Skip to content

Commit

Permalink
Merge pull request #30 from Qrilee/master
Browse files Browse the repository at this point in the history 
add support for sslContext & xUtils3
  • Loading branch information
@Fuzion24
Fuzion24 authored Apr 15, 2018
2 parents e10f34c + ad5c3dd commit 08e196d
Show file tree
Hide file tree
Showing 2 changed files with 167 additions and 108 deletions.
256 changes: 158 additions & 98 deletions app/src/main/java/just/trust/me/Main.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,8 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable {
if (hasTrustManagerImpl()) {
Class<?> cls = findClass("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader);

TrustManager[] managers = (TrustManager[])param.getResult();
if(managers.length > 0 && cls.isInstance(managers[0]))
TrustManager[] managers = (TrustManager[]) param.getResult();
if (managers.length > 0 && cls.isInstance(managers[0]))
return;
}

Expand All @@ -177,34 +177,34 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable {
/* public void setDefaultHostnameVerifier(HostnameVerifier) */
Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setDefaultHostnameVerifier",
HostnameVerifier.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
HostnameVerifier.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});

/* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */
/* public void setSSLSocketFactory(SSLSocketFactory) */
Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});

/* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */
/* public void setHostnameVerifier(HostNameVerifier) */
Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});


/* WebView Hooks */
Expand All @@ -213,40 +213,54 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, SslErrorHandler, SslError) for: " + currentPackageName);

findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedSslError",
WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
((android.webkit.SslErrorHandler)param.args[1]).proceed();
return null;
}
});
WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
((android.webkit.SslErrorHandler) param.args[1]).proceed();
return null;
}
});

/* frameworks/base/core/java/android/webkit/WebViewClient.java */
/* public void onReceivedError(WebView, int, String, String) */
Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + currentPackageName);

findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedError",
WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() {
WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});

//SSLContext.init >> (null,ImSureItsLegitTrustManager,null)
findAndHookMethod("javax.net.ssl.SSLContext", lpparam.classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() {

@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {

param.args[0] = null;
param.args[1] = new TrustManager[]{new ImSureItsLegitTrustManager()};
param.args[2] = null;

}
});

// Multi-dex support: https://github.com/rovo89/XposedBridge/issues/30#issuecomment-68486449
findAndHookMethod("android.app.Application",
lpparam.classLoader,
"attach",
Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// Hook OkHttp or third party libraries.
Context context = (Context) param.args[0];
processOkHttp(context.getClassLoader());
processHttpClientAndroidLib(context.getClassLoader());
lpparam.classLoader,
"attach",
Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// Hook OkHttp or third party libraries.
Context context = (Context) param.args[0];
processOkHttp(context.getClassLoader());
processHttpClientAndroidLib(context.getClassLoader());
processXutils(context.getClassLoader());
}
}
}
);

/* Only for newer devices should we try to hook TrustManagerImpl */
Expand Down Expand Up @@ -289,7 +303,7 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return list;
}
});
}
}

} // End Hooks

Expand All @@ -299,12 +313,24 @@ public boolean hasTrustManagerImpl() {

try {
Class.forName("com.android.org.conscrypt.TrustManagerImpl");
} catch(ClassNotFoundException e) {
} catch (ClassNotFoundException e) {
return false;
}
return true;
}

private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{new ImSureItsLegitTrustManager()}, null);
return sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException e) {
return null;
} catch (KeyManagementException e) {
return null;
}
}

//Create a SingleClientConnManager that trusts everyone!
public ClientConnectionManager getSCCM() {

Expand All @@ -330,8 +356,8 @@ public ClientConnectionManager getSCCM() {
}
}

//This function creates a ThreadSafeClientConnManager that trusts everyone!
public ClientConnectionManager getTSCCM(HttpParams params) {
//This function creates a ThreadSafeClientConnManager that trusts everyone!
public ClientConnectionManager getTSCCM(HttpParams params) {

KeyStore trustStore;
try {
Expand Down Expand Up @@ -362,14 +388,36 @@ public ClientConnectionManager getCCM(Object o, HttpParams params) {

if (className.equals("SingleClientConnManager")) {
return getSCCM();
}
else if (className.equals("ThreadSafeClientConnManager")) {
} else if (className.equals("ThreadSafeClientConnManager")) {
return getTSCCM(params);
}

return null;
}

private void processXutils(ClassLoader classLoader) {
Log.d(TAG, "Hooking org.xutils.http.RequestParams.setSslSocketFactory(SSLSocketFactory) (3) for: " + currentPackageName);
try {
classLoader.loadClass("org.xutils.http.RequestParams");
findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setSslSocketFactory", javax.net.ssl.SSLSocketFactory.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
param.args[0] = getEmptySSLFactory();
}
});
findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setHostnameVerifier", HostnameVerifier.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
param.args[0] = new ImSureItsLegitHostnameVerifier();
}
});
} catch (Exception e) {
Log.d(TAG, "org.xutils.http.RequestParams not found in " + currentPackageName + "-- not hooking");
}
}

void processOkHttp(ClassLoader classLoader) {
/* hooking OKHTTP by SQUAREUP */
/* com/squareup/okhttp/CertificatePinner.java available online @ https://github.com/square/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java */
Expand All @@ -381,19 +429,19 @@ void processOkHttp(ClassLoader classLoader) {
try {
classLoader.loadClass("com.squareup.okhttp.CertificatePinner");
findAndHookMethod("com.squareup.okhttp.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
// pass
Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking");
Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking");
}

//https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/CertificatePinner.java#L144
Expand All @@ -402,17 +450,17 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return null;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return null;
}
});
} catch (ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking");
// pass
}
Expand All @@ -421,17 +469,17 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr
try {
classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier");
findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier",
classLoader,
"verify",
String.class,
javax.net.ssl.SSLSession.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"verify",
String.class,
javax.net.ssl.SSLSession.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, SSLSession)");
// pass
}
Expand All @@ -440,17 +488,17 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr
try {
classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier");
findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier",
classLoader,
"verify",
String.class,
java.security.cert.X509Certificate.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"verify",
String.class,
java.security.cert.X509Certificate.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, X509)(");
// pass
}
Expand All @@ -473,28 +521,40 @@ protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Thr
});
} catch (ClassNotFoundException e) {
// pass
Log.d(TAG, "httpclientandroidlib not found in " + currentPackageName + "-- not hooking");
Log.d(TAG, "httpclientandroidlib not found in " + currentPackageName + "-- not hooking");
}
}

class ImSureItsLegitTrustManager implements X509TrustManager {
private class ImSureItsLegitTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}

@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}

@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}

private class ImSureItsLegitHostnameVerifier implements HostnameVerifier {

@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}

/* This class creates a SSLSocket that trusts everyone. */
public class TrustAllSSLSocketFactory extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public TrustAllSSLSocketFactory(KeyStore truststore) throws
NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);

TrustManager tm = new X509TrustManager() {
Expand All @@ -510,7 +570,7 @@ public X509Certificate[] getAcceptedIssuers() {
}
};

sslContext.init(null, new TrustManager[] { tm }, null);
sslContext.init(null, new TrustManager[]{tm}, null);
}

@Override
Expand Down
Loading

0 comments on commit 08e196d

Please sign in to comment.