heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

socket activity #refactoring

Browse Source
This commit is contained in:
iddoeldor 2019-04-17 15:14:14 +03:00 committed by GitHub
parent 11fce7c847
commit 2b87e7e6bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 56 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@ -67,15 +67,19 @@
#### Socket activity #### Socket activity
```js ```js
var socketFunctionPrefixes = ['connect', 'recv', 'send', 'read', 'write']; Module.enumerateExportsSync(
function isSocketFunction(name) { // finding socket module path
return socketFunctionPrefixes.some(function (prefix) { Process.enumerateModulesSync().filter(function(m){·
return name.indexOf(prefix) === 0; return m.name === { linux: 'libc.so', darnwin: 'libSystem.B.dylib', windows: 'ws2_32.dll' }[Process.platform]
}); })[0].path
} ).forEach(function(ex){
var libcPath = Process.enumerateModulesSync().filter(function(m){return m.name.indexOf('libc.so')!=-1})[0].path; // on iOS (darwin) instead of libc search for libSystem.B.dylib if (
Module.enumerateExportsSync(libcPath).forEach(function(ex){ ex.type === 'function' &&·
if (ex.type === 'function' && isSocketFunction(ex.name)) { // if function contains the prefix of one of the socket related functions
['connect', 'recv', 'send', 'read', 'write'].some(function(prefix) {
return ex.name.indexOf(prefix) === 0
})
) {
Interceptor.attach(ex.address, { Interceptor.attach(ex.address, {
onEnter: function (args) { onEnter: function (args) {
this.fd = args[0].toInt32(); this.fd = args[0].toInt32();
@ -100,15 +104,19 @@
Android example Android example
``` ```
Java.perform(function(){ Java.perform(function(){
var socketFunctionPrefixes = ['connect', 'recv', 'send', 'read', 'write']; Module.enumerateExportsSync(
function isSocketFunction(name) { // finding socket module path
return socketFunctionPrefixes.some(function (prefix) { Process.enumerateModulesSync().filter(function(m){·
return name.indexOf(prefix) === 0; return m.name === { linux: 'libc.so', darnwin: 'libSystem.B.dylib', windows: 'ws2_32.dll' }[Process.platform]
}); })[0].path
} ).forEach(function(ex){
var libcPath = Process.enumerateModulesSync().filter(function(m){return m.name.indexOf('libc.so')!=-1})[0].path; if (
Module.enumerateExportsSync(libcPath).forEach(function(ex){ ex.type === 'function' &&·
if (ex.type === 'function' && isSocketFunction(ex.name)) { // if function contains the prefix of one of the socket related functions
['connect', 'recv', 'send', 'read', 'write'].some(function(prefix) {
return ex.name.indexOf(prefix) === 0
})
) {
Interceptor.attach(ex.address, { Interceptor.attach(ex.address, {
onEnter: function (args) { onEnter: function (args) {
this.fd = args[0].toInt32(); this.fd = args[0].toInt32();