Last active
December 1, 2022 14:17
-
-
Save Hacktivate-TH/cbda12fbf58e224b3cd7dc0bb35f9215 to your computer and use it in GitHub Desktop.
Example Frida script to tamper gRPC messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| # Author: Hacktivate Co., Ltd. (https://hacktivate.tech) | |
| # | |
| # Description: An example Frida script for tampering with streaming gRPC messages. | |
| # Full blog post can be found at: https://hacktivate.tech/2022/10/27/a-hackish-way-to-tamper-grpc-traffic-in-android.html | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| var streamObserver = Java.use("io.grpc.stub.ClientCalls$CallToStreamObserverAdapter"); | |
| streamObserver.onNext.implementation = function(obj) { | |
| console.log("hooked!!"); | |
| var objClassName = obj.$className; | |
| //inspect the type of argument | |
| console.log("Class name:" + objClassName); | |
| //cast the argument into the correct type | |
| var obj2 = Java.cast(obj, Java.use(objClassName)); | |
| console.log("Object: " + obj2); | |
| //list available setter methods | |
| console.log("Available methods of " + objClassName + ":\n" + Java.use(objClassName).class.getDeclaredMethods()); | |
| var point = Java.use("io.grpc.examples.routeguide.Point").$new(); | |
| console.log("Available methods of io.grpc.examples.routeguide.Point"); | |
| console.log(Java.use('io.grpc.examples.routeguide.Point').class.getDeclaredMethods()); | |
| point.setLongitude(2); | |
| point.setLatitude(2); | |
| console.log(point); | |
| obj2.setLocation(point); | |
| obj2.setMessage("modified message"); | |
| this.onNext(obj2) | |
| } | |
| }) | |
| }, 0); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment