feat: 实现支持多种hook方式

Author: CC11001100

src/analyzer/param-encryption-analyzer.js

@@ -0,0 +1,105 @@
+/**
+ * 分析参数加密
+ */
+class ParamEncryptionAnalyzer {
+
+    /**
+     *
+     * @param param {Param}
+     */
+    analyze(param) {
+        return this.detectEncryptionType(param.value);
+    }
+
+    detectEncryptionType(input) {
+        // Base64
+        const base64Regex = /^[A-Za-z0-9+/]+={0,2}$/;
+        if (base64Regex.test(input) && input.length % 4 === 0) {
+            return "Base64";
+        }
+
+        // MD5
+        const md5Regex = /^[a-f0-9]{32}$/i;
+        if (md5Regex.test(input)) {
+            return "MD5";
+        }
+
+        // SHA-1
+        const sha1Regex = /^[a-f0-9]{40}$/i;
+        if (sha1Regex.test(input)) {
+            return "SHA-1";
+        }
+
+        // SHA-256
+        const sha256Regex = /^[a-f0-9]{64}$/i;
+        if (sha256Regex.test(input)) {
+            return "SHA-256";
+        }
+
+        // SHA-512
+        const sha512Regex = /^[a-f0-9]{128}$/i;
+        if (sha512Regex.test(input)) {
+            return "SHA-512";
+        }
+
+        // bcrypt
+        const bcryptRegex = /^\$2[aby]\$\d{2}\$[.\/A-Za-z0-9]{53}$/;
+        if (bcryptRegex.test(input)) {
+            return "bcrypt";
+        }
+
+        // URL编码
+        const urlEncodedRegex = /%[0-9A-Fa-f]{2}/;
+        if (urlEncodedRegex.test(input)) {
+            return "URL Encoded";
+        }
+
+        // Hex编码
+        const hexRegex = /^[0-9A-Fa-f]+$/;
+        if (hexRegex.test(input) && input.length % 2 === 0) {
+            return "Hex Encoded";
+        }
+
+        // ROT13
+        const rot13Regex = /^[A-Za-z]+$/;
+        if (rot13Regex.test(input) && input === input.replace(/[A-Za-z]/g, function (c) {
+            return String.fromCharCode(c.charCodeAt(0) + (c.toLowerCase() < 'n' ? 13 : -13));
+        })) {
+            return "ROT13";
+        }
+
+        // JWT
+        const jwtRegex = /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$/;
+        if (jwtRegex.test(input)) {
+            return "JWT";
+        }
+
+        // UUID
+        const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+        if (uuidRegex.test(input)) {
+            return "UUID";
+        }
+
+        // 如果都不匹配，返回未知
+        return null;
+    }
+
+// // 测试示例
+//     console.log(detectEncryptionType("SGVsbG8gV29ybGQ=")); // Base64
+//     console.log(detectEncryptionType("5d41402abc4b2a76b9719d911017c592")); // MD5
+//     console.log(detectEncryptionType("2fd4e1c67a2d28fced849ee1bb76e7391b93eb12")); // SHA-1
+//     console.log(detectEncryptionType("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); // SHA-256
+//     console.log(detectEncryptionType("$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy")); // bcrypt
+//     console.log(detectEncryptionType("Hello%20World")); // URL Encoded
+//     console.log(detectEncryptionType("48656c6c6f20576f726c64")); // Hex Encoded
+//     console.log(detectEncryptionType("Uryyb Jbeyq")); // ROT13
+//     console.log(detectEncryptionType("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")); // JWT
+//     console.log(detectEncryptionType("550e8400-e29b-41d4-a716-446655440000")); // UUID
+//     console.log(detectEncryptionType("randomstring")); // Unknown Encryption Type
+
+}
+
+
+module.exports = {
+    ParamEncryptionAnalyzer
+}

src/analyzer/request-analyzer.js

@@ -70,7 +70,7 @@ class RequestAnalyzer {
     }
 
     /**
-     * 判断时间戳是否是合法的jsonp时间戳，它的事件范围不应该太过于离谱，应该是一个近期的时间
+     * 判断时间戳是否是合法的jsonp时间戳，它的时间范围不应该太过于离谱，应该是一个近期的时间
      *
      * @param timestampString
      * @return {boolean}

src/analyzer/response-analyzer.js

@@ -3,7 +3,10 @@
  */
 class ResponseAnalyzer {
 
+    // 2025-01-07 21:44:27 似乎并不需要这部分逻辑了，仅从请求参数进行推测就已经足够用了
+
     /**
+     *
      * 从一次完整的请求中分析
      *
      * @param scriptContext {ScriptContext}

src/config/config.js

@@ -15,6 +15,8 @@ class Config {
         // 让用户能够自己指定前缀，也许会有一些拥有感？之前ast hook好像就有个哥们喜欢这样干...
         this.prefix = "CC11001100";
 
+        this.hookType = "use-proxy-function";
+
         // 是否忽略.js后缀的请求
         this.isIgnoreJsSuffixRequest = true;
 
@@ -60,6 +62,7 @@ class Config {
         const o = JSON.parse(configJsonString);
         this.language = o.language;
         this.prefix = o.prefix;
+        this.hookType = o.hookType;
         this.isIgnoreJsSuffixRequest = o.isIgnoreJsSuffixRequest;
         this.isIgnoreNotJsonpRequest = o.isIgnoreNotJsonpRequest;
         this.autoJumpProjectSiteOnConfiguraion = o.autoJumpProjectSiteOnConfiguraion;

src/config/ui/component/debugger-component.js

@@ -210,6 +210,13 @@ class DebuggerComponent {
             getGlobalConfig().persist();
         });
 
+        // ${debuggerConfig.id}-hook-type
+        debuggerElt.find(`#${debuggerInformation.id}-hook-type`).change(function () {
+            const localDebuggerInformation = getGlobalConfig().findDebuggerById(debuggerInformation.id);
+            localDebuggerInformation.hookType = $(this).val();
+            getGlobalConfig().persist();
+        });
+
         // callbackFunctionParamName
         debuggerElt.find(`#${debuggerInformation.id}-callbackFunctionParamName-text`).on('input', function () {
             const localDebuggerInformation = getGlobalConfig().findDebuggerById(debuggerInformation.id);

src/config/ui/component/global-options-component.js

@@ -39,6 +39,27 @@ class GlobalOptionsComponent {
                 </div>
             </td>
         </tr>
+        <tr>
+            <td align="right">
+                <div class="js-script-hook-tips-icon" >
+                    ?
+                    <div class="js-script-hook-tooltip">
+                    ${language.global_settings.responseDebuggerHookTypeTips}
+                    </div>
+                </div>
+                <span>${language.global_settings.responseDebuggerHookType}</span>
+            </td>
+            <td align="left" style="padding: 10px;">
+                <div style="display: inline-block;">
+                    <div class="js-script-hook-select-container" style="width: 400px !important; ">
+                        <select id="js-script-hook-global-config-hook-type">
+                            <option value="use-proxy-function" >${language.global_settings.responseDebuggerHookTypeUseProxyFunction}</option>
+                            <option value="use-redeclare-function">${language.global_settings.responseDebuggerHookTypeUseRedeclareFunction}</option>
+                        </select>
+                    </div>
+                </div>
+            </td>
+        </tr>
         <tr>
             <td align="right">
                 <!-- 问号形式的 Tips 组件 -->
@@ -122,6 +143,15 @@ class GlobalOptionsComponent {
     render(language, oldConfig) {
         const component = $(this.template(oldConfig, language));
 
+        if (oldConfig.hookType) {
+            component.find(`#js-script-hook-global-config-hook-type`).val(oldConfig.hookType);
+        }
+
+        component.find("#js-script-hook-global-config-hook-type").change(function () {
+            getGlobalConfig().hookType = $(this).val();
+            getGlobalConfig().persist();
+        });
+
         // 切换语言选择
         component.find("#js-script-hook-global-config-language").change(function () {
             getGlobalConfig().language = $(this).val();

src/config/ui/component/language.js

@@ -11,6 +11,11 @@ const chinese = {
         flagPrefixTips: "在Hook的时候会设置一些全局唯一的标志位，你可以个性化修改为自定义的前缀",
         flagPrefixPlaceholder: "可自定义全局前缀，未设置默认为 CC11001100_js_script_hook",
 
+        responseDebuggerHookType: "响应断点Hook方式：",
+        responseDebuggerHookTypeTips: "此选项刷新页面后生效",
+        responseDebuggerHookTypeUseProxyFunction: "使用代理函数实现Hook",
+        responseDebuggerHookTypeUseRedeclareFunction: "直接修改网站callback函数体（注意可能会有作用域问题）",
+
         isIgnoreJsSuffixRequest: "是否忽略.js后缀的请求：",
         isIgnoreJsSuffixRequestTips: "大多数时候.js后缀的请求都是单纯的加载JavaScript资源文件，可以选择忽略掉这类请求，当勾选的时候，控制台上也不会再打印.js请求",
 
@@ -57,6 +62,18 @@ const chinese = {
         comment: "备注：",
         commentTips: "你可以输入一些备注，或者相关信息的一些上下文，以防止时间长了之后忘记。",
         commentPlaceholder: "好记性不如烂笔头",
+    },
+    console: {
+        time: "时间",
+        requestId: "请求ID",
+        isJsonpRequest: "是否是jsonp请求",
+        hostname: "请求域名",
+        path: "请求路径",
+        param: "请求参数",
+        hash: "请求#hash",
+        paramName: "参数名称",
+        paramValue: "参数值",
+        isJsonpCallback: "是否是jsonp回调函数",
     }
 };
 

src/debugger/debugger-tester.js

@@ -1,9 +1,3 @@
-const {getGlobalConfig} = require("../config/config");
-const {getUnsafeWindow} = require("../utils/scope-util");
-const {ObjectFunctionHook} = require("../hook/object-function-hook");
-const {ResponseFormatter} = require("../formatter/response-formatter");
-const {ResponseContext} = require("../context/response/response-context");
-
 class DebuggerTester {
 
     /**

src/debugger/debugger.js

@@ -1,7 +1,3 @@
-const {ObjectFunctionHook} = require("../hook/object-function-hook");
-const {getUnsafeWindow} = require("../utils/scope-util");
-const {getGlobalConfig} = require("../config/config");
-
 /**
  * 表示一个jsonp的条件断点
  */

src/formatter/json-formatter.js

@@ -0,0 +1,53 @@
+const styles = {
+    key: 'color: green;',
+    string: 'color: yellow;',
+    number: 'color: blue;',
+    boolean: 'color: red;',
+    null: 'color: magenta;'
+};
+
+function buildString(val, strArr, styleArr) {
+    if (typeof val === 'string') {
+        styleArr.push(styles.string);
+        strArr.push('%c"' + val + '"');
+    } else if (typeof val === 'number') {
+        styleArr.push(styles.number);
+        strArr.push('%c' + val);
+    } else if (typeof val === 'boolean') {
+        styleArr.push(styles.boolean);
+        strArr.push('%c' + val);
+    } else if (val === null) {
+        styleArr.push(styles.null);
+        strArr.push('%cnull');
+    } else if (Array.isArray(val)) {
+        strArr.push('[');
+        for (let i = 0; i < val.length; i++) {
+            if (i > 0) strArr.push(', ');
+            buildString(val[i], strArr, styleArr);
+        }
+        strArr.push(']');
+    } else if (typeof val === 'object' && val !== null) {
+        strArr.push('{');
+        const keys = Object.keys(val);
+        for (let i = 0; i < keys.length; i++) {
+            if (i > 0) strArr.push(', ');
+            const key = keys[i];
+            styleArr.push(styles.key);
+            strArr.push('%c"' + key + '"');
+            strArr.push(': ');
+            buildString(val[key], strArr, styleArr);
+        }
+        strArr.push('}');
+    }
+}
+
+function highlightJSON(jsonObj) {
+    const strArr = [];
+    const styleArr = [];
+    buildString(jsonObj, strArr, styleArr);
+    return [strArr.join(''), ...styleArr];
+}
+
+module.exports = {
+    highlightJSON
+}