    WebSocket.prototype.send = function (data) {
        console.info("Hook WebSocket send => ", data);
        return sendCache(data);
    };
})();

CONSOLE

(function () {
    let consoleCache = console.log;
    console.log = function (msg) {
        consoleCache("Hook console.log =>", msg);
        if(msg === "value") {
            debugger;
        }
        consoleCache(msg);
    };
})();

CREATEELEMENT

(function () {
    let createElementCache = document.createElement;
    document.createElement = function (tagName) {
        console.info("Hook createElement tagName => ", tagName);
        if(tagName === "div") {
            debugger;
        }
        return createElementCache(tagName);
    };
})();

GETELEMENTBYID

(function () {
    let getElementByIdCache = document.getElementById;
    document.getElementById = function (id) {
        console.info("Hook getElementById id => ", id);
        if (id === "spiderapi") {
            debugger;
        }
        return getElementByIdCache(id);
    };
})();

SETATTRIBUTE

(function () {
    let setAttributeCache = window.Element.prototype.setAttribute;
    window.Element.prototype.setAttribute = function (name, value) {
        console.info("Hook setAttribute name => %s, value => %s", name, value);
        if (name === "value") {
            debugger;
        }
        return setAttributeCache(name, value);
    };
})();

SETINTERVAL / SETTIMEOUT

(function () {
    let setIntervalCache = setInterval;
    setInterval = function (func, delay) {
        console.log("Hook setInterval func => %s, delay => %s", func, delay);
        debugger;
        return setIntervalCache(func, delay);
    };
})();
 
 
 
(function () {
    let setTimeoutCache = setTimeout;
    setTimeout = function (func, delay) {
        console.log("Hook setTimeout func => %s, delay => %s", func, delay);
        debugger;
        return setTimeoutCache(func, delay);
    };
})();

原型鏈

// 備份原函數(shù)，并添加至原型鏈
String.prototype.split_ = String.prototype.split;
// hook split 方法
String.prototype.split = function(val){
    
    str = this.toString();
    debugger;
    return str.split_(val);
};
// 過(guò)檢測(cè)
String.prototype.split.toString = function (){
    
    return "function split() { [native code] }";
}

hook 正則 test 方法，使其總是返回 true

RegExp.prototype.test_ = RegExp.prototype.test;
RegExp.prototype.test = function (val) {
    
    return true;
};
RegExp.prototype.test.toString = function () {
    
    return "function test() { [native code] }"
}

以上就是JavaScrip中常用的HOOK腳本分享的詳細(xì)內(nèi)容，更多關(guān)于JavaScrip HOOK腳本的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章！

您可能感興趣的文章: