-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathfridax.js
executable file
·124 lines (101 loc) · 3.87 KB
/
fridax.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/env node
/**
* You should not change this file.
* Please consult the `README.md` file for usage details.
*/
// Dependencies
const fs = require(`fs`)
const chalk = require(`chalk`)
const inquirer = require(`inquirer`)
const storage = require(`node-persist`)
const frida = require(`frida`)
const fridaInject = require(`frida-inject`)
// Available arguments
let argv = require(`yargs`)
.scriptName(`./fridax.js`)
.wrap(320)
.help(`h`).alias(`h`, `help`)
.option(`device`, { default: `usb`, description: `The address of the remote Frida device to connect to (or the string "usb")`})
.command(`inject [scripts]`, `Inject the given scripts list.`, (yargs) => {
yargs
.example(`$0 inject --scripts scripts/intercept_username.js scripts/intercept_password sql_injection.js`)
.option(`scripts`, {
alias: `s`,
type: `array`,
description: `A list of script names to run.`
})
.demandOption(`scripts`)
}, (argv) => {})
.demandCommand()
.example(`$0 inject --scripts scripts/intercept_username.js scripts/intercept_password.js scripts/sql_injection.js`)
.argv
// The Fridax runtime
async function main(options) {
console.log(`[*] Awaiting storage initialization.`)
await storage.init()
let deviceManager = frida.getDeviceManager()
let device = null;
if (argv[`device`] !== `usb`) {
console.log(`[*] Connecting to remote frida-server.`)
device = await deviceManager.addRemoteDevice(argv[`device`]);
} else {
console.log(`[*] Awaiting USB device.`)
device = await frida.getUsbDevice()
}
if (device == null) {
return console.error(chalk.bold.red(`[!] Cannot find device.`))
}
console.log(`[*] Up and running on ${device.name}.`)
let application = await selectApplicationOnDevice(device)
console.log(`[*] Happy hacking.`)
let inject = await injectApplicationOnDevice(device, application)
}
// Give the user the option to choose an application
async function selectApplicationOnDevice(device) {
choices = []
applications = await device.enumerateApplications()
selectedApplication = null
selectedName = await storage.getItem(`selectedApplication`)
for (i in applications) {
choices.push({
name: applications[i][`name`],
value: applications[i],
})
if (applications[i][`name`] == selectedName) {
selectedApplication = applications[i]
}
}
let answers = await inquirer.prompt([
{
type: `list`,
name: `application`,
message: `Which application do you want to inject?`,
default: selectedApplication,
choices: choices
}
])
await storage.setItem(`selectedApplication`, answers.application.name)
return answers.application;
}
// Inject the given scripts in the chosen application
async function injectApplicationOnDevice(device, application) {
let pid = application.pid ? application.pid : await device.spawn(application.identifier)
var scripts = [`console.log('[*] Injected a test script (this runs from within the injected application)!')`]
for (index in argv[`scripts`]) {
var file = __dirname + `/${argv[`scripts`][index]}`
if (fs.existsSync(file)) {
scripts.push(file)
} else {
console.error(chalk.bold.red(`[!] File '${file}' does not exist.`))
}
}
return await fridaInject({
pid: pid,
device: device,
scripts: scripts,
onAttach: session => console.log(`[*] Attached to application (session: ${session.pid}).`),
onDetach: (session, reason) => console.log(`[*] Detached from application (session: ${session.pid}): ${reason}.`),
onUnload: script => console.log(`[*] Script unloaded.`)
})
}
main()