Shulou(Shulou.com)05/31 Report--

Brida Python3 environment is not complete toss manual, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Recently, when I was testing Android APP, I found that the target program did HTTPS certificate checking, and because APK was confused, the xposed plug-in (such as SSL Unpinning or Just Trust Me) failed because the function name of the hook was changed. So I thought of using Frida for dynamic viewing and Hook.

Brida is a Burp Suite extension that acts as a bridge between Burp Suite and Frida to help users modify the communication data between the application and the back-end server.

There has been an introduction on Brida,Freebuf. I won't repeat it any more. If you are interested, you can see here. However, the official Brida, released in 2018, natively supports python 2.7, or has only been tested in the py27 environment, while the Frida version iterates so fast that it can no longer adapt to the py2.7 environment in today's environment.

When I tried to install it in the python3 environment, I found that it didn't work, so I had the whole process of this article. I read the official documents countless times and slowly understood the essence of it. Now I record it and share it with you.

It can be said that every step in the process of installation is a pit, and then slowly share ~

Environmental preparation

The first pit: Python environment.

When installing Frida, there are certain requirements for the version of Python.

Determine the version

Step 1: determine the Frida version

This step requires you to decide which version of Frida to use, because it has a lot to do with the environment as a whole. Visit the download page of Github, download frida-server-xx.xx.xx-android-xx.tar.gz and run it on your machine (simulator or mobile phone).

Step2: determine which Python versions are supported

Different versions of Frida support different versions of Python. Write down the available Frida version, such as 12.8.17, visit the Frida download page of Pypi at this time. If your pip uses a domestic source, visit the page of the source, such as the source of Tsinghua University, which I use, then visit https://pypi.tuna.tsinghua.edu.cn/simple/frida/.

Find the corresponding version 12.8.17 in this list and look at the file name. For example:

For example, if you are using the Windows 64-bit platform, download the frida-12.8.17-py3.7-win-amd64.egg,Linux platform and download the corresponding egg.

Install Python

Choose to install according to the Python version marked before the egg file seen above.

Linux system (based on pyenv)

Install pyenv. If you choose to use Brida on Linux systems, such as Kali, it is recommended to use pyenv for version management in python environment, which is very convenient. For installation, please see pyenv's official Github.

Install Python. When installing Python, you will step on a few holes:

Dependent library

Pyenv compiles from its source code when installing Python, so it needs to be supported by dependent libraries, otherwise even if it is installed without error, there will be problems at run time. Take Kali as an example (Ubuntu and Debian commands should be the same, and other Linux systems have similar principles). The libraries that need to be installed may be:

Libbz2-devlibrealine-devzlib1g-devlibffi-devlibsqlite3-devliblzma-dev

The above libraries are prompted in the error message during installation, such as ModuleNotFoundError: No module named'_ sqlite3'

Download and install

When you use the command pyenv install 3.6.5 to install Python 3.6.5, you will see the following:

Pentest@DESKTOP-2AE07FJ:~$ pyenv install 3.6.5

Downloading Python-3.6.5.tar.xz...

-> https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz

Pyenv will try to download the source code of tar.gz format to compile, in general, the domestic network will be very slow, let pyenv download will go down to heaven and earth, and it is possible to wait half an hour to play an error for you, very annoying.

At this time, you can download manually with this link (aria2 can be installed on Linux, which can be used by Baidu in many ways).

After downloading, create a new folder cache under the ~ / .pyenv/ path, put the downloaded tar.xz file in, and then run pyenv install 3.6.5, you will skip the download and start the compilation and installation directly.

After the installation is complete, use pyenv versions to view it. If you can see the list, the installation is successful. Use the command pyenv global 3.6.5 to globally switch to the Python 3.6.5 environment.

Install pyenv-virtualenv. Frida can be installed at this point, but it is recommended to install the plug-in virtualenv for pyenv to avoid the problem that the tool cannot be installed due to a conflict in the version of the dependent components. For the installation of virtualenv, see the official Github.

After installation, use the command pyenv virtualenv 3.6.5 frida to create a virtual environment called frida based on Python version 3.6.5, and use pyenv activate frida to enable it.

When enabled successfully, the command line begins with a parenthesis:

Windows environment

In Windows environment, because pyenv-win support is not good, you can install it directly: download the installation package of the corresponding version of .msi directly from the official website, and double-click to install it. It is important to note that do not check the option "Add Python 3.x to PATH" during installation, so as not to affect the environment in the current system.

Due to not joining the PATH, the environment is relatively independent, and it is relatively convenient and easy to use.

Remember the installation path of Python, which you will need later.

Install Frida, Frida-tools, and Pyro4

The Python environment is installed and you are ready to install Frida. At this point, you need the frida-12.8.17-py3.7-xxx-xxx.egg file downloaded in the preparation phase.

In theory, you can use the pip command pip install frida==12.8.17 to install, but it may get stuck in Running setup.py install for frida.-Don't move, so you need to install the .egg file directly.

Pyro4 is the middleware for communication between Brida and Frida, which needs to be installed together.

Linux environment

After switching the environment with virtualenv, enter easy_install ~ / Downloads/frida-12.8.17-py3.6-linux-x86_64.egg directly.

Use the command pip install frida-tools to install frida-tools.

Use the command pip install pyro4 to install Pyro4.

Windows environment

In Windows environment, you need to enter the installation path in the installation steps, such as C:\ Users\ [user name]\ AppData\ Local\ Programs\ Python\ Python37, open the command line here, and enter the command:

C:\ Users\ xx\ AppData\ Local\ Programs\ Python\ Python37 >.\ Scripts\ easy_install.exe C:\ Users\ xx\ Downloads\ frida-12.8.17-py3.7-win-amd64.egg

Install Frida. After the installation is successful, type.\ Scripts\ pip.exe install frida-tools to install Frida-tools.

Enter.\ Scripts\ pip.exe install pyro4 to install Pyro4.

At this point, both Frida and Frida-tools are installed.

Configure Brida

Brida requires Burpsuite support, both Community version and Pro. The installation method is simple, you can install it directly in BApp Store, or you can download it from Brida's Releases page. The method installed in Burpsuite is used here.

Adapting Python3

Big pit warning! Big pit warning! Big pit warning! Important things are to be repeated for 3 times!

Because Brida is written to support Python2.7, it cannot be run directly in an environment of 3.63.7. Someone raised this question in issues in May 2019, and the author answered it in March 2020, and gave a solution: modify the .py file in the plug-in as follows:

Locate the plug-in Brida_xxx.jar file. Root directory of the plug-in:

The latter path is the same:\ bapps\ 2c0def96c5d44e159151b236de766892\ build\ libs

Windows:C:\ Users\ xx\ AppData\ Roaming\ BurpSuite

Linux:~/.BurpSuite

Open brida-all.jar with the decompression tool, and extract the two files (bridaServicePyro.py and scriptBridaDefault.js) under the / res folder for standby

Edit the bridaServicePyro.py and replace the content with the following code:

(): = (,):. (). () () (,):. (). () () (,): (.,). (,): = (,): =. =. ():. (). =. ([.]). =. (). (,): =. (). =. (). ():. ():. () ():. (,): =. () =. (). () ():. (,): = (.) = []:. () = (). (): (). () = (.) =. [] = (. []) =. (=, =) =. (, =) ()

This code comes from the original author of Brida, see: https://github.com/federicodotta/Brida/issues/39#issuecomment-596064419

Put bridaServicePyro.py back in the / res folder of brida_all.jar (overwriting the original file).

Copy the scriptBridaDefault.js and remember the path.

At this point, the Python3 adaptation part of Brida is complete.

Brida configuration

Open Burpsuite and switch to the Brida tab. The page function and usage can be described in the [original] Brida Operation Guide.

The value of "Python binary path" fills in the location of the Python installed in the "Environment preparation" section.

In Linux system, the path is ~ / .pyenv/versions/xxx/bin/python

On Windows systems, the path is the installation path, such as C:\ Users\ xx\ AppData\ Local\ Programs\ Python\ Python

At this point, click the "Start Server" button, the green "Server running" will be displayed, indicating that the Pyro4 is running successfully and is ready for operation.

The meaning of the option "Frida JS file path" is not mentioned in various tutorials, and you can't "Spawn application" if you don't use its default value or point to a custom script.

If the "getplatform" error occurs, it means that the JS file is specified incorrectly.

On its official description page, there are the following instructions:

"Frida JS file path" is the path of the Frida instrumentation JavaScript file, containing all Frida and Brida hooks and exports. To properly use Brida you have to insert the path of the JS file supplied with the Brida release (named "scriptBrida.js") because this file contains Frida functions used by Brida itself. You can add your own Frida hooks and exports directly in this file.

In a simple translation, the Frida JS file path needs to point to a JS file that contains the Hook and Export definitions of Frida and Brida. This file is saved in Brida-all.jar, which is the scriptBridaDefault.js file saved in the above step.

Here, point the address of "Frida JS file path" to the path of the previously saved scriptBridaDefault.js file.

Configure Android devices and Spawn application

The last step is to start frida-server on the Android device and fill in the package name in Brida. "Spawn application" succeeds!

Click the Analyze binary tab, select Binary, click the Load tree button, list the loaded .so files, successful!

Summary

The Frida version is updated quickly, so although the tools of a year or two ago are still troublesome to use now. Using pyenv + virtualenv to manage the configuration of the environment on the Linux platform makes the configuration much easier.

In addition, according to the author of Brida, an official version that supports Python3 will be released in June 2020, so you can follow Github at that time.

The whole process is summed up as follows:

Install Python, Frida, Pyro4

Modify Brida-all.jar, change bridaServicePyro.py file

Extract scriptBridaDefault.js, modify Frida JS file path to point to the extracted file

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.