├── README.md
├── dwarf.json
└── script.js


/README.md:
--------------------------------------------------------------------------------
1 | Dwarf script to collect network requests and display on data panel. No need to unpin certificates as it hook straight low level functions.
2 | Additional, for android, okhttp request and response are hooked and displayed


--------------------------------------------------------------------------------
/dwarf.json:
--------------------------------------------------------------------------------
1 | {
2 |   "dwarf": "2.0.0",
3 |   "author": "iGio90",
4 |   "name": "Dump Network Requests",
5 |   "description": "Dump network requests by hooking low and high level api",
6 |   "android": true,
7 |   "ios": true
8 | }
9 | 


--------------------------------------------------------------------------------
/script.js:
--------------------------------------------------------------------------------
 1 | //Dwarf >= 2.0.0 required!
 2 | addNativeHook(findExport('send'), function (args) {
 3 |     //ssize_t send(int sockfd, const void *buf, size_t len, int flags);
 4 |     var buf = args[1];
 5 |     var len = parseInt(args[2]);
 6 |     if(len > 0) {
 7 |         var what = buf.readByteArray(len);
 8 |         // show the data in ui
 9 |         showData('hex', 'send', what);
10 |     }
11 | });
12 | 
13 | addNativeHook(findExport('recv'), {
14 |     //ssize_t recv(int sockfd, void *buf, size_t len, int flags);
15 |     onEnter: function (args) {
16 |         this.buf = args[1];
17 |     },
18 |     onLeave: function (ret) {
19 |         ret |= 0;
20 |         if(ret > 0) {
21 |             var what = this.buf.readByteArray(parseInt(ret));
22 |             // show the data in ui
23 |             showData('hex', 'recv', what);
24 |         }
25 |     }
26 | });
27 | 
28 | addNativeHook(findExport('SSL_write', 'libssl.so'), function (args) {
29 |     //int SSL_write(SSL *ssl, const void *buf, int num);
30 |     var num = args[2];
31 |     if(num > 0) {
32 |         var buf = args[1].readByteArray(parseInt(args[2]));
33 |         // show the data in ui
34 |         showData('hex', 'SSL_write', buf);
35 |     }
36 | });
37 | 
38 | addNativeHook(findExport('SSL_read', 'libssl.so'), {
39 |     //int SSL_read(SSL *ssl, void *buf, int num);
40 |     onEnter: function (args) {
41 |         this.buf = args[1];
42 |     },
43 |     onLeave: function (ret) {
44 |         ret |= 0;
45 |         if(ret > 0) { // The read operation was successful.
46 |             var what = this.buf.readByteArray(parseInt(ret));
47 |             // send data to ui (data panel)
48 |             showData('hex', 'SSL_read', what);
49 |         }
50 |     }
51 | });
52 | 
53 | addJavaHook('okhttp3.Response', '$init', {
54 |     onLeave: function (result) {
55 |         if (isDefined(this.body())) {
56 |             var dataToShow = "*** REQUEST ***\n\n";
57 |             var request = this.request();
58 |             dataToShow += request.method() + ' ' + request.url();
59 |             dataToShow += "\n\n[HEADERS]\n\n" + request.headers().toString();
60 |             dataToShow += '----------------------------------';
61 |             dataToShow += '\n\n*** RESPONSE ***\n';
62 |             var body = this.peekBody(1024);
63 |             dataToShow += "\n\[HEADERS]\n\n" + this.headers().toString();
64 |             dataToShow += "\n\n[BODY]\n\n" + body.string();
65 |             showData('text', 'okhttp3.Response', dataToShow);
66 |         }
67 |     }
68 | });
69 | 


--------------------------------------------------------------------------------