1.所需插件介绍
所需插件如下如:
(1)VirtualXposed_AOSP_0.17.3.apk ①无需ROOt,无需刷机,就可以使用Xposed框架的插件 (2)weixinapp.apk ①自己编写的抓包插件 (3)Webviewdebughook:club.fishine.webviewdebughook_2.2.apk (4)com.blanke.mdwechat_v38_a1cc12 ①MDWechat是一个能让微信 Material Design 化的VirtualXposed模块; ②只支持 Android 5.0 以上版本 (5)com.tencent.mm_1570e359_6.7.3.apk ①微信插件,版本6.7.3 (6)de.robv.android.xposed.installer_v33_36570c.apk
2.具体安装步骤如下:
(1)使用数据线将手机与电脑连接,然后将VirtualXposed_AOSP_0.17.3.apk文件拷贝到手机SD卡中
(2)进入手机文件管理器,找到APK文件,然后打开运行安装
(3)打开VirtualXposed首页,点击XposedInstaller,激活Xposed框架;
(4)安装插件 同步骤1,把其他插件拷贝到手机的sd卡中。
(5)修改配置
返回到VirtualXposed首页,点击home键,在打开界面中点击“模块管理”,然后勾选每个复选框,启用该模块。或者在xposed installer 的模块页面启用该模块。
(6)退出VirtualXposed,重新打开首页,上滑打开插件页。如下图如所示:
从右向左依次点击xposed.installer--->WinxinMsg--->MDWechat--->微信,如果界面显示如下图,则表示均正常:
(7)点击左上角“更多菜单”选择“框架”,点击右上角“....”更多菜单,选择“重启设备”如下图所示:
如果上图的步骤无法重启,或者重启没起作用,则可以在插件列表页,点击右下角的更多菜单,选择重启。如下图:
(8)登录微信,添加公众号
(9)检查日志中是否有抓包信息的输出;
(10)检查接口或数据库中,是否有抓包解析出来保存的数据;
3.微信抓包部分代码:
package com.example.lib.winxinmsg;
import android.content.ContentValues;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage;
import fy.java.tools.Date.DateUtil;
import fy.java.tools.http.HttpClientUtils;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
public class XposedWeixin implements IXposedHookLoadPackage {
String packageName = "com.tencent.mm";
String className = "com.tencent.mm.sdk.platformtools.ba";
//发送抓包数据的接口
String url = "http://xxx.xxx.xxx.xxx:xxxx/hashInter/addListHashRepeat?isChecked=false";
Public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
if (!loadPackageParam.packageName.equals(packageName)){
return;
}
XposedHelpers.findAndHookMethod(
loadPackageParam.classLoader.loadClass(className),
"Zy",String.class,new XC_MethodHook() {
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
Object result = param.getResult();
if (result == null) {
return;
}
XposedBridge.log("--1--新消息--");
try {if (result instanceof Map) {
Map<String, String> map = (Map<String, String>) result;
int index = Integer.parseInt(map.get(".msg.appmsg.mmreader.category.$count")), i = 0;
String str = ".msg.appmsg.mmreader.category.item";
List<Map<String, String>> listmap = new ArrayList<Map<String, String>>();
while (i < index) {
String str2 = str + (i == 0 ? "" : i);
Map<String, String> newmap = new HashMap<String, String>();
newmap.put("title", ((map.get(str2 + ".title") == null) ? "" : map.get(str2 + ".title")));
newmap.put("url", ((map.get(str2 + ".url") == null) ? "" : map.get(str2 + ".url")));
newmap.put("pubTime", ((map.get(str2 + ".pub_time") == null) ? "" : map.get(str2 + ".pub_time")));
newmap.put("author", ((map.get(str2 + ".sources.source.name") == null) ? "" : map.get(str2 + ".sources.source.name")));
listmap.add(newmap);
i++;
}
addOneData(listmap);
XposedBridge.log("本次捕获数据条数:" + listmap.size());
}
} catch (Exception e) {
XposedBridge.log("数据库连接异常!" + e.getMessage());
} finally {}
}
}
);
}
public void addOneData(List<Map<String, String>> newmap) {
List<Map<String, String>> datas = new ArrayList<Map<String, String>>();
for (Map<String, String> map : newmap) {
Map<String, String> mapParameter = new HashMap<String, String>();
mapParameter.put("siteName", "微信");// 网站
mapParameter.put("siteId", "74652");// 网站ID
mapParameter.put("channelId", "0");// 栏目ID
mapParameter.put("title", map.get("title"));// 标题
mapParameter.put("author", map.get("author"));// 作者
mapParameter.put("url", map.get("url"));// 信息链接
mapParameter.put("pubTime", map.get("pubTime"));// 发布时间
mapParameter.put("groupId", "11");// 数据类型 微信
mapParameter.put("cralwerTime", DateUtil.getYMDHMS());// 采集时间
mapParameter.put("dicName", "WeChat_Url");// 保存的数据表
mapParameter.put("keyField", "url");// 数据key使用的字段名称;
datas.add(mapParameter);
}
okhttp(JSONArray.fromObject(datas).toString());
}
public void okhttp(String jsonStr) {
OkHttpClient client = new OkHttpClient();//创建OkHttpClient对象。
MediaType JSON = MediaType.parse("application/json; charset=utf-8");//数据类型为json格式,
RequestBody body = RequestBody.create(JSON, jsonStr);
Request request = new Request.Builder()
.url(url)
.post(body)
.build();
client.newCall(request).enqueue(new Callback() {
public void onFailure(Call call, IOException e) {
XposedBridge.log("接口请求异常:" + e.getMessage());
}
public void onResponse(Call call, Response response) throws IOException {
XposedBridge.log("接口返回值:" + response.body().string());
}
});
}
}
