Skip to content

Commit

Permalink
fixes in the offset feature of friTap
Browse files Browse the repository at this point in the history
  • Loading branch information
@monkeywave
monkeywave committed Sep 30, 2024
1 parent f7bd299 commit 3c5ee27
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 7 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
</p>

# friTap
![version](https://img.shields.io/badge/version-1.2.1.0-blue) [![PyPI version](https://d25lcipzij17d.cloudfront.net/badge.svg?id=py&r=r&ts=1683906897&type=6e&v=1.2.1.0&x2=0)](https://badge.fury.io/py/friTap)
![version](https://img.shields.io/badge/version-1.2.1.1-blue) [![PyPI version](https://d25lcipzij17d.cloudfront.net/badge.svg?id=py&r=r&ts=1683906897&type=6e&v=1.2.1.1&x2=0)](https://badge.fury.io/py/friTap)

The goal of this project is to help researchers to analyze traffic encapsulated in SSL or TLS. For details have a view into the [OSDFCon webinar slides](assets/friTapOSDFConwebinar.pdf) or in [this blog post](https://lolcads.github.io/posts/2022/08/fritap/).

Expand Down
5 changes: 5 additions & 0 deletions agent/ssl_log.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,11 @@ export let patterns: string = "{PATTERNS}";
/*
Our way to get the JSON strings into the loaded frida script
*/
send("offset_hooking")
const enable_offset_based_hooking_state = recv('offset_hooking', value => {
offsets = value.payload;
});
enable_offset_based_hooking_state.wait();

send("pattern_hooking")
const enable_pattern_based_hooking_state = recv('pattern_hooking', value => {
Expand Down
11 changes: 8 additions & 3 deletions friTap/_ssl_log.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
📦
2469 /agent/ssl_log.js.map
3329 /agent/ssl_log.js
2651 /agent/ssl_log.js.map
3504 /agent/ssl_log.js
2755 /agent/android/android_agent.js.map
3270 /agent/android/android_agent.js
937 /agent/android/android_java_tls_libs.js.map
Expand Down Expand Up @@ -88,7 +88,7 @@
1292 /agent/windows/wolfssl_windows.js.map
1426 /agent/windows/wolfssl_windows.js
{"version":3,"file":"ssl_log.js","sourceRoot":"/Users/danielbaier/research/projects/github/issues/2024 fritap issues/friTap/","sources":["agent/ssl_log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AACxF,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAEpC,6GAA6G;AAC5G,MAAc,CAAC,cAAc,GAAG,EAAE,CAAC;AACnC,MAAc,CAAC,cAAc,GAAG,CAAC,CAAC;AA2EnC,YAAY;AACZ,MAAM,CAAC,IAAI,OAAO,GAAa,WAAW,CAAC;AAC3C,YAAY;AACZ,MAAM,CAAC,IAAI,YAAY,GAAY,KAAK,CAAC;AACzC,YAAY;AACZ,MAAM,CAAC,IAAI,SAAS,GAAY,KAAK,CAAC;AACtC,YAAY;AACZ,MAAM,CAAC,IAAI,iBAAiB,GAAY,KAAK,CAAC;AAC9C,YAAY;AACZ,MAAM,CAAC,IAAI,QAAQ,GAAW,YAAY,CAAC;AAE3C;;EAEE;AAEF,IAAI,CAAC,iBAAiB,CAAC,CAAA;AACvB,MAAM,kCAAkC,GAAG,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAAE;IACvE,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC;AAC7B,CAAC,CAAC,CAAC;AACH,kCAAkC,CAAC,IAAI,EAAE,CAAC;AAG1C;;EAEE;AAEF,IAAI,CAAC,WAAW,CAAC,CAAA;AACjB,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE;IACtD,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC;AACtC,CAAC,CAAC,CAAC;AACH,uBAAuB,CAAC,IAAI,EAAE,CAAC;AAG/B,IAAI,CAAC,cAAc,CAAC,CAAA;AACpB,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,EAAE;IAChD,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;AACjC,CAAC,CAAC,CAAC;AACH,cAAc,CAAC,IAAI,EAAE,CAAC;AAEtB,IAAI,CAAC,MAAM,CAAC,CAAA;AACZ,MAAM,mBAAmB,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;IACjD,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC;AAC9B,CAAC,CAAC,CAAC;AACH,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAA,KAAK;AAIhC;;;;;;;EAOE;AAGF,MAAM,UAAU,UAAU;IACtB,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,iBAAiB;IAC7B,gHAAgH;IAChH,OAAO,QAAQ,CAAC,MAAM,GAAG,EAAE,CAAC;AAChC,CAAC;AAGD,SAAS,sBAAsB;IAC3B,IAAG,SAAS,EAAE,EAAC;QACX,GAAG,CAAC,2BAA2B,CAAC,CAAA;QAChC,0BAA0B,EAAE,CAAA;KAC/B;SAAK,IAAG,SAAS,EAAE,EAAC;QACjB,GAAG,CAAC,2BAA2B,CAAC,CAAA;QAChC,IAAG,SAAS,EAAC;YACT,GAAG,CAAC,2BAA2B,CAAC,CAAC;YACjC,iBAAiB,EAAE,CAAC;SACvB;QACD,0BAA0B,EAAE,CAAA;KAC/B;SAAK,IAAG,OAAO,EAAE,EAAC;QACf,GAAG,CAAC,yBAAyB,CAAC,CAAA;QAC9B,wBAAwB,EAAE,CAAA;KAC7B;SAAK,IAAG,KAAK,EAAE,EAAC;QACb,GAAG,CAAC,uBAAuB,CAAC,CAAA;QAC5B,sBAAsB,EAAE,CAAA;KAC3B;SAAK,IAAG,OAAO,EAAE,EAAC;QACf,GAAG,CAAC,yBAAyB,CAAC,CAAA;QAC9B,wBAAwB,EAAE,CAAA;KAC7B;SAAI;QACD,GAAG,CAAC,qCAAqC,CAAC,CAAA;QAC1C,GAAG,CAAC,0HAA0H,CAAC,CAAA;KAClI;AAEL,CAAC;AAED,sBAAsB,EAAE,CAAA"}
{"version":3,"file":"ssl_log.js","sourceRoot":"/Users/danielbaier/research/projects/github/issues/2024 fritap issues/friTap/","sources":["agent/ssl_log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AACxF,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAEpC,6GAA6G;AAC5G,MAAc,CAAC,cAAc,GAAG,EAAE,CAAC;AACnC,MAAc,CAAC,cAAc,GAAG,CAAC,CAAC;AA2EnC,YAAY;AACZ,MAAM,CAAC,IAAI,OAAO,GAAa,WAAW,CAAC;AAC3C,YAAY;AACZ,MAAM,CAAC,IAAI,YAAY,GAAY,KAAK,CAAC;AACzC,YAAY;AACZ,MAAM,CAAC,IAAI,SAAS,GAAY,KAAK,CAAC;AACtC,YAAY;AACZ,MAAM,CAAC,IAAI,iBAAiB,GAAY,KAAK,CAAC;AAC9C,YAAY;AACZ,MAAM,CAAC,IAAI,QAAQ,GAAW,YAAY,CAAC;AAE3C;;EAEE;AACF,IAAI,CAAC,gBAAgB,CAAC,CAAA;AACtB,MAAM,iCAAiC,GAAG,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,EAAE;IACrE,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;AAC5B,CAAC,CAAC,CAAC;AACH,iCAAiC,CAAC,IAAI,EAAE,CAAC;AAEzC,IAAI,CAAC,iBAAiB,CAAC,CAAA;AACvB,MAAM,kCAAkC,GAAG,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,EAAE;IACvE,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC;AAC7B,CAAC,CAAC,CAAC;AACH,kCAAkC,CAAC,IAAI,EAAE,CAAC;AAG1C;;EAEE;AAEF,IAAI,CAAC,WAAW,CAAC,CAAA;AACjB,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE;IACtD,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC;AACtC,CAAC,CAAC,CAAC;AACH,uBAAuB,CAAC,IAAI,EAAE,CAAC;AAG/B,IAAI,CAAC,cAAc,CAAC,CAAA;AACpB,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,EAAE;IAChD,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;AACjC,CAAC,CAAC,CAAC;AACH,cAAc,CAAC,IAAI,EAAE,CAAC;AAEtB,IAAI,CAAC,MAAM,CAAC,CAAA;AACZ,MAAM,mBAAmB,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;IACjD,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC;AAC9B,CAAC,CAAC,CAAC;AACH,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAA,KAAK;AAIhC;;;;;;;EAOE;AAGF,MAAM,UAAU,UAAU;IACtB,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,iBAAiB;IAC7B,gHAAgH;IAChH,OAAO,QAAQ,CAAC,MAAM,GAAG,EAAE,CAAC;AAChC,CAAC;AAGD,SAAS,sBAAsB;IAC3B,IAAG,SAAS,EAAE,EAAC;QACX,GAAG,CAAC,2BAA2B,CAAC,CAAA;QAChC,0BAA0B,EAAE,CAAA;KAC/B;SAAK,IAAG,SAAS,EAAE,EAAC;QACjB,GAAG,CAAC,2BAA2B,CAAC,CAAA;QAChC,IAAG,SAAS,EAAC;YACT,GAAG,CAAC,2BAA2B,CAAC,CAAC;YACjC,iBAAiB,EAAE,CAAC;SACvB;QACD,0BAA0B,EAAE,CAAA;KAC/B;SAAK,IAAG,OAAO,EAAE,EAAC;QACf,GAAG,CAAC,yBAAyB,CAAC,CAAA;QAC9B,wBAAwB,EAAE,CAAA;KAC7B;SAAK,IAAG,KAAK,EAAE,EAAC;QACb,GAAG,CAAC,uBAAuB,CAAC,CAAA;QAC5B,sBAAsB,EAAE,CAAA;KAC3B;SAAK,IAAG,OAAO,EAAE,EAAC;QACf,GAAG,CAAC,yBAAyB,CAAC,CAAA;QAC9B,wBAAwB,EAAE,CAAA;KAC7B;SAAI;QACD,GAAG,CAAC,qCAAqC,CAAC,CAAA;QAC1C,GAAG,CAAC,0HAA0H,CAAC,CAAA;KAClI;AAEL,CAAC;AAED,sBAAsB,EAAE,CAAA"}
import { load_android_hooking_agent } from "./android/android_agent.js";
import { load_ios_hooking_agent } from "./ios/ios_agent.js";
Expand All @@ -114,6 +114,11 @@ export let patterns = "{PATTERNS}";
/*
Our way to get the JSON strings into the loaded frida script
*/
send("offset_hooking");
const enable_offset_based_hooking_state = recv('offset_hooking', value => {
offsets = value.payload;
});
enable_offset_based_hooking_state.wait();
send("pattern_hooking");
const enable_pattern_based_hooking_state = recv('pattern_hooking', value => {
patterns = value.payload;
Expand Down
2 changes: 1 addition & 1 deletion friTap/about.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
# -*- coding: utf-8 -*-

__author__ = "Daniel Baier, Francois Egner, Max Ufer"
__version__ = "1.2.1.0"
__version__ = "1.2.1.1"
debug = False # are we running in debug mode?
4 changes: 3 additions & 1 deletion friTap/ssl_logger.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,9 @@ def on_message(self, message, data):

if self.startup and message['payload'] == 'pattern_hooking':
script.post({'type':'pattern_hooking', 'payload': self.pattern_data})

if self.startup and message['payload'] == 'offset_hooking':
script.post({'type':'offset_hooking', 'payload': self.offsets_data})

if self.startup and message['payload'] == 'anti':
script.post({'type':'antiroot', 'payload': self.anti_root})
Expand Down Expand Up @@ -222,7 +225,6 @@ def instrument(self, process):

if self.offsets_data is not None:
print(f"[*] applying hooks at offset {self.offsets_data}")
#script_string = script_string.replace('"{OFFSETS}"', "'"+self.offsets_data+"'")


if self.pattern_data is not None:
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "friTap",
"version": "1.2.1.0",
"version": "1.2.1.1",
"description": "Frida agent for logging SSL traffic as plaintext and extracting SSL keys",
"private": true,
"main": "agent/ssl_log.ts",
Expand Down

0 comments on commit 3c5ee27

Please sign in to comment.