-
-
Save nullmastermind/48beec73d8fab71af4b6945c9ab9e6bc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name ZaloDecryptor | |
| // @namespace http://tampermonkey.net/ | |
| // @version 1.0.0 | |
| // @description Decrypt and log Zalo's HTTP requests and WebSocket traffics | |
| // @author ElectroHeavenVN | |
| // @match https://chat.zalo.me/* | |
| // @icon https://www.google.com/s2/favicons?sz=64&domain=zalo.me | |
| // @grant none | |
| // @run-at document-start | |
| // @updateURL https://gist.github.com/ElectroHeavenVN/ded1eb9c791018ec134ab6f0cff57f2f/raw/ZaloDecryptor.user.js | |
| // @downloadURL https://gist.github.com/ElectroHeavenVN/ded1eb9c791018ec134ab6f0cff57f2f/raw/ZaloDecryptor.user.js | |
| // ==/UserScript== | |
| (function() { | |
| 'use strict'; | |
| const console_log = window.console.log; | |
| var httpHookInstalled = false; | |
| var wsHookInstalled = false; | |
| const originalOpen = XMLHttpRequest.prototype.open; | |
| XMLHttpRequest.prototype.open = function (method, url, async, user, password) { | |
| console_log("%c[XMLHttpRequest] %c[Send] %c" + url, 'color: red', 'color: orange', ''); | |
| originalOpen.apply(this, arguments); | |
| if (httpHookInstalled) return; | |
| if (!url.includes("api/login/getServerInfo")) return; | |
| if (url.includes("viewerkey")) return; | |
| httpHookInstalled = true; | |
| console_log("Installing HTTP hooks..."); | |
| const ZHttpWebpack = window.webpackJsonp.push([[Math.random()],{},[["z0WU"]]]); | |
| ZHttpWebpack.default.original_encodeAES = ZHttpWebpack.default.encodeAES; | |
| ZHttpWebpack.default.encodeAES = (e, t = 0) => { | |
| console_log("%c[HTTP] %c[Send] %c" + e, 'color: red', 'color: orange', ''); | |
| return ZHttpWebpack.default.original_encodeAES(e, t); | |
| }; | |
| ZHttpWebpack.default.original_decodeAES = ZHttpWebpack.default.decodeAES; | |
| ZHttpWebpack.default.decodeAES = (e, t = 0) => { | |
| var n = ZHttpWebpack.default.original_decodeAES(e, t); | |
| console_log("%c[HTTP] %c[Receive] %c" + n, 'color: red', 'color: orange', ''); | |
| return n; | |
| }; | |
| }; | |
| const originalAddEventListener = WebSocket.prototype.addEventListener; | |
| WebSocket.prototype.addEventListener = function (...args) { | |
| originalAddEventListener.apply(this, arguments); | |
| if (!wsHookInstalled) { | |
| console_log("Installing WebSocket hooks..."); | |
| const ZWSWebpack = window.webpackJsonp.push([[Math.random()],{},[["8RMw"]]]); | |
| ZWSWebpack.default.original__onData = ZWSWebpack.default._onData; | |
| ZWSWebpack.default._onData = async (e, t, a, n) => { | |
| console_log("%c[WebSocket] %c[Receive] %cOpcode:%c " + e + ", %ccommand:%c " + t + ", %cversion:%c " + a + ", %cdata:%c " + n, 'color: red', 'color: orange', 'color: cyan', '', 'color: cyan', '', 'color: cyan', '', 'color: cyan', ''); | |
| return await ZWSWebpack.default.original__onData(e, t, a, n); | |
| }; | |
| const originalSend = WebSocket.prototype.send; | |
| WebSocket.prototype.send = function (d) { | |
| originalSend.apply(this, arguments); | |
| var jsonData = ""; | |
| var buffer = new Uint8Array(d.byteLength - 4); | |
| for (var i = 0; i < d.byteLength - 4; i++) { | |
| buffer[i] = d.getInt8(i + 4); | |
| } | |
| jsonData = new TextDecoder().decode(buffer); | |
| console_log("%c[WebSocket] %c[Send] %cOpcode:%c " + d.getInt16(1, true) + ", %ccommand:%c " + d.getInt8(3) + ", %cversion:%c " + d.getInt8(0) + ", %cdata:%c " + jsonData, 'color: red', 'color: orange', 'color: cyan', '', 'color: cyan', '', 'color: cyan', '', 'color: cyan', ''); | |
| }; | |
| wsHookInstalled = true; | |
| } | |
| } | |
| })(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment