Frida 的使用
编辑于 2022-02-09 13:22:23 阅读 1838
#版本选择很重要
frida 12.11.18
frida-tools 5.3.0
frida-server 12.8.10
服务端(如手机
android 手机需要root,或直接用模拟器
#下载frida-server,需要选择对应的版本1️⃣
https://github.com/frida/frida/releases
#传到手机上
adb push frida-server /data/local
adb shell
cd /data/local
chmod 777 frida-server
./frida-server
客户端(如本机
pip3 install frida
pip3 install frida-tools
#或者安装指定版本
pip3 install frida==12.11.18 -i https://pypi.tuna.tsinghua.edu.cn/simple/
pip3 install frida-tools==5.3.0 -i https://pypi.tuna.tsinghua.edu.cn/simple/
#端口转发
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043
获取sslkey
确保手机端已经启动frida-server服务,然后本机执行
frida -U -f net.cuiwei.xiangle -l ./sslkeyfilelog.js --no-pause
如果没意外,即可看到如下输出
如上图,把选中的内容即sslkey,保存到sslkey.txt,最后添加到Wireshark即可
sslkeyfilelog.js
function startTLSKeyLogger(SSL_CTX_new, SSL_CTX_set_keylog_callback) {
console.log("start----")
function keyLogger(ssl, line) {
console.log(new NativePointer(line).readCString());
}
const keyLogCallback = new NativeCallback(keyLogger, 'void', ['pointer', 'pointer']);
Interceptor.attach(SSL_CTX_new, {
onLeave: function(retval) {
const ssl = new NativePointer(retval);
const SSL_CTX_set_keylog_callbackFn = new NativeFunction(SSL_CTX_set_keylog_callback, 'void', ['pointer', 'pointer']);
SSL_CTX_set_keylog_callbackFn(ssl, keyLogCallback);
}
});
}
startTLSKeyLogger(
Module.findExportByName('libssl.so', 'SSL_CTX_new'),
Module.findExportByName('libssl.so', 'SSL_CTX_set_keylog_callback')
)
// https://codeshare.frida.re/@k0nserv/tls-keylogger/
1️⃣选择frida-server 模拟器一般是x86架构,需要下载 frida-server-12.9.8-android-x86.xz
真机一般是arm架构,需要下载frida-server-12.9.8-android-arm.xz
查看系统架构
adb shell
su
cat /proc/cupinfo
或者
adb shell getprop ro.product.cpu.abi