federicodotta / brida Goto Github PK
View Code? Open in Web Editor NEWThe new bridge between Burp Suite and Frida!
License: MIT License
The new bridge between Burp Suite and Frida!
License: MIT License
While trying to SPAWN the Application I am getting an exception
Exception with spawn application java.lang.ClassCastException: java.lang.Integer cannot be cast to java.lang.String net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)
Hi,
I've been playing around with Brida for a few days. Great tool and ideas by the way, thanks for your work.
I modified something in the JS file and it crashed Brida. This isn't too new but this time it doesn't recover.
I've tried rebooting my PC, phone, reinstalling Frida, pyro, brida (2, I'm unable to build 3 properly).
Everything is set the same, I've redownloaded the scriptBrida.js and gone for 'a clean slate' but something seems to persist somewhere.
When I press Load Tree, I get the following stack trace:
Exception with load tree
net.razorvine.pyro.PyroException:[Frida.InvalidOperationError] script is destroyed
net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32)
Pastebin.com/thHyja6k
For the full trace.
I've tried googling but didn't find this exact issue. It was sudden as well. LoadTree was working fine, I probably chose some bad way to enumerate classes and methods+types in the JS or similar, it hanged and then this is persistent.
Thanks for any help, I really miss playing around
Hi,
I am using Brida to investigate an android app.
After analyzing the binary, I found below two functions are responsible for encrypting and decrypting the request/response.
java.lang.String com.package.company.a.b(java.lang.String,java.lang.String,java.lang.String)
java.lang.String com.package.company.a.c(java.lang.String,java.lang.String,java.lang.String)
I had written my own functions in 'JS Editor'.
encryptrequest: function(param1,param2,param3) {
Java.perform(function(param1,param2,param3){
//console.log(1);
var myclass = Java.use("com.package.company.a");
myclass.b.overload('java.lang.String','java.lang.String','java.lang.String').implementation=function(param1,param2,param3){
console.log(param1);
console.log(param2);
console.log(param3);
retval=this.b(param1,param2,param3);
console.log(retval);
return retval;
}
})
},
decryptrequest: function(param1,param2,param3) {
Java.perform(function(param1,param2,param3){
//console.log(1);
var myclass = Java.use("com.package.company.a");
myclass.c.overload('java.lang.String','java.lang.String','java.lang.String').implementation=function(param1,param2,param3){
console.log(param1);
console.log(param2);
console.log(param3);
retval=this.c(param1,param2,param3);
console.log(retval);
return retval;
}
})
},
Then, I added arguments one by one into 'Argument List' in Tab - 'Execute method'.
However, when I clicked button - 'Execute Method', I got
Reloading script executed
*** Output encryptrequest:
null
Hi @federicodotta ,
Thanks for making this awesome tool, really loving it 😉 .
I am trying to load a function from one of the Java class, for test purpose I even tried doing it from java.lang.string
class, toUpperCase
function.
I changed the second context option as following :
contextcustom2: function(message) {
console.log("2 : "+message);
if(Java.available){
var hexDecodeInput = hexToString(message);
var payloadRequestClass = Java.use("java.lang.String");
var encryptedPayload = payloadRequestClass.toUpperCase_(hexDecodeInput).toString();
return stringToHex(encryptedPayload);
}
I used toUpperCase_
as shown in your demo at HITB Amsterdam.
Now, I am a total noob, at this so if something's wrong or not done properly, please redirect me to the appropriate resource ( Frida's documentation for android is very very limited AFAIK, maybe I read the wrong page ).
The error being :
java.lang.ClassNotFoundException: Didn't find class "java.lang.string" on path: DexPathList[[directory "."],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]]
Here's the stacktrace :
Exception with custom context application net.razorvine.pyro.PyroException: [frida.core.RPCException] java.lang.ClassNotFoundException: Didn't find class "java.lang.string" on path: DexPathList[[directory "."],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]] net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32)
net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58)
net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69)
net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8)
net.razorvine.serpent.ast.Ast.accept(Ast.java:51)
net.razorvine.serpent.ast.Ast.getData(Ast.java:45)
net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47)
net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272)
net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178)
burp.BurpExtender.actionPerformed(BurpExtender.java:1474)
javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
javax.swing.AbstractButton.doClick(AbstractButton.java:376)
javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:842)
javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:886)
java.awt.Component.processMouseEvent(Component.java:6533)
javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
java.awt.Component.processEvent(Component.java:6298)
java.awt.Container.processEvent(Container.java:2238)
java.awt.Component.dispatchEventImpl(Component.java:4889)
java.awt.Container.dispatchEventImpl(Container.java:2296)
java.awt.Component.dispatchEvent(Component.java:4711)
java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4897)
java.awt.LightweightDispatcher.processMouseEvent(Container.java:4534)
java.awt.LightweightDispatcher.dispatchEvent(Container.java:4475)
java.awt.Container.dispatchEventImpl(Container.java:2282)
java.awt.Window.dispatchEventImpl(Window.java:2746)
java.awt.Component.dispatchEvent(Component.java:4711)
java.awt.EventQueue.dispatchEventImpl(EventQueue.java:760)
java.awt.EventQueue.access$500(EventQueue.java:97)
java.awt.EventQueue$3.run(EventQueue.java:709)
java.awt.EventQueue$3.run(EventQueue.java:703)
java.security.AccessController.doPrivileged(Native Method)
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:733)
java.awt.EventQueue$4.run(EventQueue.java:731)
java.security.AccessController.doPrivileged(Native Method)
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
java.awt.EventQueue.dispatchEvent(EventQueue.java:730)
org.GNOME.Accessibility.AtkWrapper$6.dispatchEvent(AtkWrapper.java:715)
java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205)
java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116
java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Thanks a lot.
Hi, I'm using Brida to hook Android app.
After decrypt I have this code:
final String b() throws Exception {}
.....
return v0;
public final void b(Application arg6) {}
and this is my js function which is get String from b():
tokenfunc: function (a) {
Java.perform(function () {
var es_hook = Java.use("es");
es_hook.b.overload().implementation = function () {
var result = this.b();
return result;
};
});
},
It's not work in Brida(Output always null), but when I use Frida, It's work fine. Please tell me why. Thanks.
Thanks.
Hi @federicodotta ,
It's a great tool, you've made.
I was watching your video on this in HITB conference, Amsterdam. You said it doesn't support JAVA
methods cause of limitations to Frida API
, is it still the case , cause I see nothing when I open the Analyze Binary
tab.
parseNetworkResponse
is a function in the android APK, which I tried searching but couldn't find.
If it's the case, then how should I go on with analyzing android APKs ?
Any help/ideas on that would be great.
Testing Setup
Brida v0.3
Frida 12.4.0
Android arm64
I tried objection framework and I can run using the same frida version
, however I am getting nothing in this case.
It's running in Frida local
mode, connected through USB cable as suggested in the article brida-a-step-by-step-user-guide.
Thanks.
Hi, i read the article in https://www.reddit.com/r/netsec/
but while searching the brida.jar file in downloaded zip not found. can you please provide it.
Hello there
I have a rooted android device,followed the installation guide
but i have these exceptions
Exception with getting info Android/iOS net.razorvine.pyro.PyroException: [frida.core.RPCException] unable to find method 'getplatform' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1265) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] unable to launch iOS app: The operation couldn�t be completed. (FBSOpenApplicationErrorDomain error 1.) net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69)
Tried on an iOS 64 bit device to see if that was the issue and it crashes immediately.
Anyone have any ideas on what this could be?
My android setup works perfectly fine.
Macos Brida running error:
Exception during frida-compile java.io.IOException: Cannot run program "/usr/local/bin/": error=13, Permission denied java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) java.lang.Runtime.exec(Runtime.java:620) java.lang.Runtime.exec(Runtime.java:485) burp.BurpExtender.compileFridaCode(BurpExtender.java:2319) burp.BurpExtender.actionPerformed(BurpExtender.java:2885) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
frida-compile normal operation:
In Console.
Exception starting Pyro server
java.util.concurrent.TimeoutException java.util.concurrent.FutureTask.get(FutureTask.java:205)
burp.BurpExtender.launchPyroServer(BurpExtender.java:914)
burp.BurpExtender.actionPerformed(BurpExtender.java:1367)
javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
My Machine
Darwin ch**** 17.5.0 Darwin Kernel Version 17.5.0: Fri Apr 13 19:32:32 PDT 2018; root:xnu-4570.51.2~1/RELEASE_X86_64 x86_64
Pyro4
Requirement already satisfied: pyro4 in /usr/local/lib/python2.7/site-packages (4.71)
Frida
Requirement already satisfied: frida in /usr/local/lib/python2.7/site-packages (11.0.2)
Brida Conf
pythonPath:/usr/bin/python
pyroHost:localhost
pyroPort:9999
fridaPath:PATH-TO-BRIDA-JS/scriptBrida.js
applicationId:com.testme.mobile
remote:false
executeMethodName:
executeMethodSizeArguments:0
Other Info
Already Test For remote=true in brida conf.
Frida-Server in Android Up And Running From root.
Hello,
I am using Brida on MacOS and burp suite pro version. I am getting the below error on running brida server. Could you please help me to resolve this?
Exception starting Pyro server java.util.concurrent.TimeoutException java.util.concurrent.FutureTask.get(FutureTask.java:205) burp.BurpExtender.launchPyroServer(BurpExtender.java:914) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
OS Details: Darwin Manish.local 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64
Hi, how I can inspect all processes in Android app? It'll be easy to find infomations. Thanks.
Hello guys,
great work on the tool by the way. Simplifies the testing so much. The tool works perfectly for me on iOS 9 on the iphone x64. However, on iOS 10.0.2 32bit, spawning application results in an error message:
Exception with spawn application net.razorvine.pyro.PyroException: [frida.PermissionDeniedError] unable to access process with pid 1 from the current user account net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)
Any help will be much appreciated :)
thanks!
Hello Researcher,
I'm just trying to add Brida in burp-suite as you say, but after downloading Brida in ZIP format I haven't found BridaXX.jar file anywhere in folder. Pleas guide me through installation, I'm very excited to evaluate your cool invention
It was happened when I clicked the Spawn application button:
Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] unable to find application with identifier 'com.xxx.xxx' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
And I tried to spawn the application directly with Frida , all is ok:
>>> frida.get_usb_device().attach('com.xxx.xxx')
Session(pid=9087)
And I modefied bridaServicePyro.py like this:
self.pid = self.device.get_process(self.application_id).pid
self.session = self.device.attach(self.application_id)
the same error . :(
I got this error when starting brida.
Python version 2.7
Brida V0.3
frida (12.7.11) installed
**** Console cleared successfully **** Exception starting Pyro server java.util.concurrent.TimeoutException java.base/java.util.concurrent.FutureTask.get(FutureTask.java:204) burp.BurpExtender.launchPyroServer(BurpExtender.java:914) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967) java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308) java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405) java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262) java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279) java.desktop/java.awt.Component.processMouseEvent(Component.java:6632) java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342) java.desktop/java.awt.Component.processEvent(Component.java:6397) java.desktop/java.awt.Container.processEvent(Container.java:2263) java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918) java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4547) java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307) java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742) java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
Hi~
I use Brida 3.0 and it can start server and spawn app correctly.
*** Brida Console ***
Pyro server started correctly
Application com.android.chrome spawned correctly
Platform: Android
However, in the "analyze binary" view, I can not see the binary hierarchy but only a single file named 'Binary'.
Thank you for your help.
Here's the class to inspect:
public static String encodeEncry(String jsonObject) throws UnsupportedEncodingException {
Here's the js code:
var res = null; // global var to get res
rpc.exports = {
// BE CAREFUL: Do not use uppercase characters in exported function name (automatically converted lowercase by Pyro)
myenc: function (param) {
Java.perform(function () {
var endec_class = Java.use("xxx.TransDataEncry");
//res = "121212"; // got res
var myinstance = endec_class.$new();
res = myinstance.encodeEncry("123123123");
});
return res;
},
}
Here's the exception from the console:
Exception with execute method net.razorvine.pyro.PyroException: [frida.core.RPCException] cannot read property 'then' of null net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1385) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Thank you!
I write a java class that can encrypt string by aes.It has 2 main function, Encryption.encrypt(key, raw_string)
and Encryption.decrypt(key, encrypt_string)
, and how can i use brida to call this 2 function to encrype message or decrypt message.
and the java source:
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* Created by Administrator on 2017/7/30.
*/
public class Encryption {
private final static String HEX = "0123456789ABCDEF";
private static final String CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";//AES是加密方式 CBC是工作模式 PKCS5Padding是填充模式
private static final String AES = "AES";//AES 加密
private static final String SHA1PRNG="SHA1PRNG";//// SHA1PRNG 强随机种子算法, 要区别4.2以上版本的调用方法
/*
* 加密
*/
public static String encrypt(String key, String cleartext) {
if (cleartext.isEmpty()) {
return cleartext;
}
try {
byte[] result = encrypt(key, cleartext.getBytes());
return bytesToHexString(result);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/*
* 加密
*/
private static byte[] encrypt(String key, byte[] clear) throws Exception {
byte[] raw = getRawKey(key.getBytes());
SecretKeySpec skeySpec = new SecretKeySpec(raw, AES);
Cipher cipher = Cipher.getInstance(CBC_PKCS5_PADDING);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[cipher.getBlockSize()]));
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
/*
* 解密
*/
public static String decrypt(String key, String encrypted) {
if (encrypted.isEmpty()) {
return encrypted;
}
try {
byte[] enc = hexStringToBytes(encrypted);
byte[] result = decrypt(key, enc);
return new String(result);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/*
* 解密
*/
private static byte[] decrypt(String key, byte[] encrypted) throws Exception {
byte[] raw = getRawKey(key.getBytes());
SecretKeySpec skeySpec = new SecretKeySpec(raw, AES);
Cipher cipher = Cipher.getInstance(CBC_PKCS5_PADDING);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(new byte[cipher.getBlockSize()]));
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
/**
* Convert byte[] to hex string.这里我们可以将byte转换成int,然后利用Integer.toHexString(int)来转换成16进制字符串。
* @param src byte[] data
* @return hex string
*/
public static String bytesToHexString(byte[] src){
StringBuilder stringBuilder = new StringBuilder("");
if (src == null || src.length <= 0) {
return null;
}
for (int i = 0; i < src.length; i++) {
int v = src[i] & 0xFF;
String hv = Integer.toHexString(v);
if (hv.length() < 2) {
stringBuilder.append(0);
}
stringBuilder.append(hv);
}
return stringBuilder.toString();
}
/**
* Convert hex string to byte[]
* @param hexString the hex string
* @return byte[]
*/
public static byte[] hexStringToBytes(String hexString) {
if (hexString == null || hexString.equals("")) {
return null;
}
hexString = hexString.toUpperCase();
int length = hexString.length() / 2;
char[] hexChars = hexString.toCharArray();
byte[] d = new byte[length];
for (int i = 0; i < length; i++) {
int pos = i * 2;
d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
}
return d;
}
/**
* Convert char to byte
* @param c char
* @return byte
*/
private static byte charToByte(char c) {
return (byte) "0123456789ABCDEF".indexOf(c);
}
// 对密钥进行处理
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance(AES);
//for android
SecureRandom sr = null;
// 在4.2以上版本中,SecureRandom获取方式发生了改变
if (android.os.Build.VERSION.SDK_INT >= 17) {
sr = SecureRandom.getInstance(SHA1PRNG, "Crypto");
} else {
sr = SecureRandom.getInstance(SHA1PRNG);
}
// for Java
// secureRandom = SecureRandom.getInstance(SHA1PRNG);
sr.setSeed(seed);
kgen.init(128, sr); //256 bits or 128 bits,192bits
//AES中128位密钥版本有10个加密循环,192比特密钥版本有12个加密循环,256比特密钥版本则有14个加密循环。
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
return raw;
}
}
Hello,
it's my first time trying Brida. Burp Suite v1.7.37 running on osX. Frida-server 12.2.18 arm64. The process Brida is trying to connect to is the Zygote process. The Application ID I'm trying to spawn is different. Mode set to Local.
I'm facing the following error:
**** Console cleared successfully **** Pyro server started correctly Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] unexpected error while attaching to process with pid 2110 net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Is this issue related with Brida or Frida? I'm able to attach Frida-trace to the Application without issues.
Thanks for chasing this one up.
I can successfully exec frida-ps -R ,
λ frida-ps -R
PID Name
----- -------------------------------------
2287 10074:2279
18581 2000:18576
688 20:0
456 277
1274 277
435 31:0
3143 31:0
3121 31:10074
13282 adbd
9797 android.process.acore
18350 android.process.media
332 audiod
245 callife
5263 cn.wps.moffice_eng
3778 cn.wps.moffice_eng:getuipushservice
5283 cn.wps.moffice_eng:pushservice
but I can't start the Brida server........
I am using GenyMotion. It has no problem by running.
frida -U 1234
However, Brida failed to launch the app.
frida local
**** Console cleared successfully **** Pyro server started correctly Exception with spawn application net.razorvine.pyro.PyroException: [frida.TransportError] the connection is closed net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967) java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308) java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405) java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262) java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:279) java.desktop/java.awt.Component.processMouseEvent(Component.java:6632) java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342) java.desktop/java.awt.Component.processEvent(Component.java:6397) java.desktop/java.awt.Container.processEvent(Container.java:2263) java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5008) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918) java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4547) java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488) java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307) java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772) java.desktop/java.awt.Component.dispatchEvent(Component.java:4840) java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745) java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743) java.base/java.security.AccessController.doPrivileged(Native Method) java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742) java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90) Pyro server shutted down
Burp Suite is being started with administrative rights on my Windows 10 machine.
The following error occurs when starting the server.
**** Console cleared successfully **** Exception with spawn application net.razorvine.pyro.PyroException: [frida.NotSupportedError] java API not available net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source) Exception with getting info Android/iOS net.razorvine.pyro.PyroException: [exceptions.AttributeError] BridaServicePyro instance has no attribute 'script' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1265) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)
Spawning and attaching to an Application raised a Timeout Exception for me on iOS11 and Darwin (I believe the actual problem is caused by Frida, not Brida).
As a workaround I allowed Brida to attach to an already running App and manually started the target App before clicking "Spawn application" in Burp.
I modified bridaServicePyro.py by adding the function get_applications, taken from https://github.com/AloneMonkey/frida-ios-dump, and changing spawn_application. After manually building the project, it worked for me.
def get_applications(self):
try:
applications = self.device.enumerate_applications()
except Exception as e:
print(('Failed to enumerate applications: %s' % e))
return
return applications
def spawn_application(self,application_id,frida_script,remote):
self.application_id = application_id
self.frida_script = frida_script
if remote == True:
self.device = frida.get_remote_device()
else:
self.device = frida.get_usb_device()
self.pid = ''
for application in self.get_applications():
if application_id == application.identifier or application_id == application.name:
self.pid = application.pid
try:
if not self.pid:
self.pid = self.device.spawn([bundle_identifier])
self.device.resume(self.pid)
else:
self.session = self.device.attach(self.pid)
except Exception as e:
pass
#self.pid = self.device.spawn([self.application_id])
#self.session = self.device.attach(self.pid)
with codecs.open(self.frida_script, 'r', 'utf-8') as f:
source = f.read()
self.script = self.session.create_script(source)
self.script.load()
#self.device.resume(self.pid)
return
Hey!
I was curious as to how to handle return types which are not of the types String, Boolean or a pointer? (i.e. a custom type).
I see in the code that those are the only types supported for changing the return types of a method.
Does Brida also support Python 3?
On my windows 10/ python27 box I can't seem to get Pyro going, the following error is shown in the console. Nothing is already bound to 9999 and the same happens on other ports. Any ideas?
Exception starting Pyro server java.util.concurrent.TimeoutException java.util.concurrent.FutureTask.get(FutureTask.java:205) burp.BurpExtender.launchPyroServer(BurpExtender.java:914) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Burp Suite is being started on my Windows 10 machine.
The following error occurs when starting the server.
**** Console cleared successfully **** ### Exception with spawn application net.razorvine.pyro.PyroException: [frida.ServerNotRunningError] unable to connect to remote frida-server net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source) Exception with getting info Android/iOS net.razorvine.pyro.PyroException: [exceptions.AttributeError] BridaServicePyro instance has no attribute 'script' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1265) javax.swing.AbstractButton.fireActionPerformed(Unknown Source) javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) javax.swing.DefaultButtonModel.setPressed(Unknown Source) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) java.awt.Component.processMouseEvent(Unknown Source) javax.swing.JComponent.processMouseEvent(Unknown Source) java.awt.Component.processEvent(Unknown Source) java.awt.Container.processEvent(Unknown Source) java.awt.Component.dispatchEventImpl(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) java.awt.Container.dispatchEventImpl(Unknown Source) java.awt.Window.dispatchEventImpl(Unknown Source) java.awt.Component.dispatchEvent(Unknown Source) java.awt.EventQueue.dispatchEventImpl(Unknown Source) java.awt.EventQueue.access$500(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.awt.EventQueue$3.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.awt.EventQueue$4.run(Unknown Source) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) java.awt.EventQueue.dispatchEvent(Unknown Source) java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.pumpEvents(Unknown Source) java.awt.EventDispatchThread.run(Unknown Source)
Hi @federicodotta ,
Great work man, thanks for the tool.
I have been trying to load a class from the application.
The code is like this :
contextcustom2: function(message) {
if(Java.available){
var hexDecodedInput = hexToString(message);
var payloadRequestClass = Java.use("com.package.name.ClassName");
var encryptedPayload = payloadRequestClass.buildPayload(hexDecodedInput);
return stringToHex(encryptedPayload);
}
},
But I get an error stating :
**Exception with custom context application**
net.razorvine.pyro.PyroException: [frida.core.RPCException] java.lang.ClassNotFoundException: Didn't find class "com.package.name.ClassName" on path: DexPathList[[directory "."],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]]
Now, if I use it with java.lang.String
it works fine, but I don't understand what's wrong here.
Thanks.
iOS 12.0 cannot spawn
Burp Suite is being started with administrative rights on my Windows 10 machine.
The following error occurs when starting the server.
java.io.IOException: Cannot run program "C:\Python\": CreateProcess error=5, Access is denied java.lang.ProcessBuilder.start(ProcessBuilder.java:1048) java.lang.Runtime.exec(Runtime.java:620) java.lang.Runtime.exec(Runtime.java:485) burp.BurpExtender.launchPyroServer(BurpExtender.java:899) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Hi,
I tried to make Brida start but I got the following error :
Exception starting Pyro server java.util.concurrent.TimeoutException java.util.concurrent.FutureTask.get(FutureTask.java:205) burp.BurpExtender.launchPyroServer(BurpExtender.java:914) burp.BurpExtender.actionPerformed(BurpExtender.java:1367) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Frida is working fine (I use it with USB) I got the process list. Also, nothing is running on port 9999.
I'm using python 2.7 with frida version 11.0.0 and pyro4 version 4.71.
Do you know how can i fix this issue ?
While trying to SPAWN the Application I am getting this exception:
Exception with spawn application net.razorvine.pyro.PyroException: [builtins.ModuleNotFoundError] No module named 'fnmatch' net.razorvine.pyro.serializer.PyroExceptionSerpent.FromSerpentDict(PyroExceptionSerpent.java:32) net.razorvine.pyro.serializer.SerpentSerializer$DictConverter.convert(SerpentSerializer.java:58) net.razorvine.serpent.ObjectifyVisitor.visit(ObjectifyVisitor.java:69) net.razorvine.serpent.ast.DictNode.accept(DictNode.java:8) net.razorvine.serpent.ast.Ast.accept(Ast.java:51) net.razorvine.serpent.ast.Ast.getData(Ast.java:45) net.razorvine.pyro.serializer.SerpentSerializer.deserializeData(SerpentSerializer.java:47) net.razorvine.pyro.PyroProxy.internal_call(PyroProxy.java:272) net.razorvine.pyro.PyroProxy.call(PyroProxy.java:178) burp.BurpExtender.actionPerformed(BurpExtender.java:1224) javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) java.awt.Component.processMouseEvent(Component.java:6533) javax.swing.JComponent.processMouseEvent(JComponent.java:3324) java.awt.Component.processEvent(Component.java:6298) java.awt.Container.processEvent(Container.java:2236) java.awt.Component.dispatchEventImpl(Component.java:4889) java.awt.Container.dispatchEventImpl(Container.java:2294) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) java.awt.Container.dispatchEventImpl(Container.java:2280) java.awt.Window.dispatchEventImpl(Window.java:2746) java.awt.Component.dispatchEvent(Component.java:4711) java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) java.awt.EventQueue.access$500(EventQueue.java:97) java.awt.EventQueue$3.run(EventQueue.java:709) java.awt.EventQueue$3.run(EventQueue.java:703) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) java.awt.EventQueue$4.run(EventQueue.java:731) java.awt.EventQueue$4.run(EventQueue.java:729) java.security.AccessController.doPrivileged(Native Method) java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) java.awt.EventQueue.dispatchEvent(EventQueue.java:728) java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Hi,
I wonder if Brida supports application written in Swift. Brida could successfully load the binary tree. But when I tried to inspect the encryption method, it would never get the result though I could see the end-2-end encryption traffic on proxy tab.
Is it because I inspect a wrong method?
Moreover, when I use IDA to interpret the binary, I noticed the method names are different from the ones populated by Brida. Did I miss anything?
Thanks.
Hi there,
Here's the context script I used:
contextcustom1: function(message) {
if(Java.available){
var res = null;
var data = hexToString(message);
Java.perform(function() {
var clazz = Java.use("com.xxx.yyy.zzz.dx.TransDataEncry");
res = clazz.encodeEncry(data);
});
return stringToHex(res);
}
},
Before sending to the class method, I've converted the data to String, and returns Hex to Brida.
It's working fine with ascii chars, but not for non-ascii chars, like Chinese.
How can I achieve non-ascii encode/decode? Is it using utf-8?
Thank you!
The video link at BApp points to the PDF too :)
https://portswigger.net/bappstore/2c0def96c5d44e159151b236de766892
Hi there,
I am getting "Exception with spawn application net.razorvine.pyro.PyroException: [frida.ServerNotRunningError] unable to connect to remote frida-server" when I click spawn application.
No issue connecting to my Brida server on my iphone as seen in the output below.
Would anyone be able to advise on this issue?
C:\Python38\Scripts>frida-ps.exe -H 192.168.1.215
PID Name
---- --------------------------------------------------------
6682 InCallService
6681 Phone
6555 Settings
6684 AGXCompilerService
125 AGXCompilerService
73 AppleCredentialManagerDaemon
175 AssetCacheLocatorService
114 BlueTool
149 CallHistorySyncHelper
156 CloudKeychainProxy
81 CommCenter
6082 CommCenterMobileHelper
203 ContainerMetadataExtractor
121 ContextService
207 EscrowSecurityAlert
158 IMDPersistenceAgent
6596 LocalStorageFileProvider
6603 MTLCompilerService
6602 MTLCompilerService
6080 MTLCompilerService
177 MTLCompilerService
176 MTLCompilerService
89 MobileGestaltHelper
118 MobileStorageMounter
108 OTATaskingAgent
178 ProtectedCloudKeySyncing
6557 ReportCrash
1323 SafariBookmarksSyncAgent
6549 SpringBoard
194 TVRemoteConnectionService
6568 UsageTrackingAgent
69 UserEventAgent
41 WirelessRadioManagerd
179 absd
169 accessoryd
120 accountsd
161 adid
1310 adprivacyd
166 aggregated
147 akd
6053 amfid
123 analyticsd
155 appstored
99 apsd
1698 asd
58 askpermissiond
90 aslmanager
66 assertiond
193 assetsd
1313 assistant_service
27 assistantd
40 atc
85 awdd
6011 backboardd
6668 bash
6024 bash
110 biometrickitd
197 bird
79 bluetoothd
157 bookassetd
76 budd
134 calaccessd
126 callservicesd
163 captiveagent
105 carkitd
1312 cdpd
83 cfprefsd
122 cloudd
67 cloudpaird
205 cloudphotod
6683 com.apple.CallKit.CallDirectory
Can't find application ID for the app, I can get PID and full path such as /Applications/HookMe.app
, but there seems no way to spawn that.
I would like to call the function as follows. But it doesn't work. Then I want to right click on the string and call Brida Custom 1.
contextcustom1: function(message) {
var param1 = hexToString(message);
var returnVal = "";
console.log("param1 : " + param1);
Java.perform(function () {
var hookingClass = Java.use("com.xxx.yyy");
returnVal = this.encrypt.overload('java.lang.String').apply(this,arguments);
console.log("returnVal1: " + returnVal);
});
console.log("returnVal2: " + returnVal);
return stringToHex(returnVal);
}
Hello,
Can you please provide build instructions? I failed to build it on my Ubuntu machine (but I have never used Maven before, so I am probably missing something).
Thanks
When I tried to use execute method tab, I found that the method cannot receive the arguments. I used following simple test case to produce the issue.
rpc.exports = {
dummytest: function(s) {
console.log('param:', s);
return s;
}
In Execute method
tab, I input dummytest
as method name and add test
to argument list.
This is the output:
Reloading script executed
param:
*** Output dummytest:
You can see that although the method was executed, it didn't get the argument.
Did I do anything wrong?
Additional info:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.