Comments (18)
Uhm, I don't think but maybe one function that I use executes a convertion... When you use non-ascii chars do you have an exception? Can you please paste me the exception?
from brida.
@federicodotta Hi there,
There're no exceptions, but all the chinese chars are not converted right.
It's a context menu function, I don't know where to start.
Maybe there're these parts:
Repeater selection --1--> context memu function --2--> Brida plugin--3--> Pyro4 proxy --4--> Frida
If using frida hooks, it's converted well in the console, which is zsh on mac.
So, I guess maybe 1/2 are possible, because I recall that the plugin is receiving hex coded payloads, which may not be affected by locales.
But I'm terrible at Java.
I will update more as soon as I got back to work.
Thank you for the feedback and help.
from brida.
@federicodotta Hi there,
Today, I've met another app which is under our pentesting (approved), and came across the same problem:
RSP_MSG
is Chinese, if using frida hooks in commandline, I can see the Chinese chars:
But Burp is not showing them correctly.
The brida hook is:
if(Java.available){
var res = null;
var data = hexToString(message);
Java.perform(function () {
var SecurityEncrypt = Java.use("xxx.utils.dx.TransDataEncry");
var dec_ret = SecurityEncrypt.decodeEncry(data);
res = dec_ret;
});
return stringToHex(res);
}
And setting burp's user options
won't help:
Also tried to set character sets
to utf-8
, no luck. Same with other sets.
Sorry for the late reply because usually it's english ascii chars after hooks.
Looking forward.
Thank you for your time.
from brida.
Update:
when I added console.log(res)
before the last return
, I saw exceptions from the console of brida:
Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/frida/core.py", line 289, in _on_message
self._log_handler(level, text)
File "/usr/local/lib/python2.7/site-packages/frida/core.py", line 304, in _on_log
print(text, file=sys.stdout)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 92-100: ordinal not in range(128)
I run some tests, change core.py
line 304 to :
-
print(text.encode("utf-8"), file=sys.stdout)
-
print(text.decode("utf-8"), file=sys.stdout)
and Change character sets in burp. No luck.
I think it should be Brida's implementation's problem, because frida
is functioning well when running in console and can display Chinese chars, and BurpSuite
can display Chinese chars correctly:
Thus only left Brida extention's implementation.
Would you like to take a look? I can't code java....
Thank you.
from brida.
update:
I added some chinese char in BurpExtender.java:
JOptionPane.showMessageDialog(null, new JScrollPane(ta), "Custom invocation response响应", JOptionPane.INFORMATION_MESSAGE);
the dialog is showing chinese correctly.
So, maybe it's the byteArrayToHexString
and hexStringToByteArray
functions' problem.
Or, maybe jython's problem, I did some search and see one discussion about chinese chars problem with jython.
Link Here
Also, tried to change the above two functions as follows, but still no luck:
static String byteArrayToHexString(byte[] src) {
StringBuilder stringBuilder = new StringBuilder("");
if (src == null || src.length <= 0) {
return null;
}
for (int i = 0; i < src.length; i++) {
int v = src[i] & 0xFF;
String hv = Integer.toHexString(v);
if (hv.length() < 2) {
stringBuilder.append(0);
}
stringBuilder.append(hv);
}
return stringBuilder.toString();
}
private static byte[] hexStringToByteArray(String hexString) {
if (hexString == null || hexString.equals("")) {
return null;
}
hexString = hexString.toUpperCase();
int length = hexString.length() / 2;
char[] hexChars = hexString.toCharArray();
byte[] d = new byte[length];
for (int i = 0; i < length; i++) {
int pos = i * 2;
d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
}
return d;
}
And just tried another way:
I simply shows the hexstring in the dialog and I got this:
7b22424f4459223a7b2250524f445543545f4c495354223a5b5d7d2c2253595348454144223a7b225452414e535f54494d45223a22323032302d30322d31322030353a31343a3237222c225253505f434f4445223a2230303030303030303030222c225253505f4d5347223a22a413109f227d7d
And using console hook to decrypt the data shows the result string with showing the chinese chars correctly below:
{"BODY":{"PRODUCT_LIST":[]},"SYSHEAD":{"TRANS_TIME":"2020-02-12 05:14:27","RSP_CODE":"0000000000","RSP_MSG":"交易成功"}}
And finally it's a task to change the hex to the str in BurpExtender.java
, and the problem will be solved.
from brida.
update:
And, if I directly setText
to some chinese chars, it's showing good.
I'm lost.
I think it's frida/core.py
problem.
from brida.
Hi mr-m0nst3r!
Sorry for the delay in the response.
I don't know if this fix can help with your problem, but you can try to change the beginning of the brydaServicePyro.py file ("res" folder) as follow:
# -*- coding: utf-8 -*-
import frida
import codecs
import Pyro4
import sys
import time
reload(sys)
sys.setdefaultencoding('utf-8')
@Pyro4.expose
class BridaServicePyro:
...
from brida.
hi, @federicodotta , thank you for your response.
I found a solution when scripting custom brida plugins.
It's because of the convertion between hex string to string.
It's fixed by using apache commons
's Hex
methods. The default hex decode of Java is not suitable for Chinese chars.
Plan to make a pull request when I have time.
Great job and thank you!
from brida.
@federicodotta Hi there, I just created a pull request to fix this issue. Using org.apache.commons.codec.binary.Hex
to do the hex decode. I found this method during developing custom plugin using Brida.
Appreciate your excellent work.
from brida.
Hi Mr. Monster! Sorry for the delay! Thank you for your work!
I have not already merged your pull request because I'm working on the new major version of Brida, that I will release in June for HackInParis (my local branch is ahead of the public one of a lot of commit).
Anyhow, the new release will have your fix applied! :)
from brida.
Hi @federicodotta ,
that's great!
Waiting for your new release.
Your plugin is excellent!
My PR maybe buggy, I'm new on Java, major in pentest, so pls double check the pr.
And, some recommendations:
- add function for the frida-gadget method. sometimes I have to use gadget to get correct injection point.
- maybe use another version of syntax editor, I mean for the js part.
- and python3. I found python3 was not working well with the current version, maybe the pyro4's problem, but I know too little about programming to identify the problem.
Your plugin has been playing an quite important role in my work. Thank you a lot for your work!
from brida.
Hi mr-monster!
Thank you for you recommendations!
- I will try Brida with the frida-gadget, fixing bugs if present
- For the next release I will not change the syntax editor
- I have already implemented Python 3 compatibility. If you need Python 3 before June, I posted the code in this issue: #39 (comment)
Thank you again!
Federico
from brida.
Hi @mr-m0nst3r,
one thing. You can already use Brida with frida-gadget (I tried with the old and the new versions of Brida). Procedure:
Android:
If you want to use Brida and Frida on a non-rooted device you must have the APK of the application. You need to patch the application with the Frida library ("Frida Gadget") and then install the patched application on your device. The most comfortable way to accomplish this task is to use the great Objection tool, released by Leon Jacobs. You can find a detailed guide on how patch the application here.
After patching the application, you can install it using adb ("adb install app-patched.apk").
After launching the application by clicking it in the device, it remains stucked waiting for Frida. Now you can follow the Brida spawn procedure, setting re.frida.Gadget as Application ID.
iOS:
If you want to use Brida and Frida on a non-Jailbroken device you must have the IPA of the application. You need to patch the application with the Frida library ("Frida Gadget") and then install the patched application on your device. The most comfortable way to accomplish this task is to use the great Objection tool, released by Leon Jacobs. You can find a detailed guide on how patch the application here.
After patching the application, you can install and execute it following this guide.
After launching the application, it remains stucked waiting for Frida. Now you can follow the Brida spawn procedure, setting re.frida.Gadget as Application ID.
Federico
from brida.
@federicodotta Great, thank you mate. Looking forward to your new version. excited.
from brida.
I modified your plugin to another plugin, named Burpy, and I found that by adding the following code to the script, burpsuite can show utf-8 charactors correctly:
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
But Burpy loads python script, not js as Brida, I'm not sure where should I put it to, maybe into the pyroservice script.
Haven't got a project to test on, maybe update tests later.
Looking forward to your new version release.
from brida.
Hi @mr-m0nst3r!
yes, I tried this fix but gave me some issues in some environments. As you can see in Python 3 fix I linked you last month (#39 (comment)), I inserted those lines but then I commented them. Anyhow, I will execute other checks on those lines. By the way, it is always better to encode frida input/output (base64, hex, etc.) before passing through Pyro4, in order to pass only UTF-8 characters in Pyro4 bridge. In the new version of Brida this will be easier.
Anyhow, thank you for the tip and to help improve Brida!
A little news: due the current worldwide situation the HackInParis conference has been postponed and consequently I will release Brida this week or the next one. :)
Have a nice day,
Federico
from brida.
@federicodotta
it's a little tricky since Brida is handling variables among java, python and js. I'm lost analyzing it, but I guess it's python2's fault.
Hah, I should thank corona in a way that I can see your new release earlier than normal.
Great work, and take good care.
from brida.
Hi @mr-m0nst3r!
Yesterday I released the new version of Brida. Now you can create custom plugins using a graphical interface using various encoding/compression algorithms, including ASCII-HEX, Base64, gzip, etc. You can find many examples in the new Wiki.
Please try the new version and let me know if it solves you encoding issues, using one of the supplied encoding algorithms when Chinese characters or binary data are send from Burp Suite to Frida and viceversa.
I wait for a feedback! Thank you!
Take good care,
Federico
from brida.
Related Issues (20)
- error: unknown option '-x' HOT 6
- Exception with attach application HOT 5
- frida-compile: error: unrecognized arguments: -x
- Spawn Application function is not available HOT 5
- Custom plugin not shows encrypted or decrypted result HOT 4
- Exception with execute method HOT 9
- Exception with getting info Android/iOS HOT 6
- It will cause burpsuite to get stuck. HOT 2
- Entrypoint must be inside the project root (ERROR)
- there is an error when crypt response HOT 1
- Stop server did not work with last Java versions HOT 1
- If I enable the hook crypto stuff option, burp suite crashes. HOT 3
- Parameter cannot be passed HOT 1
- Cant use inspect or inspect with backtrace HOT 1
- Kill server button not working HOT 1
- How to install Brida Frida etc
- Error during frida-compile, potentially caused by compilation errors. Aborting. HOT 1
- Failed Get Result Custom Plugin HOT 5
- 求助!brida0.6无法hook
- Got error for graphical hook[Exception running starting tree hook Tree hook trace java_class] HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brida.