HttpURLConnection

他是 Android 的默认库。 HttpURLconnection 是基于 http 协议的，支持 get，post，put，delete等各种请求方式，最常用的就是get和post

资料

用到 APP 链接密码: kaoe
示例代码

使用

完整示例代码封装整理的非常棒

使用 connection.setRequestMethod(“GET”); 设置请求方式。
使用 connection.connect(); 连接网络。请求行，请求头的设置必须放在网络连接前。
connection.getInputStream() 只是得到一个流对象，并不是数据，不过我们可以从流中读出数据，从流中读取数据的操作必须放在子线程。
connection.getInputStream() 得到一个流对象，从这个流对象中只能读取一次数据，第二次读取时将会得到空数据。

设置请求头

setRequestProperty(key,value)　　
addRequestProperty(key,value)

区别: setRequestProperty 会覆盖已经存在的 key 的所有 values，有清零重新赋值的作用。而 addRequestProperty 则是在原来 key 的基础上继续添加其他 value。

例如：

connection.setRequestProperty("Content-type","application/x-javascript->json");//json格式数据

Get

HttpURLconnection是同步的请求，最好是放在子线程中。

new Thread(new Runnable() {
    @Override
    public void run() {
        try {
            String url = "https://www.baidu.com/";
            URL url = new URL(url);
            //得到connection对象。
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
            //设置请求方式
            connection.setRequestMethod("GET");
            //连接
            connection.connect();
            //得到响应码
            int responseCode = connection.getResponseCode();
            if(responseCode == HttpURLConnection.HTTP_OK){
                //得到响应流
                InputStream inputStream = connection.getInputStream();
                //将响应流转换成字符串
                String result = is2String(inputStream);//将流转换为字符串。
                Log.d("kwwl","result============="+result);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}).start();

这是非线程的:

public static String get(){
        String message="";
        try {
            URL url=new URL("http://www.baidu.com");
            HttpURLConnection connection= (HttpURLConnection) url.openConnection();
            connection.setRequestMethod("GET");
            connection.setConnectTimeout(5*1000);
            connection.connect();
            InputStream inputStream=connection.getInputStream();
            byte[] data=new byte[1024];
            StringBuffer sb=new StringBuffer();
            int length=0;
            while ((length=inputStream.read(data))!=-1){
                String s=new String(data, Charset.forName("utf-8"));
                sb.append(s);
            }
            message=sb.toString();
            inputStream.close();
            connection.disconnect();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return message;
    }

Post

new Thread(new Runnable() {
    @Override
    public void run() {
        try {
            URL url = new URL(getUrl);
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
            connection.setRequestMethod("POST");//设置请求方式为POST
            connection.setDoOutput(true);//允许写出
            connection.setDoInput(true);//允许读入
            connection.setUseCaches(false);//不使用缓存
            connection.connect();//连接
            int responseCode = connection.getResponseCode();
            if(responseCode == HttpURLConnection.HTTP_OK){
                InputStream inputStream = connection.getInputStream();
                String result = is2String(inputStream);//将流转换为字符串。
                Log.d("kwwl","result============="+result);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}).start();

用post请求传递键值对参数

new Thread(new Runnable() {
    @Override
    public void run() {
        try {
            URL url = new URL(getUrl);
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
            connection.setRequestMethod("POST"); 
            connection.setDoOutput(true);
            connection.setDoInput(true);
            connection.setUseCaches(false);
            connection.connect();

            String body = "userName=zhangsan&password=123456";
            BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(connection.getOutputStream(), "UTF-8"));
            writer.write(body);
            writer.close();

            int responseCode = connection.getResponseCode();
            if(responseCode == HttpURLConnection.HTTP_OK){
                InputStream inputStream = connection.getInputStream();
                String result = is2String(inputStream);//将流转换为字符串。
                Log.d("kwwl","result============="+result);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}).start();

post 传 json

new Thread(new Runnable() {
    @Override
    public void run() {
        try {
            URL url = new URL(getUrl);
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
            connection.setRequestMethod("POST"); 
            connection.setDoOutput(true);
            connection.setDoInput(true);
            connection.setUseCaches(false);
            connection.setRequestProperty("Content-Type", "application/json;charset=utf-8");//设置参数类型是json格式
            connection.connect();

            String body = "{userName:zhangsan,password:123456}";
            BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(connection.getOutputStream(), "UTF-8"));
            writer.write(body);
            writer.close();

            int responseCode = connection.getResponseCode();
            if(responseCode == HttpURLConnection.HTTP_OK){
                InputStream inputStream = connection.getInputStream();
                String result = is2String(inputStream);//将流转换为字符串。
                Log.d("kwwl","result============="+result);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}).start();

逆向抓取

hook URL

初始化 url 的时候会调用

所以我们可以通过 hook URL 来得到连接(Objection)

android hooking watch class_method java.net.URL.$init --dump-args --dump-backtrace -                                           -
dump-return

值得注意的是， URL 是构造函数 objection 是要自己指定 $init 的！

如此就可以拿到 URL

hook 请求参数

上面我们说到了2种参数添加的方法，所以这两种我们都要hook

setRequestProperty(key,value)　　
addRequestProperty(key,value)

frida 代码

        URLConnection.setRequestProperty.overload('java.lang.String', 'java.lang.String').implementation = function(str1, str2){
            console.log('[Reqeust] PropertySet ==> ', str1, str2);
            this.setRequestProperty(str1, str2);
        }
        URLConnection.addRequestProperty.overload('java.lang.String', 'java.lang.String').implementation = function(str1, str2){
            console.log('[Reqeust] PropertyAdd ==> ', str1, str2);
            this.addRequestProperty(str1, str2);
        }

hook methok

        // Method
        HttpURLConnection.setRequestMethod.overload('java.lang.String').implementation = function(str){
            console.log('[Reqeust] Method ==> ', str);
            this.setRequestMethod(str);
        }

HttpURLConnection 开发与 hook