heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

socket activity refactoring

Browse Source
This commit is contained in:
iddoeldor 2019-05-26 18:00:15 +03:00 committed by GitHub
parent 29fbbdd281
commit 743dfe086e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@ -180,25 +180,13 @@ onLeave
#### Socket activity #### Socket activity
```js ```js
Module.enumerateExportsSync( Process
// finding socket module path .getModuleByName({ linux: 'libc.so', darwin: 'libSystem.B.dylib', windows: 'ws2_32.dll' }[Process.platform])
Process.enumerateModulesSync().filter(function(m){ .enumerateExports().filter(ex => ex.type === 'function' && ['connect', 'recv', 'send', 'read', 'write'].some(prefix => ex.name.indexOf(prefix) === 0))
return m.name === { linux: 'libc.so', darwin: 'libSystem.B.dylib', windows: 'ws2_32.dll' }[Process.platform] .forEach(ex => {
})[0].path
).forEach(function(ex){
if (
ex.type === 'function' &&·
// if function contains the prefix of one of the socket related functions
['connect', 'recv', 'send', 'read', 'write'].some(function(prefix) {
return ex.name.indexOf(prefix) === 0
})
) {
Interceptor.attach(ex.address, { Interceptor.attach(ex.address, {
onEnter: function (args) { onEnter: function (args) {
this.fd = args[0].toInt32(); var fd = args[0].toInt32();
},
onLeave: function (retval) {
var fd = this.fd;
if (Socket.type(fd) !== 'tcp') if (Socket.type(fd) !== 'tcp')
return; return;
var address = Socket.peerAddress(fd); var address = Socket.peerAddress(fd);
@ -206,49 +194,16 @@ Module.enumerateExportsSync(
return; return;
console.log(fd, ex.name, address.ip + ':' + address.port); console.log(fd, ex.name, address.ip + ':' + address.port);
} }
}); })
} })
});
``` ```
<details> <details>
<summary>Output example</summary> <summary>Output example</summary>
Android example Android example
```
Java.perform(function(){
Module.enumerateExportsSync(
// finding socket module path
Process.enumerateModulesSync().filter(function(m){
return m.name === { linux: 'libc.so', darwin: 'libSystem.B.dylib', windows: 'ws2_32.dll' }[Process.platform]
})[0].path
).forEach(function(ex){
if (
ex.type === 'function' &&·
// if function contains the prefix of one of the socket related functions
['connect', 'recv', 'send', 'read', 'write'].some(function(prefix) {
return ex.name.indexOf(prefix) === 0
})
) {
Interceptor.attach(ex.address, {
onEnter: function (args) {
this.fd = args[0].toInt32();
},
onLeave: function (retval) {
var fd = this.fd;
if (Socket.type(fd) !== 'tcp')
return;
var address = Socket.peerAddress(fd);
if (address === null)
return;
console.log(fd, ex.name, address.ip + ':' + address.port);
}
});
}
});
});
```
```sh ```sh
# wrap the script above inside Java.perform
$ frida -Uf com.example.app -l script.js --no-pause $ frida -Uf com.example.app -l script.js --no-pause
[Android Model-X::com.example.app]-> 117 write 5.0.2.1:5242 [Android Model-X::com.example.app]-> 117 write 5.0.2.1:5242
117 read 5.0.2.1:5242 117 read 5.0.2.1:5242