AndServer搭建服务的用法
龚国源
0x00 需求
搭建一个加密的服务:其他APK的加密服务与其通讯。
https://github.com/yancy2430/MyApplication/blob/master/app/src/main/java/com/tdeado/myapplication/MainActivity.java
andserver搭建方法:
1.搭建本地server
import android.content.Context;
import android.util.Log;
import com.yanzhenjie.andserver.AndServer;
import com.yanzhenjie.andserver.Server;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.concurrent.TimeUnit;
public class ServerManager {
private static final String TAG = "ServerManager";
private Server mServer;
/**
* Create server.
*/
public ServerManager(Context context) {
InetAddress inetAddress = null;
try {
inetAddress = InetAddress.getByName(NetWorkUtil.getHostIp());
} catch (UnknownHostException e) {
e.printStackTrace();
}
mServer = AndServer.serverBuilder(context)
.inetAddress(inetAddress)
.port(8080)
.timeout(10, TimeUnit.SECONDS)
.listener(new Server.ServerListener() {
@Override
public void onStarted() {
// TODO The server started successfully.
Log.d(TAG, "onStarted: ");
}
@Override
public void onStopped() {
// TODO The server has stopped.
Log.d(TAG, "onStarted: ");
}
@Override
public void onException(Exception e) {
Log.e(TAG, "onException: ",e );
// TODO An exception occurred while the server was starting.
}
})
.build();
}
/**
* Start server.
*/
public void startServer() {
if (mServer.isRunning()) {
// TODO The server is already up.
} else {
mServer.startup();
}
}
/**
* Stop server.
*/
public void stopServer() {
if (mServer.isRunning()) {
mServer.shutdown();
} else {
Log.w("AndServer", "The server has not started yet.");
}
}
}
2.启动本地server
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
serverManager = new ServerManager(this);
serverManager.startServer();
Button button = findViewById(R.id.ip);
button.setText(NetWorkUtil.getHostIp()+":8080");
}
3.服务的接口设置
import com.duapp.aesjni.AESEncrypt;
import com.nice.main.helpers.utils.NiceSignUtils;
import com.yanzhenjie.andserver.annotation.GetMapping;
import com.yanzhenjie.andserver.annotation.PostMapping;
import com.yanzhenjie.andserver.annotation.RequestMapping;
import com.yanzhenjie.andserver.annotation.RequestParam;
import com.yanzhenjie.andserver.annotation.RestController;
@RestController
@RequestMapping("/encrypt")
public class Controller {
private static final String TAG = "Controller";
@PostMapping("/du")
public String du(@RequestParam("str") String str) {
String key = AESEncrypt.encode(this, str);
return key;
}
@GetMapping("/mdu")
public String mdu() {
String key = "welcome";
return key;
}
@PostMapping("/nice")
public String nice(@RequestParam("str1") String str1,@RequestParam("str2") String str2,@RequestParam("str3") String str3,@RequestParam("str4") String str4) {
String[] sts = NiceSignUtils.encode(str1, str2.getBytes(),str3.getBytes(), str4.getBytes());
return sts[2].replace(str1,str2);
}
}
使用方法:
- 安装加密的 apk,并且将端口转发到8080.
adb install encrypt.apk
adb forward tcp:8080 tcp:8080
将PC上所有8080端口通信数据将被重定向到手机端8080端口server上
- 在PC上发出post 请求,假设参数为str。
curl -H ‘Accept-Language: zh-cn’ --data “str=AAAAAAAAAAAAAAAAA” --compressed ‘http://192.168.1.149:8080/encrypt/du’
- 获得返回值
dopYyQm9/rBs459gq/u5SjVmv2HsYSJLtU5WzAz3df04IxYNjZJr3bBRQTaTWiZR
进阶的使用方法:
Xposed+Sekiro简单实现抖音搜索结果获取
https://github.com/h1code2/douyin_search_result
- step1: 使用Sekiro注册xpc的服务
public class HookMain implements IXposedHookLoadPackage {
public static XC_LoadPackage.LoadPackageParam loadPackageParam = null;
@Override
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
if (lpparam.packageName.equals("com.ss.android.ugc.aweme.lite")) {
HookMain.loadPackageParam = lpparam;
try {
// 在com.ss.android.ugc.aweme.splash.SplashActivity -> onCreate 注入服务
XposedHelpers.findAndHookMethod("com.ss.android.ugc.aweme.splash.SplashActivity", lpparam.classLoader, "onCreate", Bundle.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
final SekiroClient sekiroClient = SekiroClient.start("sekiro.virjar.com", "client-6", "group-6");
sekiroClient.registerHandler("dy_search", new DouYinUserSearchHandler());
XposedBridge.log("=========== sekiro服务启动成功 ===========");
}
});
} catch (Exception e) {
XposedBridge.log("=========== Sekiro服务启动失败 ===========");
}
}
}
}
- step2: Sekiro方法调用的处理逻辑
public class DouYinUserSearchHandler implements SekiroRequestHandler {
@Override
public void handleRequest(SekiroRequest sekiroRequest, SekiroResponse sekiroResponse) {
Gson gson = new Gson();
String query = sekiroRequest.getString("query");
String start = sekiroRequest.getString("start", "0");
String count = sekiroRequest.getString("count", "10");
long param2 = Long.parseLong(start);
int param3 = Integer.parseInt(count);
if (query == null || query.equals("")) {
sekiroResponse.send("请传入必需参数:query");
}
Class<?> SearchApi = XposedHelpers.findClass("com.ss.android.ugc.aweme.discover.api.SearchApi", HookMain.loadPackageParam.classLoader);
Object object = XposedHelpers.callStaticMethod(SearchApi, "a", query, param2, param3);
Log.d("object",object.toString());
Log.d("gson",gson.toJson(object));
sekiroResponse.send(gson.toJson(object));
}
}
- step3: demo测试案例
adb forward tcp:8080 tcp:8080
curl 'http://sekiro.virjar.com/invoke?group=group-6&action=dy_search&query=%E5%8F%AF%E7%88%B1%E7%9A%84%E4%BA%BA' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (Linux; Android 8.0; Pixel 2 Build/OPD3.170816.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Mobile Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8' --compressed --insecure
同时:也可以使用frida_rpc 做调用
https://github.com/h1code2/douyin_search
类似资料: