federicodotta / brida Goto Github PK

View Code? Open in Web Editor NEW

1.6K 1.6K 205.0 46.59 MB

The new bridge between Burp Suite and Frida!

License: MIT License

JavaScript 31.25% Python 0.83% Java 67.93%

brida's People

Contributors

Stargazers

Watchers

Forkers

siowcy nx4dm1n gmxp 0x7678 tardummy01 chickenlove ziv0chou filipesam 3206614665 tuian olivierh59500 jjsmida h0k5 f0829 lw1988 portswigger moss1993 minkione webvul zminjiao uvbs vaginessa shuixi2013 mustash loomosoa y3dips jadesnow harry1080 bravery9 peterg75 pspace rockystevejobs jaikishantulswani shantanu561993 kobs0n kernullist elamaran619 dextersmith secoba arryboom magma2 dark-lbp h3ll0w0lrd ashr yaeger zbx91 tsug0d dcmjid buyne l3ngd0n xiaolushuo swarupsro primekun marin111 arongmh pharazone liberatorqjw widy28 luisit0 jimilong 0x1234567890-0x1234567890 ghostrong1983 ldbfpiaoran hello-xbugs i0v0i yuknight rickycabugawan blackap3rture doanhnhq-uit johndoex1 tabriz83 raystyle manojsingh-ceh david3107 qianniaoge zxhubo nbg0x1 a1kaid mr-m0nst3r 26597925 haidragon adibdz jacobi2017 kingking888 crackercat skfly007 xstpl mysctzy oschvr jax777 klmitchell2 jifffffy ghostfevil re-expoc hehacks ggulgun heruix idkwim cqxstevexw mohamedmajid91

brida's Issues

Spwan Application Error

While trying to SPAWN the Application I am getting an exception

Exception with spawn application java.lang.ClassCastException: java.lang.Integer cannot be cast to java.lang.String net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)

Exception with spawn application net.razorvine.pyro.PyroException

System Version: Mac OS

Mobile Version: iOS 11.2.6(jailbroken)

Python Version:2.7(Installed Pyro4)

Brida Version:

Exception Info:

Brida Android LoadTree (sudden) failure

Hi,

I've been playing around with Brida for a few days. Great tool and ideas by the way, thanks for your work.

I modified something in the JS file and it crashed Brida. This isn't too new but this time it doesn't recover.

I've tried rebooting my PC, phone, reinstalling Frida, pyro, brida (2, I'm unable to build 3 properly).

Everything is set the same, I've redownloaded the scriptBrida.js and gone for 'a clean slate' but something seems to persist somewhere.

When I press Load Tree, I get the following stack trace:

Exception with load tree
net.razorvine.pyro.PyroException:[Frida.InvalidOperationError] script is destroyed
net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32)

Pastebin.com/thHyja6k

For the full trace.

I've tried googling but didn't find this exact issue. It was sudden as well. LoadTree was working fine, I probably chose some bad way to enumerate classes and methods+types in the JS or similar, it hanged and then this is persistent.

Thanks for any help, I really miss playing around

'Execute Method' not working

Hi,

I am using Brida to investigate an android app.

After analyzing the binary, I found below two functions are responsible for encrypting and decrypting the request/response.

java.lang.String com.package.company.a.b(java.lang.String,java.lang.String,java.lang.String)
java.lang.String com.package.company.a.c(java.lang.String,java.lang.String,java.lang.String)

I had written my own functions in 'JS Editor'.

	encryptrequest: function(param1,param2,param3) {
		Java.perform(function(param1,param2,param3){
			//console.log(1);
			var myclass = Java.use("com.package.company.a");
			
			myclass.b.overload('java.lang.String','java.lang.String','java.lang.String').implementation=function(param1,param2,param3){
				console.log(param1);
				console.log(param2);
				console.log(param3);
				retval=this.b(param1,param2,param3);
				console.log(retval);
				return retval;
			}

		})
	},
	decryptrequest: function(param1,param2,param3) {
		Java.perform(function(param1,param2,param3){
			//console.log(1);
			var myclass = Java.use("com.package.company.a");
			
			myclass.c.overload('java.lang.String','java.lang.String','java.lang.String').implementation=function(param1,param2,param3){
				console.log(param1);
				console.log(param2);
				console.log(param3);
				retval=this.c(param1,param2,param3);
				console.log(retval);
				return retval;
				
			}

		})
	},

Then, I added arguments one by one into 'Argument List' in Tab - 'Execute method'.

plaintext
mykey
myiv

However, when I clicked button - 'Execute Method', I got

Reloading script executed  
*** Output encryptrequest:
null

java.lang.ClassNotFoundException in brida js code

Hi @federicodotta ,

Thanks for making this awesome tool, really loving it 😉 .

I am trying to load a function from one of the Java class, for test purpose I even tried doing it from java.lang.string class, toUpperCase function.

I changed the second context option as following :

contextcustom2: function(message) {
   console.log("2 : "+message);
   if(Java.available){
	   var hexDecodeInput = hexToString(message);
    	   var payloadRequestClass = Java.use("java.lang.String");
	   var encryptedPayload = payloadRequestClass.toUpperCase_(hexDecodeInput).toString();
 	   return stringToHex(encryptedPayload);
}

I used toUpperCase_ as shown in your demo at HITB Amsterdam.

Now, I am a total noob, at this so if something's wrong or not done properly, please redirect me to the appropriate resource ( Frida's documentation for android is very very limited AFAIK, maybe I read the wrong page ).

The error being :

java.lang.ClassNotFoundException: Didn't find class "java.lang.string" on path: DexPathList[[directory "."],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]]

Here's the stacktrace :

Exception with custom context application net.razorvine.pyro.PyroException: [frida.core.RPCException] java.lang.ClassNotFoundException: Didn't find class "java.lang.string" on path: DexPathList[[directory "."],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]] net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32)
net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58)
net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69)
net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8)
net.razorvine.serpent.ast.Ast.accept(Ast.java:51)
net.razorvine.serpent.ast.Ast.getData(Ast.java:45) 
net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47)
net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) 
net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) 
burp.BurpExtender.actionPerformed(BurpExtender.java:1474) 
javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) 
javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) 
javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) 
javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) 
javax.swing.AbstractButton.doClick(AbstractButton.java:376) 
javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:842) 
javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:886)
java.awt.Component.processMouseEvent(Component.java:6533)
javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
java.awt.Component.processEvent(Component.java:6298)
java.awt.Container.processEvent(Container.java:2238)
java.awt.Component.dispatchEventImpl(Component.java:4889)
java.awt.Container.dispatchEventImpl(Container.java:2296)
java.awt.Component.dispatchEvent(Component.java:4711)
java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4897)
java.awt.LightweightDispatcher.processMouseEvent(Container.java:4534)
java.awt.LightweightDispatcher.dispatchEvent(Container.java:4475)
java.awt.Container.dispatchEventImpl(Container.java:2282)
java.awt.Window.dispatchEventImpl(Window.java:2746)
java.awt.Component.dispatchEvent(Component.java:4711)
java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
java.awt.EventQueue.access$500(EventQueue.java:97)
java.awt.EventQueue$3.run(EventQueue.java:709)
java.awt.EventQueue$3.run(EventQueue.java:703)
java.security.AccessController.doPrivileged(Native Method)
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:733)
java.awt.EventQueue$4.run(EventQueue.java:731)
java.security.AccessController.doPrivileged(Native Method)
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
org.GNOME.Accessibility.AtkWrapper$6.dispatchEvent(AtkWrapper.java:715)
java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116
java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Thanks a lot.

Execute Method not working

Hi, I'm using Brida to hook Android app.
After decrypt I have this code:

final String b() throws Exception {}
    .....
    return v0;

public final void b(Application arg6) {}

and this is my js function which is get String from b():

tokenfunc: function (a) {
    Java.perform(function () {
        var es_hook = Java.use("es");
        es_hook.b.overload().implementation = function () {
            var result = this.b();
            return result;
        };
    });
},

It's not work in Brida(Output always null), but when I use Frida, It's work fine. Please tell me why. Thanks.

how Android overload().implementation call

Thanks.

No Analysis on Android Application

Hi @federicodotta ,

It's a great tool, you've made.

I was watching your video on this in HITB conference, Amsterdam. You said it doesn't support JAVA methods cause of limitations to Frida API, is it still the case , cause I see nothing when I open the Analyze Binary tab.

parseNetworkResponse is a function in the android APK, which I tried searching but couldn't find.

If it's the case, then how should I go on with analyzing android APKs ?

Any help/ideas on that would be great.

Testing Setup
Brida v0.3
Frida 12.4.0
Android arm64

I tried objection framework and I can run using the same frida version, however I am getting nothing in this case.

It's running in Frida local mode, connected through USB cable as suggested in the article brida-a-step-by-step-user-guide.

Thanks.

Brida.jar file not found

Hi, i read the article in https://www.reddit.com/r/netsec/
but while searching the brida.jar file in downloaded zip not found. can you please provide it.

Exception with getting info Android/iOS

Hello there
I have a rooted android device,followed the installation guide
but i have these exceptions

Exception with getting info Android/iOS net.razorvine.pyro.PyroException: [frida.core.RPCException] unable to find method 'getplatform' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1265) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Spawn Application Error: iOS

Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] unable to launch iOS app: The operation couldnâ��t be completed. (FBSOpenApplicationErrorDomain error 1.) net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69)

Tried on an iOS 64 bit device to see if that was the issue and it crashes immediately.

Anyone have any ideas on what this could be?

My android setup works perfectly fine.

frida-compile Running error

Macos Brida running error：

Exception during frida-compile java.io.IOException: Cannot run program "/usr/local/bin/": error=13, Permission denied java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) java.lang.Runtime.exec(Runtime.java:620) java.lang.Runtime.exec(Runtime.java:485) burp.BurpExtender.compileFridaCode(BurpExtender.java:2319) burp.BurpExtender.actionPerformed(BurpExtender.java:2885) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)

frida-compile normal operation：

Can't Start Pyro Server

In Console.

Exception starting Pyro server
java.util.concurrent.TimeoutException java.util.concurrent.FutureTask.get(FutureTask.java:205)
burp.BurpExtender.launchPyroServer(BurpExtender.java:914)
burp.BurpExtender.actionPerformed(BurpExtender.java:1367)
javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

My Machine
Darwin ch**** 17.5.0 Darwin Kernel Version 17.5.0: Fri Apr 13 19:32:32 PDT 2018; root:xnu-4570.51.2~1/RELEASE_X86_64 x86_64

Pyro4
Requirement already satisfied: pyro4 in /usr/local/lib/python2.7/site-packages (4.71)

Frida
Requirement already satisfied: frida in /usr/local/lib/python2.7/site-packages (11.0.2)

Brida Conf
pythonPath:/usr/bin/python
pyroHost:localhost
pyroPort:9999
fridaPath:PATH-TO-BRIDA-JS/scriptBrida.js
applicationId:com.testme.mobile
remote:false
executeMethodName:
executeMethodSizeArguments:0

Other Info
Already Test For remote=true in brida conf.
Frida-Server in Android Up And Running From root.

Error When Spawning the application

Hi,

I found the error about node and frida-compile:
env: node: No such file or directory
Error during frida-compile. Aborting.

How should I do fix the issue. I tried to do several ways found on Stackoverflow's site but I still found the error.

problem in starting Pyro server

Hello,
I am using Brida on MacOS and burp suite pro version. I am getting the below error on running brida server. Could you please help me to resolve this?

Exception starting Pyro server java.util.concurrent.TimeoutException java.util.concurrent.FutureTask.get(FutureTask.java:205) burp.BurpExtender.launchPyroServer(BurpExtender.java:914) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

OS Details: Darwin Manish.local 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64

How to inspect all processes.

Hi, how I can inspect all processes in Android app? It'll be easy to find infomations. Thanks.

iOS 10.0.2 - Spawn issue (frida.PermissionDeniedError)

Hello guys,

great work on the tool by the way. Simplifies the testing so much. The tool works perfectly for me on iOS 9 on the iphone x64. However, on iOS 10.0.2 32bit, spawning application results in an error message:

Exception with spawn application net.razorvine.pyro.PyroException: [frida.PermissionDeniedError] unable to access process with pid 1 from the current user account net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)

Any help will be much appreciated :)

thanks!

Installation Fail

Hello Researcher,
I'm just trying to add Brida in burp-suite as you say, but after downloading Brida in ZIP format I haven't found BridaXX.jar file anywhere in folder. Pleas guide me through installation, I'm very excited to evaluate your cool invention

Android Exception with spawn application

It was happened when I clicked the Spawn application button:
Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] unable to find application with identifier 'com.xxx.xxx' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

And I tried to spawn the application directly with Frida , all is ok:

>>> frida.get_usb_device().attach('com.xxx.xxx')
Session(pid=9087)

And I modefied bridaServicePyro.py like this：

self.pid = self.device.get_process(self.application_id).pid
self.session = self.device.attach(self.application_id)

the same error . :(

Exception Starting Pyro Server

I got this error when starting brida.

Python version 2.7
Brida V0.3
frida (12.7.11) installed

**** Console cleared successfully **** Exception starting Pyro server java.util.concurrent.TimeoutException java.base/java.util.concurrent.FutureTask.get(FutureTask.java:204) burp.BurpExtender.launchPyroServer(BurpExtender.java:914) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967) java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308) java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405) java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262) java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279) java.desktop/java.awt.Component.processMouseEvent(Component.java:6632) java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342) java.desktop/java.awt.Component.processEvent(Component.java:6397) java.desktop/java.awt.Container.processEvent(Container.java:2263) java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918) java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4547) java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307) java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742) java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

Android analyze binary doesn't show binary hierarchy

Hi~

I use Brida 3.0 and it can start server and spawn app correctly.

*** Brida Console ***  
Pyro server started correctly  
Application com.android.chrome spawned correctly  
Platform: Android

However, in the "analyze binary" view, I can not see the binary hierarchy but only a single file named 'Binary'.

Thank you for your help.

return problem with execute method

Here's the class to inspect:
public static String encodeEncry(String jsonObject) throws UnsupportedEncodingException {

Here's the js code:

var res = null; // global var to get res
rpc.exports = {
	
	// BE CAREFUL: Do not use uppercase characters in exported function name (automatically converted lowercase by Pyro)
	
	myenc: function (param) {
		Java.perform(function () {
			var endec_class = Java.use("xxx.TransDataEncry");
			//res = "121212"; // got res
			var myinstance = endec_class.$new();
			res = myinstance.encodeEncry("123123123");
		});
		return res;
	},
}

Here's the exception from the console:

Exception with execute method net.razorvine.pyro.PyroException: [frida.core.RPCException] cannot read property 'then' of null net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1385) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Thank you!

How to call java function on Android

I write a java class that can encrypt string by aes.It has 2 main function, Encryption.encrypt(key, raw_string) and Encryption.decrypt(key, encrypt_string), and how can i use brida to call this 2 function to encrype message or decrypt message.
and the java source:



import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * Created by Administrator on 2017/7/30.
 */

public class Encryption {
    private final static String HEX = "0123456789ABCDEF";
    private  static final String CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";//AES是加密方式 CBC是工作模式 PKCS5Padding是填充模式
    private  static final String AES = "AES";//AES 加密
    private  static final String  SHA1PRNG="SHA1PRNG";//// SHA1PRNG 强随机种子算法, 要区别4.2以上版本的调用方法
    /*
     * 加密
     */
    public static String encrypt(String key, String cleartext) {
        if (cleartext.isEmpty()) {
            return cleartext;
        }
        try {
            byte[] result = encrypt(key, cleartext.getBytes());
            return bytesToHexString(result);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    /*
    * 加密
    */
    private static byte[] encrypt(String key, byte[] clear) throws Exception {
        byte[] raw = getRawKey(key.getBytes());
        SecretKeySpec skeySpec = new SecretKeySpec(raw, AES);
        Cipher cipher = Cipher.getInstance(CBC_PKCS5_PADDING);
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[cipher.getBlockSize()]));
        byte[] encrypted = cipher.doFinal(clear);
        return encrypted;
    }

    /*
     * 解密
     */
    public static String decrypt(String key, String encrypted) {
        if (encrypted.isEmpty()) {
            return encrypted;
        }
        try {
            byte[] enc = hexStringToBytes(encrypted);
            byte[] result = decrypt(key, enc);
            return new String(result);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    /*
     * 解密
     */
    private static byte[] decrypt(String key, byte[] encrypted) throws Exception {
        byte[] raw = getRawKey(key.getBytes());
        SecretKeySpec skeySpec = new SecretKeySpec(raw, AES);
        Cipher cipher = Cipher.getInstance(CBC_PKCS5_PADDING);
        cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(new byte[cipher.getBlockSize()]));
        byte[] decrypted = cipher.doFinal(encrypted);
        return decrypted;
    }

    /**



     * Convert byte[] to hex string.这里我们可以将byte转换成int，然后利用Integer.toHexString(int)来转换成16进制字符串。
     * @param src byte[] data
     * @return hex string
     */
    public static String bytesToHexString(byte[] src){
        StringBuilder stringBuilder = new StringBuilder("");
        if (src == null || src.length <= 0) {
            return null;
        }
        for (int i = 0; i < src.length; i++) {
            int v = src[i] & 0xFF;
            String hv = Integer.toHexString(v);
            if (hv.length() < 2) {
                stringBuilder.append(0);
            }
            stringBuilder.append(hv);
        }
        return stringBuilder.toString();
    }
    /**
     * Convert hex string to byte[]  
     * @param hexString the hex string  
     * @return byte[]
     */
    public static byte[] hexStringToBytes(String hexString) {
        if (hexString == null || hexString.equals("")) {
            return null;
        }
        hexString = hexString.toUpperCase();
        int length = hexString.length() / 2;
        char[] hexChars = hexString.toCharArray();
        byte[] d = new byte[length];
        for (int i = 0; i < length; i++) {
            int pos = i * 2;
            d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
        }
        return d;
    }
    /**
     * Convert char to byte  
     * @param c char  
     * @return byte
     */
    private static byte charToByte(char c) {
        return (byte) "0123456789ABCDEF".indexOf(c);
    }
    // 对密钥进行处理
    private static byte[] getRawKey(byte[] seed) throws Exception {
        KeyGenerator kgen = KeyGenerator.getInstance(AES);
        //for android
        SecureRandom sr = null;
        // 在4.2以上版本中，SecureRandom获取方式发生了改变
        if (android.os.Build.VERSION.SDK_INT >= 17) {
            sr = SecureRandom.getInstance(SHA1PRNG, "Crypto");
        } else {
            sr = SecureRandom.getInstance(SHA1PRNG);
        }
        // for Java
        // secureRandom = SecureRandom.getInstance(SHA1PRNG);
        sr.setSeed(seed);
        kgen.init(128, sr); //256 bits or 128 bits,192bits
        //AES中128位密钥版本有10个加密循环，192比特密钥版本有12个加密循环，256比特密钥版本则有14个加密循环。
        SecretKey skey = kgen.generateKey();
        byte[] raw = skey.getEncoded();
        return raw;
    }

}

Android Error Spawn application

Hello,
it's my first time trying Brida. Burp Suite v1.7.37 running on osX. Frida-server 12.2.18 arm64. The process Brida is trying to connect to is the Zygote process. The Application ID I'm trying to spawn is different. Mode set to Local.

I'm facing the following error:
**** Console cleared successfully **** Pyro server started correctly Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] unexpected error while attaching to process with pid 2110 net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Is this issue related with Brida or Frida? I'm able to attach Frida-trace to the Application without issues.

Thanks for chasing this one up.

how to start Brida server

I can successfully exec frida-ps -R ,

λ frida-ps -R                               
  PID  Name                                 
-----  -------------------------------------
 2287  10074:2279                           
18581  2000:18576                           
  688  20:0                                 
  456  277                                  
 1274  277                                  
  435  31:0                                 
 3143  31:0                                 
 3121  31:10074                             
13282  adbd                                 
 9797  android.process.acore                
18350  android.process.media                
  332  audiod                               
  245  callife                              
 5263  cn.wps.moffice_eng                   
 3778  cn.wps.moffice_eng:getuipushservice  
 5283  cn.wps.moffice_eng:pushservice

but I can't start the Brida server........

Analyze Binary EXCEption with load tree unable to find methd'get all classes'

How should I spawn an app in Android Emulator

Description

I am using GenyMotion. It has no problem by running.

frida -U 1234

However, Brida failed to launch the app.

Setting

frida local

Error Log


**** Console cleared successfully ****  Pyro server started correctly  Exception with spawn application net.razorvine.pyro.PyroException: [frida.TransportError] the connection is closed net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967) java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308) java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405) java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262) java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279) java.desktop/java.awt.Component.processMouseEvent(Component.java:6632) java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342) java.desktop/java.awt.Component.processEvent(Component.java:6397) java.desktop/java.awt.Container.processEvent(Container.java:2263) java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918) java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4547) java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307) java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742) java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)  Pyro server shutted down

Exception starting Pyro server

Burp Suite is being started with administrative rights on my Windows 10 machine.
The following error occurs when starting the server.

**** Console cleared successfully **** Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] java API not available net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source) Exception with getting info Android/iOS net.razorvine.pyro.PyroException: [exceptions.AttributeError] BridaServicePyro instance has no attribute 'script' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1265) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)

Timeout Exception when spawning an Application on iOS11

Spawning and attaching to an Application raised a Timeout Exception for me on iOS11 and Darwin (I believe the actual problem is caused by Frida, not Brida).
As a workaround I allowed Brida to attach to an already running App and manually started the target App before clicking "Spawn application" in Burp.
I modified bridaServicePyro.py by adding the function get_applications, taken from https://github.com/AloneMonkey/frida-ios-dump, and changing spawn_application. After manually building the project, it worked for me.

    def get_applications(self):
        try:
            applications = self.device.enumerate_applications()
        except Exception as e:
            print(('Failed to enumerate applications: %s' % e))
            return

        return applications

    def spawn_application(self,application_id,frida_script,remote):

        self.application_id = application_id
        self.frida_script = frida_script

        if remote == True:
            self.device = frida.get_remote_device()
        else:
            self.device = frida.get_usb_device()

        self.pid = ''
        for application in self.get_applications():
            if application_id == application.identifier or application_id == application.name:
                self.pid = application.pid

        try:
            if not self.pid:
                self.pid = self.device.spawn([bundle_identifier])
                self.device.resume(self.pid)
            else:
                self.session = self.device.attach(self.pid)
        except Exception as e:
            pass


        #self.pid = self.device.spawn([self.application_id])

        #self.session = self.device.attach(self.pid)

        with codecs.open(self.frida_script, 'r', 'utf-8') as f:
            source = f.read()

        self.script = self.session.create_script(source)
        self.script.load()

        #self.device.resume(self.pid)

        return

bridaGeneratedCompiledOutput.js No file

frida-compile. Aborting：

The bridaGeneratedCompiledOutput.js file is required：

Generated by default，bridaGeneratedCompiledOutput.js No file：

Can you give me this file?

Supported Return types?

Hey!

I was curious as to how to handle return types which are not of the types String, Boolean or a pointer? (i.e. a custom type).

I see in the code that those are the only types supported for changing the return types of a method.

Brida only supports Python 2?

Does Brida also support Python 3?

load frida-compile path error，Permission denied.

Cant get the Pyro server started

On my windows 10/ python27 box I can't seem to get Pyro going, the following error is shown in the console. Nothing is already bound to 9999 and the same happens on other ports. Any ideas?

Spwan Application Error

Burp Suite is being started on my Windows 10 machine.
The following error occurs when starting the server.

**** Console cleared successfully **** ### Exception with spawn application net.razorvine.pyro.PyroException: [frida.ServerNotRunningError] unable to connect to remote frida-server net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source) Exception with getting info Android/iOS net.razorvine.pyro.PyroException: [exceptions.AttributeError] BridaServicePyro instance has no attribute 'script' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1265) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)

Can't use classes from the application package

Hi @federicodotta ,

Great work man, thanks for the tool.

I have been trying to load a class from the application.
The code is like this :

contextcustom2: function(message) {
	if(Java.available){
		var hexDecodedInput = hexToString(message);
		var payloadRequestClass = Java.use("com.package.name.ClassName");
		var encryptedPayload = payloadRequestClass.buildPayload(hexDecodedInput);
		return stringToHex(encryptedPayload);
	}
},

But I get an error stating :

**Exception with custom context application**
net.razorvine.pyro.PyroException: [frida.core.RPCException] java.lang.ClassNotFoundException: Didn't find class "com.package.name.ClassName" on path: DexPathList[[directory "."],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]]

Now, if I use it with java.lang.String it works fine, but I don't understand what's wrong here.

Thanks.

iOS 12.0 cannot spawn

Error during frida-compile. Aborting.

hi ，facing error on frida-compile path setting , how to set this one ?

Exception starting Pyro server

Burp Suite is being started with administrative rights on my Windows 10 machine.
The following error occurs when starting the server.

java.io.IOException: Cannot run program "C:\Python\": CreateProcess error=5, Access is denied java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) java.lang.Runtime.exec(Runtime.java:620) java.lang.Runtime.exec(Runtime.java:485) burp.BurpExtender.launchPyroServer(BurpExtender.java:899) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Pyro server can't start and frida OK

Hi,

I tried to make Brida start but I got the following error :

Frida is working fine (I use it with USB) I got the process list. Also, nothing is running on port 9999.

I'm using python 2.7 with frida version 11.0.0 and pyro4 version 4.71.

Do you know how can i fix this issue ?

Spawn Application Error - fnmatch

While trying to SPAWN the Application I am getting this exception:

Exception with spawn application net.razorvine.pyro.PyroException: [builtins.ModuleNotFoundError] No module named 'fnmatch' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Swift support?

Hi,

I wonder if Brida supports application written in Swift. Brida could successfully load the binary tree. But when I tried to inspect the encryption method, it would never get the result though I could see the end-2-end encryption traffic on proxy tab.

Is it because I inspect a wrong method?

Moreover, when I use IDA to interpret the binary, I noticed the method names are different from the ones populated by Brida. Did I miss anything?

Thanks.

about encode/decode for non-ascii chars

Hi there,

Here's the context script I used:

	contextcustom1: function(message) {
		if(Java.available){
			var res = null;
			var data = hexToString(message);
			Java.perform(function() {
				var clazz = Java.use("com.xxx.yyy.zzz.dx.TransDataEncry");
				res = clazz.encodeEncry(data);
			});
				return stringToHex(res);
		}
	},

Before sending to the class method, I've converted the data to String, and returns Hex to Brida.
It's working fine with ascii chars, but not for non-ascii chars, like Chinese.

How can I achieve non-ascii encode/decode? Is it using utf-8?
Thank you!

Bad video link in BApp description

The video link at BApp points to the PDF too :)
https://portswigger.net/bappstore/2c0def96c5d44e159151b236de766892

Unable to connect to remote frida-server

Hi there,
I am getting "Exception with spawn application net.razorvine.pyro.PyroException: [frida.ServerNotRunningError] unable to connect to remote frida-server" when I click spawn application.

My Brida configuration

No issue connecting to my Brida server on my iphone as seen in the output below.

Would anyone be able to advise on this issue?

C:\Python38\Scripts>frida-ps.exe -H 192.168.1.215
 PID  Name
----  --------------------------------------------------------
6682  InCallService
6681  Phone
6555  Settings
6684  AGXCompilerService
 125  AGXCompilerService
  73  AppleCredentialManagerDaemon
 175  AssetCacheLocatorService
 114  BlueTool
 149  CallHistorySyncHelper
 156  CloudKeychainProxy
  81  CommCenter
6082  CommCenterMobileHelper
 203  ContainerMetadataExtractor
 121  ContextService
 207  EscrowSecurityAlert
 158  IMDPersistenceAgent
6596  LocalStorageFileProvider
6603  MTLCompilerService
6602  MTLCompilerService
6080  MTLCompilerService
 177  MTLCompilerService
 176  MTLCompilerService
  89  MobileGestaltHelper
 118  MobileStorageMounter
 108  OTATaskingAgent
 178  ProtectedCloudKeySyncing
6557  ReportCrash
1323  SafariBookmarksSyncAgent
6549  SpringBoard
 194  TVRemoteConnectionService
6568  UsageTrackingAgent
  69  UserEventAgent
  41  WirelessRadioManagerd
 179  absd
 169  accessoryd
 120  accountsd
 161  adid
1310  adprivacyd
 166  aggregated
 147  akd
6053  amfid
 123  analyticsd
 155  appstored
  99  apsd
1698  asd
  58  askpermissiond
  90  aslmanager
  66  assertiond
 193  assetsd
1313  assistant_service
  27  assistantd
  40  atc
  85  awdd
6011  backboardd
6668  bash
6024  bash
 110  biometrickitd
 197  bird
  79  bluetoothd
 157  bookassetd
  76  budd
 134  calaccessd
 126  callservicesd
 163  captiveagent
 105  carkitd
1312  cdpd
  83  cfprefsd
 122  cloudd
  67  cloudpaird
 205  cloudphotod
6683  com.apple.CallKit.CallDirectory

What should I fill in the application ID if I wanna inspect some APP on MacOS[newest version]?

Can't find application ID for the app, I can get PID and full path such as /Applications/HookMe.app, but there seems no way to spawn that.

Cannot start pyro server

I'm using Burp 2.1, cannot start the server its just looping null until my ram reach > 10gb
i dont know why this is happening

Brida - Call/Apply function

I would like to call the function as follows. But it doesn't work. Then I want to right click on the string and call Brida Custom 1.

contextcustom1: function(message) {

	var param1 = hexToString(message);
	var returnVal = "";

	console.log("param1 : " + param1);

	Java.perform(function () {
		var hookingClass = Java.use("com.xxx.yyy");
		returnVal = this.encrypt.overload('java.lang.String').apply(this,arguments);
		console.log("returnVal1: " + returnVal);
	});
	
	console.log("returnVal2: " + returnVal);
	return stringToHex(returnVal);
 }

How to Build?

Hello,
Can you please provide build instructions? I failed to build it on my Ubuntu machine (but I have never used Maven before, so I am probably missing something).
Thanks

Cannot use arguments in Execute Method

When I tried to use execute method tab, I found that the method cannot receive the arguments. I used following simple test case to produce the issue.

rpc.exports = {
	dummytest: function(s) {
		console.log('param:', s);
		return s;
}

In Execute method tab, I input dummytest as method name and add test to argument list.

This is the output:

Reloading script executed  
param: 
*** Output dummytest:

You can see that although the method was executed, it didn't get the argument.

Did I do anything wrong?

Additional info:

Brida version: 0.2
Frida version: 11.0.3

federicodotta / brida Goto Github PK

brida's People

Contributors

Stargazers

Watchers

Forkers

brida's Issues

Description

Setting

Error Log

Recommend Projects

Recommend Topics

Recommend Org