关于iOS 调试任意webview 可以参考 Tweak 全局开启任意 App 的 WebView 调试
本篇参考该文章,重点说一下不同。macOS WeChat不允许调试webview,其中的entitlements如下
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string>5A4RE8SF68</string>
<key>com.apple.security.device.microphone</key>
<true/>
<key>com.apple.application-identifier</key>
<string>5A4RE8SF68.com.tencent.xinWeChat</string>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>5A4RE8SF68.com.tencent.xinWeChat</string>
</array>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
</dict>
</plist>
虾米音乐macOS 客户端允许调试,entitlements如下
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>597MX98Y4L.com.xiami.client</string>
<key>com.apple.developer.team-identifier</key>
<string>597MX98Y4L</string>
<key>com.apple.security.app-sandbox</key>
<false/>
<key>com.apple.security.get-task-allow</key>
<true/>
</dict>
</plist>
可以发现虾米音乐中多了com.apple.security.get-task-allow。在macOS中也有名为webinspectord的daemon,webinspectord中与iOS相比唯一的不同就是函数名为RWIRelayDelegateMac,该函数位于/System/Library/PrivateFrameworks/WebInspector.framework/Versions/A/WebInspector库中。其中函数也是_allowApplication:bundleIdentifier:,通过frida hook webinspectord进程会报错,这是因为SIP,如果想通过hook的方式修改只能关闭SIP。
ps:先打开safari再启动被调试程序