Frida 的使用

发布于 2022-02-09 13:22 阅读 1247
#版本选择很重要
frida              12.11.18
frida-tools        5.3.0
frida-server       12.8.10

服务端(如手机

android 手机需要root,或直接用模拟器

#下载frida-server,需要选择对应的版本1️⃣ 
https://github.com/frida/frida/releases

#传到手机上
adb push frida-server /data/local

adb shell
cd /data/local
chmod 777 frida-server
./frida-server

客户端(如本机

pip3 install frida
pip3 install frida-tools

#或者安装指定版本
pip3 install frida==12.11.18 -i https://pypi.tuna.tsinghua.edu.cn/simple/
pip3 install frida-tools==5.3.0 -i https://pypi.tuna.tsinghua.edu.cn/simple/

#端口转发
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043

获取sslkey

确保手机端已经启动frida-server服务,然后本机执行

frida -U -f net.cuiwei.xiangle -l ./sslkeyfilelog.js --no-pause

如果没意外,即可看到如下输出

WX202202091213182x.png

如上图,把选中的内容即sslkey,保存到sslkey.txt,最后添加到Wireshark即可

sslkeyfilelog.js

function startTLSKeyLogger(SSL_CTX_new, SSL_CTX_set_keylog_callback) {
    console.log("start----")
    function keyLogger(ssl, line) {
        console.log(new NativePointer(line).readCString());
    }
    const keyLogCallback = new NativeCallback(keyLogger, 'void', ['pointer', 'pointer']);

    Interceptor.attach(SSL_CTX_new, {
        onLeave: function(retval) {
            const ssl = new NativePointer(retval);
            const SSL_CTX_set_keylog_callbackFn = new NativeFunction(SSL_CTX_set_keylog_callback, 'void', ['pointer', 'pointer']);
            SSL_CTX_set_keylog_callbackFn(ssl, keyLogCallback);
        }
    });
}
startTLSKeyLogger(
    Module.findExportByName('libssl.so', 'SSL_CTX_new'),
    Module.findExportByName('libssl.so', 'SSL_CTX_set_keylog_callback')
)
// https://codeshare.frida.re/@k0nserv/tls-keylogger/

1️⃣选择frida-server 模拟器一般是x86架构,需要下载 frida-server-12.9.8-android-x86.xz

真机一般是arm架构,需要下载frida-server-12.9.8-android-arm.xz

查看系统架构

adb shell 
su
cat /proc/cupinfo
或者
adb shell getprop ro.product.cpu.abi

参考

https://www.cnblogs.com/gqv2009/p/13612157.html

https://blog.csdn.net/qq_39551311/article/details/111184961

广而告之,我的新作品《语音助手》上架Google Play了,欢迎下载体验