├── README.md └── addres ├── address_8447_x64.js ├── address_8461_x64.js ├── address_8501_x64.js ├── address_8519_x64.js ├── address_8529_x64.js ├── address_8531_x64.js ├── address_8555_x64.js ├── address_9105_x64.js ├── address_9115_x64.js ├── address_9129_x64.js └── address_9133_x64.js /README.md: -------------------------------------------------------------------------------- 1 | # wx-hook 2 | 3 | ### 介绍 4 | 5 | 用于记录老版本的小程序的基址和文件,用于绕过使用 6 | 7 | 8 | 9 | ### bug处理 10 | 11 | > 注意当前方法可能导致一些神奇的bug,提前声明这类bug,我不怎么会解决,可以反馈大家一起解决 12 | > 13 | > 90%的bug,可以采用将RadiumWMPF里面的所有小程序删除完,然后重启wx,重新替换,替换文件修改只读解决 14 | 15 | 16 | 17 | ## 优化使用 18 | 19 | **介绍** 20 | 21 | 这里是 https://github.com/eeeeeeeeee-code/e0e1-wx 的hook优化扩展使用 22 | 23 | > 新版的devtools十分难受,界面垃圾,功能稀少,感觉就是微信防止hook的一种限制手段 24 | > 25 | > 这里找到一种绕过的方法 26 | 27 | 28 | 29 | **使用方法** 30 | 31 | 1.在 Releases,下载老版本的小程序文件,这里我下载的是8447.zip文件 32 | 33 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/6f8f8faf-b8d2-462d-9b76-f0ebc25d50ed) 34 | 35 | 2.退出微信,来到 %appdata%\Tencent\WeChat\XPlugin\Plugins\RadiumWMPF\ 文件夹,将新版小程序里面的文件清空,列如我这里是9129,将里面的文件清空 36 | 37 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/cab74171-4348-4506-bc8c-e315f10e89e1) 38 | 39 | 3.解压老版本的小程序文件,将里面的**extracted文件夹**所有内容复制到**9129下面** (我是9129,你们是什么自己看) 40 | 41 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/d18757fd-32bf-44bf-9d07-35a8d37c7a5a) 42 | 43 | 4.将文件夹设置成只读,然后打开微信 44 | 45 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/f19055e3-2bfb-4c3e-afcd-b847f5c28181) 46 | 47 | 5.然后来到addres,找到对应的基址替换上去,列如我替换的文件是8447的,就使用8447的基址 48 | 49 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/c6b0e492-36fc-4233-ab7c-f19836e121d7) 50 | 51 | 6.启动e0e1-wx脚本,发现成功hook以前的devtools了 52 | 53 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/4ee986a4-9eca-4d5b-b91c-e0460fae09de) 54 | 55 | 56 | # windows 小程序抓包流程 57 | 58 | #### 介绍 59 | 60 | > 发现些人还在用 安卓模拟器去搞小程序抓包,这样费时不省力,而且准备的工具e0e1-wx,就是为了配合windows小程序渗透的 61 | > 62 | > 所以接下来的优化,准备通过python脚本来抓小程序的http\https流量,直接转发到burp。 63 | 64 | #### 环境准备 65 | 66 | > 1.Proxifier 老版中文版 (网上很多) 67 | > 68 | > 2.burp 69 | 70 | 首先打开Proxifier ,寻找代理服务器 71 | 72 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/1682a602-725f-4f4a-8afa-8fc2d763dfff) 73 | 74 | 选择添加一个代理,这里就添加自己burp设置的代理就可以了,端口也是burp对应的端口,自己设置 75 | 76 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/3cae484a-c94e-4a4e-8192-b13538dabc4b) 77 | 78 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/c31183a5-e45d-4d76-8fc6-3824e0a404f3) 79 | 80 | 选择代理规则 81 | 82 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/cca5dd5c-c442-435f-8da2-8728952ce86c) 83 | 84 | 这里选择添加个代理规则 85 | 86 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/29076ef7-2796-41db-b058-1795ccec2aa0) 87 | 88 | 应用程序填写为这些 89 | 90 | ``` 91 | WeChatApp.exe;WechatBrowser.exe;WeChatAppEx.exe 92 | ``` 93 | 94 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/5239aec0-b461-4392-a637-9baeaae883f7) 95 | 96 | 然后打开你的burp,打开你想要搞的小程序,是可以轻松拦包的,包括https的包 97 | 98 | ![image](https://github.com/eeeeeeeeee-code/wx-hook/assets/115862499/35fe9610-d2e1-4946-aee4-995a06b87c8d) 99 | -------------------------------------------------------------------------------- /addres/address_8447_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x1B3FF48", 3 | "WechatAppHtml":"0x2EC9FBD", 4 | "WechatWebHtml":"0x7C0D6BD", 5 | "WechatAppExLog":"0x2F20022" 6 | } -------------------------------------------------------------------------------- /addres/address_8461_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x1B4013F", 3 | "WechatAppHtml":"0x2ECA1CD", 4 | "WechatWebHtml":"0x7C0D7AD", 5 | "WechatAppExLog":"0x2F20022" 6 | } -------------------------------------------------------------------------------- /addres/address_8501_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x2A4C18D", 3 | "WechatAppHtml":"0x28E1D66", 4 | "WechatWebHtml":"0x7A23D33" 5 | } -------------------------------------------------------------------------------- /addres/address_8519_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x02A4C21D", 3 | "WechatAppHtml":"0x28E1D66", 4 | "WechatWebHtml":"0x7A23D33", 5 | "WechatAppExLog":"0x2F20022" 6 | } -------------------------------------------------------------------------------- /addres/address_8529_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x02A4D29D", 3 | "WechatAppHtml":"0x28E1D66", 4 | "WechatWebHtml":"0x7A2D533", 5 | "WechatAppExLog":"0x2F20022" 6 | } -------------------------------------------------------------------------------- /addres/address_8531_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x02A4D3ED", 3 | "WechatAppHtml":"0x28E1DF6", 4 | "WechatWebHtml":"0x7A2E563", 5 | "WechatAppExLog":"0x2F20022" 6 | } -------------------------------------------------------------------------------- /addres/address_8555_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x02A4D52D", 3 | "WechatAppHtml":"0x28E1E36", 4 | "WechatWebHtml":"0x7A2E563", 5 | "SetEnableDebug":"0x7A4C5D8", 6 | "MenuItemDevToolsString":"0x2BC92AE" 7 | } 8 | -------------------------------------------------------------------------------- /addres/address_9105_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x2649DAD", 3 | "WechatAppHtml":"0x24BF4EB", 4 | "WechatWebHtml":"0x24BF4E4", 5 | "SetEnableDebug":"0x9A595C0", 6 | "MenuItemDevToolsString":"0x28776E5" 7 | } -------------------------------------------------------------------------------- /addres/address_9115_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x2649DAD", 3 | "WechatAppHtml":"0x24BF4EB", 4 | "WechatWebHtml":"0x24BF4E4", 5 | "MenuItemDevToolsString":"0x2877F65", 6 | "SetEnableDebug":"0x9A595A0", 7 | "WechatAppExLog":"0x64ABFD" 8 | } 9 | -------------------------------------------------------------------------------- /addres/address_9129_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x264AAED", 3 | "WechatAppHtml":"0x24C006B", 4 | "WechatWebHtml":"0x24C0064", 5 | "SetEnableDebug":"0x9A57860", 6 | "MenuItemDevToolsString":"0x287A485" 7 | } -------------------------------------------------------------------------------- /addres/address_9133_x64.js: -------------------------------------------------------------------------------- 1 | address = { 2 | "LaunchAppletBegin": "0x26F1627", 3 | "WechatAppHtml":"0x2554AAB", 4 | "WechatWebHtml":"0x2554AA4", 5 | "SetEnableDebug":"0x9C1D8C0", 6 | "MenuItemDevToolsString":"0x290EB85", 7 | "WechatAppExLog":"0x6A0D8D" 8 | } 9 | --------------------------------------------------------------------------------