hook cookie
var cookie = document.cookie;
document = Object.defineProperty(document, 'cookie', {
get: function(){
console.log('getter:', cookie);
return cookie;
},
set: function(value){
console.log('setter:'+value);
cookie = value;
}
});
-------------------------------------------------------------------
// ==UserScript==
// @name cookie_hook
// @namespace http://tampermonkey.net/
// @version 0.1
// @description try to take over the world!
// @author student
// @include *
// @grant none
// ==/UserScript==
(function() {
'use strict';
var cookie_cache = document.cookie;
Object.defineProperty(document, 'cookie', {
get: function() {
console.log("Getting cookie: ", cookie_cache);
return cookie_cache;
},
set: function(val) {
console.log("Setting cookie: ", val);
var cookie = val.split(";")[0];
var ncookie = cookie.split("=");
var flag = false;
var cache = cookie_cache.split("; ");
cache = cache.map(function(a){
if (a.split("=")[0] === ncookie[0]){
flag = true;
return cookie;
}
return a;
})
cookie_cache = cache.join("; ");
if (!flag){
cookie_cache += "; " + cookie;
}
},
});
})();
hook json
var my_stringify= JSON.stringify;
JSON.stringify = function (params){
console.log("JSON.stringify: ",params);
return my_stringify(params);
};
var my_parse = JSON.parse;
JSON.parse = function (params){
console.log("JSON.parse",params);
return my_parse(params);
};
通用模版
var old_func = Date.parse;
Date.parse = function(arguments){
console.log("hook到啦")
console.log(arguments)
return old_func.apply(arguments)
}
hook array push
var _push = Array.prototype.push
Array.prototype.push=function(){
for(let i=0;i<arguments.length;i++){
if(typeof arguments[i]==="string"){
//console.log(arguments.length, i, JSON.stringify(arguments[i]));;
arguments[i] = arguments[i].replace('debugger', 'deeugger')
}
}
_push.apply(this,arguments)
}
hook array change
function watchArray(arr, callback) {
var oldVal = "" + arr;
setInterval(function() {
var curVal = "" + arr;
if (curVal != oldVal) {
callback();
oldVal = curVal;
}
}, 50);
}
a = []
watchArray(a, ()=>console.log("Array Change:" + a.toString()))
a = []
window.a = a
setInterval(function() {
let curVal = "" + window.a;
if (curVal != window.oldVal) {
console.log("dddd" + window.a)
window.oldVal = curVal;
}
}, 100);
a[1] = 1
Hook toString 绕过防格式化
// ==UserScript==
// @name Hook toString
// @namespace http://tampermonkey.net/
// @version 0.1
// @description hook browser's eval function
// @author hacker_cxj
// @match *://*/*
// @grant none
// @run-at document-start
// ==/UserScript==
(function() {
'use strict';
var originalToString = Object.__proto__.toString;
Object.__proto__.toString = function () {
console.log("Custom toString method called!");
let r = originalToString.call(this);
console.log(r);
debugger;
return r
};
})();
hook XMLHttpRequest 检查参数生成的地方
(不加 @run-at document-start 可能导致hook慢于页面的js代码)
// ==UserScript==
// @name XMLHttpRequest Hook
// @namespace http://your-namespace.com
// @version 1.0
// @description Hook XMLHttpRequest open method
// @match http://*/*
// @match https://*/*
// @grant none
// @run-at document-start
// ==/UserScript==
(function() {
// 保存原始的 open 方法
var originalOpen = XMLHttpRequest.prototype.open;
// 重写 open 方法
XMLHttpRequest.prototype.open = function(...arguments) {
// 在此处添加你的自定义逻辑
console.log('XHR open method is hooked!');
console.log('arguments:', JSON.stringify(arguments));
/*console.log('URL:', url);
if(url.indexOf("verifyQRCode")!==-1){
debugger}
console.log('Async:', async);
console.log('User:', user);
console.log('Pass:', pass);
*/
// 调用原始的 open 方法
originalOpen.apply(this, arguments);
};
})();
hook time
// ==UserScript==
// @name Hook All Timestamp Functions
// @namespace http://tampermonkey.net/
// @version 0.1
// @description Hook and log all timestamp functions
// @match *://*/*
// @grant none
// @run-at document-start
// ==/UserScript==
(function() {
// 存储原始Date构造函数的引用
const OriginalDate = Date;
const const_time = 1705052181949;
// 重写Date构造函数
function MockDate(...args) {
return new OriginalDate(const_time); // 你可以将这个日期替换为任何你需要的日期
}
// 将Date构造函数的原型指向原始的Date原型,以便继承Date的所有方法
MockDate.prototype = OriginalDate.prototype;
// 添加一个now方法,以便MockDate.now()返回正确的时间戳
MockDate.now = function() {
return const_time; // 返回特定的时间戳,你可以替换为任何你需要的时间戳
};
// 兼容Date.parse静态方法
MockDate.parse = function(dateString) {
return OriginalDate.parse(dateString);
};
// 兼容Date.UTC静态方法
MockDate.UTC = function(...args) {
return OriginalDate.UTC(...args);
};
// 兼容其他可能的静态方法,例如toString或toUTCString
MockDate.toString = function() {
return OriginalDate.toString();
};
MockDate.toUTCString = function() {
return OriginalDate.toUTCString();
};
// 将全局Date对象替换为我们的MockDate
Date = MockDate;
// 测试
console.log(new Date().getTime());
})();
localStorage sessionStorage cookie 导入导出
导出
function exportStoragesAsString() {
// 创建一个对象来存储所有的存储项
const exportObj = {
localStorage: {},
sessionStorage: {}
};
// 遍历 localStorage 的所有键
for (let i = 0; i < localStorage.length; i++) {
const key = localStorage.key(i);
exportObj.localStorage[key] = localStorage.getItem(key);
}
// 遍历 sessionStorage 的所有键
for (let i = 0; i < sessionStorage.length; i++) {
const key = sessionStorage.key(i);
exportObj.sessionStorage[key] = sessionStorage.getItem(key);
}
// 将对象转换为 JSON 字符串
const jsonString = JSON.stringify(exportObj);
// 返回 JSON 字符串
return jsonString;
}
// 调用函数并打印结果
const StorageString = exportStoragesAsString();
copy(StorageString);
导入
function importStoragesFromString(storageImportObj) {
// 导入 localStorage 数据
if (storageImportObj.localStorage) {
for (const key in storageImportObj.localStorage) {
if (storageImportObj.localStorage.hasOwnProperty(key)) {
localStorage.setItem(key, storageImportObj.localStorage[key]);
}
}
}
// 导入 sessionStorage 数据
if (storageImportObj.sessionStorage) {
for (const key in storageImportObj.sessionStorage) {
if (storageImportObj.sessionStorage.hasOwnProperty(key)) {
sessionStorage.setItem(key, storageImportObj.sessionStorage[key]);
}
}
}
}
// 假设您有一个之前导出的 JSON 对象
const storageImportObj = {"localStorage":{"a":"a"},"sessionStorage":{"b":"b"}};
// 调用函数并导入数据
importStoragesFromString(storageImportObj);