Skip to content

Debugging friTap

Jump to bottom
monkeywave edited this page Oct 11, 2022 · 9 revisions

When we want to debug our friTap script we have at first compile our changes to the friTap-agent script _ssl_log.js. For this run our docker compiling instance from the repo root folder:

$ ./compile_agent.sh

Alternative just run frida-compile:

$ ./frida-compile agent/ssl_log.ts -o friTap/_ssl_log.js

Next we have to run friTap with the -d-flag (debug flag) which allows:

  • printing content to the terminal via the devlog()-statement from the Typescript code
  • starting friTap with the Chrome Inspector server running on port 1337

Here an example running friTap to debug its agent (_ssl_log.js) while hooking thunderbird:

sudo -E ./friTap.py -d -v -p mypthunderpcap.pcap 18813
Start logging
Press Ctrl+C to stop logging.
[*] Running Script

[!] running in debug mode
[!] Chrome Inspector server listening on port 1337

[*] libnspr4.so found & will be hooked on Linux!
[***] Found PR_Write 0x7f20710cd450
[***] Found PR_Read 0x7f20710cd440
[***] Found PR_FileDesc2NativeHandle 0x7f20710e6dd0
[***] Found PR_GetPeerName 0x7f20710cd5d0
[***] Found PR_GetSockName 0x7f20710cd5c0
[***] Found PR_GetNameForIdentity 0x7f20710ce680
[***] Found PR_GetDescType 0x7f20710cd420
[***] Found PK11_ExtractKeyValue 0x7f2071055140
[***] Found PK11_GetKeyData 0x7f20710551f0
[***] Found SSL_ImportFD 0x7f2070e55060
[***] Found SSL_GetSessionID 0x7f2070e4fed0
[***] Found SSL_HandshakeCallback 0x7f2070e4ed90
[***] Found getpeername 0x7f207145c730
[***] Found getsockname 0x7f207145c760
[***] Found ntohs 0x7f207146b780
[***] Found ntohl 0x7f207146b770
[*] Linux dynamic loader hooked.
[*] Logging TLS plaintext as pcap to mypthunderpcap.pcap

Next we can start the Chrome Browser and invoking the debug tools:

chrome://inspect

There we open at first Discover network targets in order to add another port for target discovery:

Set it to 127.0.0.1:1337:

Now we should already see a difference below. Next we open the DevTools for Node by click at Open dedicated DevTools for Node:

In a new window we should now see - depending on the preferences - an empty window or the running agent script (here inside Chrome Inspector called _script1 the following debug window:

In this window we can set breakpoints and pause the execution. Unfortunately Chrome Inspector is not able to resolve to the right path when a breakpoint gets hit.

As a result, we may not even realize that our breakpoints are being hit. Here it might help to have a close look into the debug window:

But beside this everything works as expected. Therefore we can still see the call stack and the value of the current variables.

In order to see during debugging the contents we can add our friTap folder from the filesystem:

A general introduction into the Chrome Inspector for debugging can be found here.

Debugging

Clone this wiki locally