1 headers hook 當header中包含Authorization時,則插入斷點
var code = function(){
var org = window.XMLHttpRequest.prototype.setRequestHeader;
window.XMLHttpRequest.prototype.setRequestHeader = function(key,value){
if(key=='Authorization'){
debugger;
}
return org.apply(this,arguments);
}
}
var script = document.createElement('script');
script.textContent = '(' + code + ')()';
(document.head||document.documentElement).appendChild(script);
script.parentNode.removeChild(script);
2 請求hook 當請求url里包含anlysis時,插入斷點
(function () {
var open = window.XMLHttpRequest.prototype.open;
window.XMLHttpRequest.prototype.open = function (method, url, async) {
if (url.indexOf("analysis") != -1) {
debugger;
}
return open.apply(this, arguments);
};
})();
3 過debugger—1 constructor 基于構造器實現的
var _constructor = constructor;
Function.prototype.constructor = function(s) {
if (s == "debugger") {
console.log(s);
return null;
}
return _constructor(s);
}
4 過debugger—2 eval的
(function() {
'use strict';
var eval_ = window.eval;
window.eval = function(x) {
eval_(x.replace("debugger;", " ; "));
}
;
window.eval.toString = eval_.toString;
}
)();
5 JSON HOOK
var my_stringify = JSON.stringify;
JSON.stringify = function (params) {
//這里可以添加其他邏輯比如
debugger
console.log("json_stringify params:",params);
return my_stringify(params);
};
var my_parse = JSON.parse;
JSON.parse = function (params) {
//這里可以添加其他邏輯比如
debugger
console.log("json_parse params:",params);
return my_parse(params);
};
6 對象屬性hook 屬性自定義,hook cookie操作
這種操作只是針對通過js生成的cookie,若cookie是服務器后臺返回的則不起效果
(function(){
// 嚴格模式,檢查所有錯誤
'use strict'
// document 為要hook的對象 ,屬性是cookie
Object.defineProperty(document,'cookie',{
// hook set方法也就是賦值的方法,get就是獲取的方法
set: function(val){
// 這樣就可以快速給下面這個代碼行下斷點,從而快速定位設置cookie的代碼
debugger; // 在此處自動斷下
console.log('Hook捕獲到set-cookie ->',val);
return val;
}
})
})();
// 只針對Cookie的某個值進行hook----------------------------------
(function(){
'use strict'
Object.defineProperty(document,'cookie',{
set: function(val){
if (val == "xxxx"){
debugger;
}
console.log('Hook捕獲到set-cookie ->',val);
return val;
}
})
})();
7 hook canvas(定位定位圖片生成的地方)
(function() {
'use strict';
let create_element = document.createElement.bind(doument);
<span class="hljs-variable language_">document.<span class="hljs-property">createElement = <span class="hljs-keyword">function (<span class="hljs-params">_element) {
<span class="hljs-variable language_">console.<span class="hljs-title function_">log(<span class="hljs-string">"create_element:",_element);
<span class="hljs-keyword">if (_element === <span class="hljs-string">"canvas") {
<span class="hljs-keyword">debugger;
}
<span class="hljs-keyword">return <span class="hljs-title function_">create_element(_element);
}
})();
8 setInterval 定時器
(function() {
setInterval_ = setInterval;
console.log("原函數已被重命名為setInterval_")
setInterval = function() {}
;
setInterval.toString = function() {
console.log("有函數正在檢測setInterval是否被hook");
return setInterval_.toString();
}
;
}
)();
9 setInterval 循環清除定時器
for(var i = 0; i < 9999999; i++) window.clearInterval(i)
浙公網安備 33010602011771號