WechatVideoSniffer微信视频号PC版视频地址嗅探器
By
xuncv
at 2022-07-03 • 0人收藏 • 1242人看过
开源地址 xuncv/WechatVideoSniffer: 微信视频号PC版视频地址嗅探器 (github.com)
原理
使用FiddlerCore .Net组件,注册系统代理,监听主机的http/https请求,从而匹配出微信视频号视频的地址
import win.ui;
/*DSG{{*/
mainForm = win.form(text="WechatVideoSniffer";right=959;bottom=591)
mainForm.add(
btnClear={cls="button";text="清空列表";left=797;top=540;right=889;bottom=580;z=5};
btnDown={cls="button";text="下载选中";left=794;top=120;right=885;bottom=157;z=4};
btnSniffer={cls="button";text="监听";left=794;top=14;right=885;bottom=51;z=1};
btnStop={cls="button";text="停止";left=794;top=70;right=885;bottom=107;z=2};
listview={cls="listview";left=17;top=15;right=787;bottom=584;edge=1;z=3}
)
/*}}*/
import dotNet
mainForm.listview.insertColumn( "URL",-1 )
dotNet.reference({
"FiddlerCore4" = $"res\FiddlerCore4.dll";
"CertMaker" = $"res\CertMaker.dll";
"BCMakeCert" = $"res\BCMakeCert.dll";
"BasicFormatsForCore" = $"res\BasicFormatsForCore.dll"
})
var FiddlerCore4 = dotNet.load("FiddlerCore4")
Fiddler = FiddlerCore4.import("Fiddler")
InstallCertificate = function(){
if(!Fiddler.CertMaker.rootCertExists()){
if(!Fiddler.CertMaker.createRootCert()){
return false;
}
if(Fiddler.CertMaker.trustRootCert()){
return false;
}
}
return true;
}
UninstallCertificate = function(){
if(Fiddler.CertMaker.rootCertExists()){
if(!Fiddler.CertMaker.removeFiddlerGeneratedCerts(true)){
return false;
}
}
return true;
}
AttachListening = function(){
Fiddler.FiddlerApplication.BeforeRequest = function(s){
s.bBufferResponse = false;
if(string.startWith(s.fullUrl,"https://finder.video.qq.com/251/20302/")){
mainForm.listview.addItem( {s.fullUrl} )
}
}
/*
Fiddler.FiddlerApplication.BeforeResponse = function(s){
if(string.startWith(s.fullUrl,"https://finder.video.qq.com")){
mainForm.listview.addItem( {s.fullUrl} )
}
}
*/
}
StartupFiddlerCore = function(){
Fiddler.FiddlerApplication.Startup(9898,Fiddler.FiddlerCoreStartupFlags.Default | Fiddler.FiddlerCoreStartupFlags.RegisterAsSystemProxy)
}
UninstallFiddler = function(){
if(Fiddler.FiddlerApplication.IsStarted()){
Fiddler.FiddlerApplication.Shutdown();
}
}
mainForm.btnSniffer.oncommand = function(id,event){
InstallCertificate()
AttachListening()
StartupFiddlerCore()
mainForm.btnSniffer.disabled = true
}
mainForm.btnStop.oncommand = function(id,event){
UninstallCertificate()
UninstallFiddler()
mainForm.btnSniffer.disabled = false
}
mainForm.btnClear.oncommand = function(id,event){
mainForm.listview.clear()
}
mainForm.btnDown.oncommand = function(id,event){
var index = mainForm.listview.selIndex
if(index>0){
var url = mainForm.listview.getItemText(index,1,1024)
mainForm.btnDown.text = "下载中"
mainForm.btnDown.disabled = true
thread.invokeAndWait(
function(url){
import inet.httpFile
math.randomize()
var remoteFile = inet.httpFile( url,"/download/" + string.random(6) + ".mp4" )
remoteFile.test()
remoteFile.download()
remoteFile.close()
},url
)
mainForm.msgbox("下载完成")
mainForm.btnDown.text = "下载选中"
mainForm.btnDown.disabled = false
}
}
mainForm.onClose = function(hwnd,message,wParam,lParam){
//UninstallCertificate()
UninstallFiddler()
}
mainForm.show();
return win.loopMessage();
5 个回复 | 最后更新于 2022-07-08
666
想不到现在调用C#这么方便了。
测试了下。感觉aar对属性的调用,好像不完整。
比如,Fiddler.FiddlerApplication.IsStarted()
这个在启动后查询不到,会无值(null),会报错。但是启动后,过一阵查询,是可以查到的。
Fiddler.FiddlerApplication.GetVersionString() 这个按说明是有这个属性的,但一执行就报错。
调用栈:
[kernel]: in function 'error'
...eensoft\aardio\lib\dotNet\appDomain.aardio:168: in function 'GetVersi
onString'
[string "import win.ui..."]:169: in function 'oncommand'
另一个问题是,网站访问会提示安全问题,应该是证书没加到信任组的原因吧。而用C#制作的程序和用fiddler,都不会提示。难道它与fiddler不是共用一个证书?
回复#2 @googles :
大致看了下,GetVersionString()这个报的是路径错误,所以用dnspy看下它这个方法实现源码
public static string GetVersionString()
{
FileVersionInfo versionInfo = FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location);
string empty = string.Empty;
string text = "FiddlerCore";
return string.Format("{0}/{1}.{2}.{3}.{4}{5}", new object[]
{
text,
versionInfo.FileMajorPart,
versionInfo.FileMinorPart,
versionInfo.FileBuildPart,
versionInfo.FilePrivatePart,
empty
});
}从上面源码可知, 它就是读取dll文件系统上面的版本号
直接读取本地文件取版本号, 我们用$将dll钉在内存里当然就路径不对了, 毕竟$后内存里是虚拟路径, 那么解决办法就是不用$符号包含都放到本地就可以了.
var FiddlerCore4Dll = dotNet.load("\res\FiddlerCore4.dll")
Fiddler = FiddlerCore4Dll.import("Fiddler")
console.log( Fiddler.FiddlerApplication.GetVersionString() ); 
登录后方可回帖
666