├── .gitignore ├── HookIntent ├── .classpath ├── .project ├── .settings │ └── org.eclipse.jdt.core.prefs ├── AndroidManifest.xml ├── XposedBridgeApi-54.jar ├── assets │ └── xposed_init ├── gen │ └── com │ │ └── example │ │ └── hookintent │ │ ├── BuildConfig.java │ │ └── R.java ├── libs │ └── android-support-v4.jar ├── proguard-project.txt ├── project.properties ├── res │ ├── drawable-hdpi │ │ └── ic_launcher.png │ ├── drawable-mdpi │ │ └── ic_launcher.png │ ├── drawable-xhdpi │ │ └── ic_launcher.png │ ├── values-v11 │ │ └── styles.xml │ ├── values-v14 │ │ └── styles.xml │ └── values │ │ ├── strings.xml │ │ └── styles.xml └── src │ └── org │ └── wooyun │ └── hookintent │ └── Main.java ├── README.md ├── filter.png └── poc.png /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store -------------------------------------------------------------------------------- /HookIntent/.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /HookIntent/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | HookIntent 4 | 5 | 6 | 7 | 8 | 9 | com.android.ide.eclipse.adt.ResourceManagerBuilder 10 | 11 | 12 | 13 | 14 | com.android.ide.eclipse.adt.PreCompilerBuilder 15 | 16 | 17 | 18 | 19 | org.eclipse.jdt.core.javabuilder 20 | 21 | 22 | 23 | 24 | com.android.ide.eclipse.adt.ApkBuilder 25 | 26 | 27 | 28 | 29 | 30 | com.android.ide.eclipse.adt.AndroidNature 31 | org.eclipse.jdt.core.javanature 32 | 33 | 34 | -------------------------------------------------------------------------------- /HookIntent/.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 3 | org.eclipse.jdt.core.compiler.compliance=1.6 4 | org.eclipse.jdt.core.compiler.source=1.6 5 | -------------------------------------------------------------------------------- /HookIntent/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 5 | 6 | 9 | 10 | 15 | 18 | 21 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /HookIntent/XposedBridgeApi-54.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/HookIntent/XposedBridgeApi-54.jar -------------------------------------------------------------------------------- /HookIntent/assets/xposed_init: -------------------------------------------------------------------------------- 1 | org.wooyun.hookintent.Main -------------------------------------------------------------------------------- /HookIntent/gen/com/example/hookintent/BuildConfig.java: -------------------------------------------------------------------------------- 1 | /** Automatically generated file. DO NOT MODIFY */ 2 | package com.example.hookintent; 3 | 4 | public final class BuildConfig { 5 | public final static boolean DEBUG = true; 6 | } -------------------------------------------------------------------------------- /HookIntent/gen/com/example/hookintent/R.java: -------------------------------------------------------------------------------- 1 | /* AUTO-GENERATED FILE. DO NOT MODIFY. 2 | * 3 | * This class was automatically generated by the 4 | * aapt tool from the resource data it found. It 5 | * should not be modified by hand. 6 | */ 7 | 8 | package com.example.hookintent; 9 | 10 | public final class R { 11 | public static final class attr { 12 | } 13 | public static final class drawable { 14 | public static final int ic_launcher=0x7f020000; 15 | } 16 | public static final class string { 17 | public static final int app_name=0x7f030000; 18 | } 19 | public static final class style { 20 | /** 21 | Base application theme, dependent on API level. This theme is replaced 22 | by AppBaseTheme from res/values-vXX/styles.xml on newer devices. 23 | 24 | 25 | Theme customizations available in newer API levels can go in 26 | res/values-vXX/styles.xml, while customizations related to 27 | backward-compatibility can go here. 28 | 29 | 30 | Base application theme for API 11+. This theme completely replaces 31 | AppBaseTheme from res/values/styles.xml on API 11+ devices. 32 | 33 | API 11 theme customizations can go here. 34 | 35 | Base application theme for API 14+. This theme completely replaces 36 | AppBaseTheme from BOTH res/values/styles.xml and 37 | res/values-v11/styles.xml on API 14+ devices. 38 | 39 | API 14 theme customizations can go here. 40 | */ 41 | public static final int AppBaseTheme=0x7f040000; 42 | /** Application theme. 43 | All customizations that are NOT specific to a particular API-level can go here. 44 | */ 45 | public static final int AppTheme=0x7f040001; 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /HookIntent/libs/android-support-v4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/HookIntent/libs/android-support-v4.jar -------------------------------------------------------------------------------- /HookIntent/proguard-project.txt: -------------------------------------------------------------------------------- 1 | # To enable ProGuard in your project, edit project.properties 2 | # to define the proguard.config property as described in that file. 3 | # 4 | # Add project specific ProGuard rules here. 5 | # By default, the flags in this file are appended to flags specified 6 | # in ${sdk.dir}/tools/proguard/proguard-android.txt 7 | # You can edit the include path and order by changing the ProGuard 8 | # include property in project.properties. 9 | # 10 | # For more details, see 11 | # http://developer.android.com/guide/developing/tools/proguard.html 12 | 13 | # Add any project specific keep options here: 14 | 15 | # If your project uses WebView with JS, uncomment the following 16 | # and specify the fully qualified class name to the JavaScript interface 17 | # class: 18 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 19 | # public *; 20 | #} 21 | -------------------------------------------------------------------------------- /HookIntent/project.properties: -------------------------------------------------------------------------------- 1 | # This file is automatically generated by Android Tools. 2 | # Do not modify this file -- YOUR CHANGES WILL BE ERASED! 3 | # 4 | # This file must be checked in Version Control Systems. 5 | # 6 | # To customize properties used by the Ant build system edit 7 | # "ant.properties", and override values to adapt the script to your 8 | # project structure. 9 | # 10 | # To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home): 11 | #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt 12 | 13 | # Project target. 14 | target=android-14 15 | -------------------------------------------------------------------------------- /HookIntent/res/drawable-hdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/HookIntent/res/drawable-hdpi/ic_launcher.png -------------------------------------------------------------------------------- /HookIntent/res/drawable-mdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/HookIntent/res/drawable-mdpi/ic_launcher.png -------------------------------------------------------------------------------- /HookIntent/res/drawable-xhdpi/ic_launcher.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/HookIntent/res/drawable-xhdpi/ic_launcher.png -------------------------------------------------------------------------------- /HookIntent/res/values-v11/styles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /HookIntent/res/values-v14/styles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 8 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /HookIntent/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | HookIntent 4 | 5 | 6 | -------------------------------------------------------------------------------- /HookIntent/res/values/styles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 14 | 15 | 16 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /HookIntent/src/org/wooyun/hookintent/Main.java: -------------------------------------------------------------------------------- 1 | package org.wooyun.hookintent; 2 | 3 | import android.content.*; 4 | import android.content.pm.ApplicationInfo; 5 | import android.os.Bundle; 6 | import android.os.Handler; 7 | import android.util.Log; 8 | import de.robv.android.xposed.IXposedHookLoadPackage; 9 | import de.robv.android.xposed.XC_MethodHook; 10 | import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; 11 | 12 | import java.util.*; 13 | import java.util.Map.Entry; 14 | 15 | import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; 16 | 17 | 18 | public class Main implements IXposedHookLoadPackage { 19 | public static String mainTag = "IHook"; 20 | 21 | @Override 22 | public void handleLoadPackage(LoadPackageParam lpparam) throws Throwable { 23 | 24 | mainTag = mainTag + "-" + lpparam.packageName; 25 | //系统 app 不监控 26 | if ((lpparam.appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) 27 | return; 28 | 29 | //hook 启动 activity android.app.Activity#startActivityForResult 30 | findAndHookMethod("android.app.Activity", lpparam.classLoader, "startActivityForResult", Intent.class, int.class, Bundle.class, new XC_MethodHook() { 31 | // findAndHookMethod("android.app.Instrumentation", lpparam.classLoader, "execStartActivity", Context.class, IBinder.class, IBinder.class, Activity.class, 32 | // Intent.class, int.class, Bundle.class, new XC_MethodHook() { 33 | protected void beforeHookedMethod(MethodHookParam param) throws Throwable { 34 | 35 | Intent it = (Intent) param.args[0]; 36 | Bundle bund = (Bundle) param.args[2]; 37 | String tag = "startActivity"; 38 | getIntentAndBundle(it, bund, tag); 39 | } 40 | } 41 | ); 42 | 43 | //hook 即将启动 activity android.app.PendingIntent#getActivity 44 | findAndHookMethod("android.app.PendingIntent", lpparam.classLoader, "getActivity", Context.class, int.class, Intent.class, int.class, new XC_MethodHook() { 45 | 46 | @Override 47 | protected void beforeHookedMethod(MethodHookParam param) 48 | throws Throwable { 49 | 50 | Intent it = (Intent) param.args[2]; 51 | String tag = "getActivity"; 52 | getIntentAndBundle(it, null, tag); 53 | } 54 | } 55 | ); 56 | 57 | 58 | //由android.content.Context改为ContextWrapper,抽象方法不能 hook 59 | //hook sendBroadcast(Intent intent) 60 | //hook sendBroadcast(Intent intent, String receiverPermission) 61 | //hook sendOrderedBroadcast(Intent intent,String receiverPermission) 62 | //sendOrderedBroadcast(Intent intent, String receiverPermission, BroadcastReceiver resultReceiver,Handler scheduler, int initialCode, String initialData, Bundle initialExtras) 63 | //hook sendStickyBroadcast(Intent intent) 64 | //sendStickyOrderedBroadcast(Intent intent, BroadcastReceiver resultReceiver,Handler scheduler, int initialCode, String initialData,Bundle initialExtras) 65 | //removeStickyBroadcast(Intent intent) 66 | //hook registerReceiver(BroadcastReceiver receiver, IntentFilter filter) 67 | //hook registerReceiver(BroadcastReceiver receiver, IntentFilter filter,String broadcastPermission, Handler scheduler) 68 | 69 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "sendBroadcast", Intent.class, new XC_MethodHook() { 70 | 71 | @Override 72 | protected void beforeHookedMethod(MethodHookParam param) 73 | throws Throwable { 74 | 75 | Intent it = (Intent) param.args[0]; 76 | String tag = "sendBroadcast"; 77 | getIntentAndBundle(it, null, tag); 78 | 79 | } 80 | 81 | } 82 | ); 83 | 84 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "sendBroadcast", Intent.class, String.class, new XC_MethodHook() { 85 | 86 | @Override 87 | protected void beforeHookedMethod(MethodHookParam param) 88 | throws Throwable { 89 | 90 | Intent it = (Intent) param.args[0]; 91 | String tag = "sendBroadcast"; 92 | getIntentAndBundle(it, null, tag); 93 | 94 | String permission = (String) param.args[1]; 95 | if (permission != null) 96 | Log.i(mainTag, tag + " permission:" + permission); 97 | 98 | } 99 | 100 | } 101 | ); 102 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "sendStickyBroadcast", Intent.class, new XC_MethodHook() { 103 | 104 | @Override 105 | protected void beforeHookedMethod(MethodHookParam param) 106 | throws Throwable { 107 | 108 | Intent it = (Intent) param.args[0]; 109 | String tag = "sendStickyBroadcast"; 110 | getIntentAndBundle(it, null, tag); 111 | 112 | } 113 | } 114 | ); 115 | 116 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "sendOrderedBroadcast", Intent.class, String.class, new XC_MethodHook() { 117 | 118 | @Override 119 | protected void beforeHookedMethod(MethodHookParam param) 120 | throws Throwable { 121 | 122 | Intent it = (Intent) param.args[0]; 123 | String tag = "sendOrderedBroadcast"; 124 | getIntentAndBundle(it, null, tag); 125 | String permission = (String) param.args[1]; 126 | if (permission != null) 127 | Log.i(mainTag, tag + " permission:" + permission); 128 | } 129 | } 130 | ); 131 | 132 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "registerReceiver", BroadcastReceiver.class, IntentFilter.class, new XC_MethodHook() { 133 | 134 | @Override 135 | protected void beforeHookedMethod(MethodHookParam param) 136 | throws Throwable { 137 | 138 | 139 | BroadcastReceiver broad = (BroadcastReceiver) param.args[0]; 140 | if (broad != null) 141 | handleBroad(broad); 142 | 143 | IntentFilter filter = (IntentFilter) param.args[1]; 144 | if (filter != null) 145 | handleFilter(filter); 146 | } 147 | 148 | } 149 | ); 150 | 151 | 152 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "registerReceiver", BroadcastReceiver.class, IntentFilter.class, String.class, Handler.class, new XC_MethodHook() { 153 | 154 | @Override 155 | protected void beforeHookedMethod(MethodHookParam param) 156 | throws Throwable { 157 | 158 | 159 | BroadcastReceiver broad = (BroadcastReceiver) param.args[0]; 160 | if (broad != null) 161 | handleBroad(broad); 162 | 163 | IntentFilter filter = (IntentFilter) param.args[1]; 164 | if (filter != null) 165 | handleFilter(filter); 166 | 167 | String per = (String) param.args[2]; 168 | 169 | if (per != null) 170 | Log.i(mainTag, "registerReceiver permission : " + per); 171 | } 172 | 173 | } 174 | ); 175 | 176 | 177 | //由android.content.Context改为ContextWrapper 178 | //hook startService(Intent service) 179 | //stopService(Intent name) 180 | //hook bindService(Intent service, ServiceConnection conn,int flags) 181 | //unbindService(ServiceConnection conn) 182 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "startService", Intent.class, new XC_MethodHook() { 183 | 184 | @Override 185 | protected void beforeHookedMethod(MethodHookParam param) 186 | throws Throwable { 187 | 188 | Intent it = (Intent) param.args[0]; 189 | String tag = "startService"; 190 | getIntentAndBundle(it, null, tag); 191 | } 192 | } 193 | ); 194 | findAndHookMethod("android.content.ContextWrapper", lpparam.classLoader, "bindService", Intent.class, ServiceConnection.class, int.class, new XC_MethodHook() { 195 | 196 | @Override 197 | protected void beforeHookedMethod(MethodHookParam param) 198 | throws Throwable { 199 | 200 | Intent it = (Intent) param.args[0]; 201 | String tag = "bindService"; 202 | getIntentAndBundle(it, null, tag); 203 | } 204 | } 205 | ); 206 | 207 | } 208 | 209 | //处理 IntentFilter ,filter 中可能有多个 action/scheme .... 210 | public void handleFilter(IntentFilter filter) { 211 | 212 | String tag = "registerReceiver"; 213 | StringBuilder sb = new StringBuilder(); 214 | Iterator actions = filter.actionsIterator(); 215 | String action = null; 216 | int i = 0; 217 | while (actions.hasNext()) { 218 | action = actions.next(); 219 | Log.i(mainTag, tag + " action" + i + ":" + action); 220 | i++; 221 | } 222 | 223 | // String category = filter.getCategory(i); 224 | // if (category != null) 225 | // Log.i(mainTag, tag + " category"+i+":" + category); 226 | 227 | // String scheme = filter.getDataScheme(0); 228 | // if (scheme != null) 229 | // Log.i(mainTag, tag + " scheme"+i+":" + scheme); 230 | 231 | } 232 | 233 | 234 | public void handleFilter(IntentFilter filter, String tag) { 235 | StringBuilder sb = new StringBuilder(); 236 | Iterator actions = filter.actionsIterator(); 237 | String action = null; 238 | int i = 0; 239 | while (actions.hasNext()) { 240 | action = actions.next(); 241 | Log.i(mainTag, tag + " action" + i + ":" + action); 242 | i++; 243 | } 244 | } 245 | 246 | public void handleBroad(BroadcastReceiver broad) { 247 | String tag = "registerReceiver"; 248 | Log.i(mainTag, tag + " class: " + broad.getClass().toString()); 249 | } 250 | 251 | 252 | //处理 intent 和 bundle 253 | public void getIntentAndBundle(Intent it, Bundle bund, String tag) { 254 | 255 | //获取 bundle 256 | if (bund != null) { 257 | String NEWLINE = "\n"; 258 | StringBuilder stringBuilder = new StringBuilder(); 259 | Bundle intentBundle = bund; 260 | Set keySet = intentBundle.keySet(); 261 | int count = 0; 262 | 263 | for (String key : keySet) { 264 | count++; 265 | Object thisObject = intentBundle.get(key); 266 | stringBuilder.append(tag + " Bundle EXTRA ").append(count) 267 | .append(":"); 268 | String thisClass = thisObject.getClass().getName(); 269 | if (thisClass != null) { 270 | stringBuilder.append(tag + "Bundle Class: ").append(thisClass) 271 | .append(NEWLINE); 272 | } 273 | stringBuilder.append(tag + " Bundle Key: ").append(key).append(NEWLINE); 274 | 275 | if (thisObject instanceof String || thisObject instanceof Long 276 | || thisObject instanceof Integer 277 | || thisObject instanceof Boolean) { 278 | stringBuilder.append(tag + " Bundle Value: " + thisObject.toString()) 279 | .append(NEWLINE); 280 | } else if (thisObject instanceof ArrayList) { 281 | stringBuilder.append(tag + " Bundle Values:"); 282 | ArrayList thisArrayList = (ArrayList) thisObject; 283 | for (Object thisArrayListObject : thisArrayList) { 284 | stringBuilder.append(thisArrayListObject.toString() 285 | + NEWLINE); 286 | } 287 | } 288 | } 289 | Log.i(mainTag, tag + " Bundle EXTRA:" + stringBuilder); 290 | } 291 | 292 | //取得 action 293 | if (it.getAction() != null) { 294 | Log.i(mainTag, tag + " Action:" + it.getAction()); 295 | } 296 | 297 | //取得 flag 298 | if (it.getFlags() != 0) { 299 | String NEWLINE = "\n"; 300 | StringBuilder stringBuilder = new StringBuilder(); 301 | ArrayList flagsStrings = getFlags(it); 302 | if (flagsStrings.size() > 0) { 303 | for (String thisFlagString : flagsStrings) { 304 | stringBuilder.append(thisFlagString).append(NEWLINE); 305 | } 306 | } else { 307 | stringBuilder.append("NONE").append(NEWLINE); 308 | } 309 | Log.i(mainTag, tag + " Flags:" + stringBuilder); 310 | } 311 | 312 | //取得 data 313 | if (it.getDataString() != null) 314 | Log.i(mainTag, tag + " Data:" + it.getDataString()); 315 | 316 | //取得 type 317 | if (it.getType() != null) 318 | Log.i(mainTag, tag + " Type:" + it.getType()); 319 | 320 | //取得 Component 321 | if (it.getComponent() != null) { 322 | ComponentName cp = it.getComponent(); 323 | Log.i(mainTag, tag + " Component:" + cp.getPackageName() + "/" + cp.getClassName()); 324 | } 325 | 326 | if (it.getExtras() != null) { 327 | String NEWLINE = "\n"; 328 | StringBuilder stringBuilder = new StringBuilder(); 329 | try { 330 | Bundle intentBundle = it.getExtras(); 331 | if (intentBundle != null) { 332 | Set keySet = intentBundle.keySet(); 333 | int count = 0; 334 | 335 | for (String key : keySet) { 336 | count++; 337 | Object thisObject = intentBundle.get(key); 338 | stringBuilder.append(NEWLINE).append(tag + " EXTRA ").append(count) 339 | .append(":").append(NEWLINE); 340 | String thisClass = thisObject.getClass().getName(); 341 | if (thisClass != null) { 342 | stringBuilder.append(tag + " Class: ").append(thisClass) 343 | .append(NEWLINE); 344 | } 345 | stringBuilder.append(tag + " Key: ").append(key).append(NEWLINE); 346 | 347 | if (thisObject instanceof String || thisObject instanceof Long 348 | || thisObject instanceof Integer 349 | || thisObject instanceof Boolean) { 350 | stringBuilder.append(tag + " Value: " + thisObject.toString()) 351 | .append(NEWLINE); 352 | } else if (thisObject instanceof ArrayList) { 353 | stringBuilder.append(tag + " Values:"); 354 | ArrayList thisArrayList = (ArrayList) thisObject; 355 | for (Object thisArrayListObject : thisArrayList) { 356 | stringBuilder.append(thisArrayListObject.toString() 357 | + NEWLINE); 358 | } 359 | } 360 | } 361 | } 362 | 363 | Log.i(mainTag, tag + " EXTRA: \n" + stringBuilder); 364 | } catch (Exception e) { 365 | stringBuilder.append(tag + " BUNDLE:"); 366 | stringBuilder.append(tag + " Error extracting extras"); 367 | e.printStackTrace(); 368 | } 369 | } 370 | } 371 | 372 | //分离 flag 373 | private ArrayList getFlags(Intent editableIntent) { 374 | ArrayList flagsStrings = new ArrayList(); 375 | int flags = editableIntent.getFlags(); 376 | Set> set = FLAGS_MAP.entrySet(); 377 | Iterator> i = set.iterator(); 378 | while (i.hasNext()) { 379 | Entry thisFlag = (Entry) i.next(); 380 | if ((flags & thisFlag.getKey()) != 0) { 381 | flagsStrings.add(thisFlag.getValue()); 382 | } 383 | } 384 | return flagsStrings; 385 | } 386 | 387 | 388 | // 映射 flag 389 | private static final Map FLAGS_MAP = new HashMap() { 390 | { 391 | put(new Integer(Intent.FLAG_GRANT_READ_URI_PERMISSION), 392 | "FLAG_GRANT_READ_URI_PERMISSION"); 393 | put(new Integer(Intent.FLAG_GRANT_WRITE_URI_PERMISSION), 394 | "FLAG_GRANT_WRITE_URI_PERMISSION"); 395 | put(new Integer(Intent.FLAG_FROM_BACKGROUND), 396 | "FLAG_FROM_BACKGROUND"); 397 | put(new Integer(Intent.FLAG_DEBUG_LOG_RESOLUTION), 398 | "FLAG_DEBUG_LOG_RESOLUTION"); 399 | put(new Integer(Intent.FLAG_EXCLUDE_STOPPED_PACKAGES), 400 | "FLAG_EXCLUDE_STOPPED_PACKAGES"); 401 | put(new Integer(Intent.FLAG_INCLUDE_STOPPED_PACKAGES), 402 | "FLAG_INCLUDE_STOPPED_PACKAGES"); 403 | put(new Integer(Intent.FLAG_ACTIVITY_NO_HISTORY), 404 | "FLAG_ACTIVITY_NO_HISTORY"); 405 | put(new Integer(Intent.FLAG_ACTIVITY_SINGLE_TOP), 406 | "FLAG_ACTIVITY_SINGLE_TOP"); 407 | put(new Integer(Intent.FLAG_ACTIVITY_NEW_TASK), 408 | "FLAG_ACTIVITY_NEW_TASK"); 409 | put(new Integer(Intent.FLAG_ACTIVITY_MULTIPLE_TASK), 410 | "FLAG_ACTIVITY_MULTIPLE_TASK"); 411 | put(new Integer(Intent.FLAG_ACTIVITY_CLEAR_TOP), 412 | "FLAG_ACTIVITY_CLEAR_TOP"); 413 | put(new Integer(Intent.FLAG_ACTIVITY_FORWARD_RESULT), 414 | "FLAG_ACTIVITY_FORWARD_RESULT"); 415 | put(new Integer(Intent.FLAG_ACTIVITY_PREVIOUS_IS_TOP), 416 | "FLAG_ACTIVITY_PREVIOUS_IS_TOP"); 417 | put(new Integer(Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS), 418 | "FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS"); 419 | put(new Integer(Intent.FLAG_ACTIVITY_BROUGHT_TO_FRONT), 420 | "FLAG_ACTIVITY_BROUGHT_TO_FRONT"); 421 | put(new Integer(Intent.FLAG_ACTIVITY_RESET_TASK_IF_NEEDED), 422 | "FLAG_ACTIVITY_RESET_TASK_IF_NEEDED"); 423 | put(new Integer(Intent.FLAG_ACTIVITY_LAUNCHED_FROM_HISTORY), 424 | "FLAG_ACTIVITY_LAUNCHED_FROM_HISTORY"); 425 | put(new Integer(Intent.FLAG_ACTIVITY_CLEAR_WHEN_TASK_RESET), 426 | "FLAG_ACTIVITY_CLEAR_WHEN_TASK_RESET"); 427 | put(new Integer(Intent.FLAG_ACTIVITY_NO_USER_ACTION), 428 | "FLAG_ACTIVITY_NO_USER_ACTION"); 429 | put(new Integer(Intent.FLAG_ACTIVITY_REORDER_TO_FRONT), 430 | "FLAG_ACTIVITY_REORDER_TO_FRONT"); 431 | put(new Integer(Intent.FLAG_ACTIVITY_NO_ANIMATION), 432 | "FLAG_ACTIVITY_NO_ANIMATION"); 433 | put(new Integer(Intent.FLAG_ACTIVITY_CLEAR_TASK), 434 | "FLAG_ACTIVITY_CLEAR_TASK"); 435 | put(new Integer(Intent.FLAG_ACTIVITY_TASK_ON_HOME), 436 | "FLAG_ACTIVITY_TASK_ON_HOME"); 437 | put(new Integer(Intent.FLAG_RECEIVER_REGISTERED_ONLY), 438 | "FLAG_RECEIVER_REGISTERED_ONLY"); 439 | put(new Integer(Intent.FLAG_RECEIVER_REPLACE_PENDING), 440 | "FLAG_RECEIVER_REPLACE_PENDING"); 441 | //put(new Integer(0x10000000),"FLAG_RECEIVER_FOREGROUND"); 442 | //put(new Integer(0x08000000),"FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT"); 443 | put(new Integer(0x04000000), 444 | "FLAG_RECEIVER_BOOT_UPGRADE"); 445 | //put(new Integer(0x00080000),"FLAG_ACTIVITY_NEW_DOCUMENT"); 446 | put(new Integer(0x00002000), 447 | "FLAG_ACTIVITY_RETAIN_IN_RECENTS"); 448 | put(new Integer(0x00000040), 449 | "FLAG_GRANT_PERSISTABLE_URI_PERMISSION"); 450 | put(new Integer(0x00000080), 451 | "FLAG_GRANT_PREFIX_URI_PERMISSION"); 452 | //put(new Integer(0x08000000),"FLAG_RECEIVER_NO_ABORT"); 453 | 454 | } 455 | }; 456 | 457 | } 458 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IntentMonitor 2 | 3 | A Tool based on xposed which can monitor the android intents 4 | 5 | It has hooked some method like startActivity sendBroadCast startService ... 6 | 7 | 8 | ![look like this](poc.png) 9 | -------------------------------------------------------------------------------- /filter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/filter.png -------------------------------------------------------------------------------- /poc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WooyunDota/IntentMonitor/18514e11f5aabfa876cf09152557a29d25289b7d/poc.png --------------------------------------------------------------------------------