Skip to content

Commit

Permalink
minor updates in the standalone template
Browse files Browse the repository at this point in the history
  • Loading branch information
@monkeywave
monkeywave committed Oct 21, 2022
1 parent cfda1dc commit 3944dcb
Showing 1 changed file with 28 additions and 14 deletions.
42 changes: 28 additions & 14 deletions create_standalone_release/friTap_release_template.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
filename = ""
tmpdir = ""
pcap_obj = None
frida_agent_script = "_ssl_log.js"

# Names of all supported read functions:
SSL_READ = ["SSL_read", "wolfSSL_read", "readApplicationData", "NSS_read","Full_read"]
Expand Down Expand Up @@ -68,7 +69,7 @@ def cleanup(live=False, socket_trace=False, full_capture=False, debug_output=Fal
print("[*] traced sockets: "+str(traced_scapy_socket_Set))
pcap_obj.create_application_traffic_pcap(traced_scapy_socket_Set)

print("\nThx for using friTap\nHave a nice day\n")
print("\n\nThx for using friTap\nHave a nice day\n")
os._exit(0)


Expand Down Expand Up @@ -99,9 +100,14 @@ def temp_fifo():
print(f'Failed to create FIFO: {e}')


def ssl_log(app, pcap_name=None, verbose=False, spawn=False, keylog=False, enable_spawn_gating=False, mobile=False, live=False, environment_file=None, debug_output=False,full_capture=False, socket_trace=False, host=False, offsets=None):
def ssl_log(app, pcap_name=None, verbose=False, spawn=False, keylog=False, enable_spawn_gating=False, mobile=False, live=False, environment_file=None, debug_mode=False,full_capture=False, socket_trace=False, host=False, offsets=None, debug_output=False):
global debug
debug = debug_output
debug = debug_mode

def on_detach(reason):
print(f"\n[*] Target process stopped: {reason}\n")
cleanup(live,socket_trace,full_capture,debug)



def on_message(message, data):
Expand All @@ -124,7 +130,7 @@ def on_message(message, data):
return
if p["contentType"] == "console":
print("[*] " + p["console"])
if debug_output:
if debug_mode or debug_output:
if p["contentType"] == "console_dev" and p["console_dev"]:
if len(p["console_dev"]) > 3:
print("[***] " + p["console_dev"])
Expand Down Expand Up @@ -197,14 +203,16 @@ def on_spawn_added(spawn):

def instrument(process):
runtime="qjs"
debug_port = 1337
if debug:
if frida.__version__ < "16":
process.enable_debugger(1337)
process.enable_debugger(debug_port)
print("\n[!] running in debug mode")
print("[!] Chrome Inspector server listening on port 1337\n")
print(f"[!] Chrome Inspector server listening on port {debug_port}")
print("[!] Open Chrome with chrome://inspect for debugging\n")
runtime="v8"

with open(os.path.join(here, '_ssl_log.js')) as f:
with open(os.path.join(here, '_ssl_log.js'), encoding='utf8', newline='\n') as f:
script_string = f.read()

if offsets_data is not None:
Expand All @@ -214,13 +222,18 @@ def instrument(process):
script = process.create_script(script_string, runtime=runtime)

if debug and frida.__version__ >= "16":
script.enable_debugger(1337)
script.enable_debugger(debug_port)
script.on("message", on_message)
script.load()
script.on('detached', on_detach)

# Main code
global pcap_obj
global offsets_data
global frida_agent_script

if frida.__version__ < "16":
frida_agent_script = "_ssl_log_legacy.js"

if mobile:
device = frida.get_usb_device()
Expand Down Expand Up @@ -252,7 +265,7 @@ def instrument(process):
print("spawning "+ app)

if full_capture and pcap_name:
pcap_obj = pcap.PCAP(pcap_name,SSL_READ,SSL_WRITE,full_capture, mobile,debug_output)
pcap_obj = pcap.PCAP(pcap_name,SSL_READ,SSL_WRITE,full_capture, mobile,debug_mode)

if mobile or host:
pid = device.spawn(app)
Expand All @@ -277,17 +290,16 @@ def instrument(process):
print(
f'[*] Now open this named pipe with Wireshark in another terminal: sudo wireshark -k -i {fifo_file}')
print(f'[*] friTap will continue after the named pipe is ready....\n')
pcap_obj = pcap.PCAP(fifo_file,SSL_READ,SSL_WRITE,full_capture, mobile,debug_output)
pcap_obj = pcap.PCAP(fifo_file,SSL_READ,SSL_WRITE,full_capture, mobile,debug_mode)

elif pcap_name:
pcap_obj = pcap.PCAP(pcap_name,SSL_READ,SSL_WRITE,full_capture, mobile,debug_output)
pcap_obj = pcap.PCAP(pcap_name,SSL_READ,SSL_WRITE,full_capture, mobile,debug_mode)


if keylog:
keylog_file = open(keylog, "w")

print("Press Ctrl+C to stop logging.")
print('[*] Running Script')
instrument(process)
if pcap_name and full_capture:
print(f'[*] Logging pcap to {pcap_name}')
Expand Down Expand Up @@ -340,7 +352,9 @@ def main():
args.add_argument("-H", "--host", metavar="<ip:port>", required=False,
help="Attach to a process on remote frida device")
args.add_argument("-d", "--debug", required=False, action="store_const", const=True,
help="Set the debug output of friTap")
help="Set friTap into debug mode this include debug output as well as a listening Chrome Inspector server for remote debugging.")
args.add_argument("-do", "--debugoutput", required=False, action="store_const", const=True,
help="Activate the debug output only.")
args.add_argument("-f", "--full_capture", required=False, action="store_const", const=True, default=False,
help="Do a full packet capture instead of logging only the decrypted TLS payload. Set pcap name with -p <PCAP name>")
args.add_argument("-k", "--keylog", metavar="<path>", required=False,
Expand Down Expand Up @@ -372,7 +386,7 @@ def main():
try:
print("Start logging")
ssl_log(parsed.exec, parsed.pcap, parsed.verbose,
parsed.spawn, parsed.keylog, parsed.enable_spawn_gating, parsed.mobile, parsed.live, parsed.environment, parsed.debug, parsed.full_capture, parsed.socket_tracing, parsed.host, parsed.offsets)
parsed.spawn, parsed.keylog, parsed.enable_spawn_gating, parsed.mobile, parsed.live, parsed.environment, parsed.debug, parsed.full_capture, parsed.socket_tracing, parsed.host, parsed.offsets, parsed.debugoutput)

except Exception as ar:
print(ar)
Expand Down

0 comments on commit 3944dcb

Please sign in to comment.