Brida icon indicating copy to clipboard operation
Brida copied to clipboard

Published 20 hours ago verified publisher icon federicodotta

Possibility to disable (not detach) single hook

Open mFIND opened this issue 3 years ago • 1 comments

Hi,

As far as I know, currently the only option in Brida for disabling hooks is to detachAll using frida's Interceptor.detachAll(). However it would be nice, to be able to disable hooks one-by-one.

I'm almost certain this can be done. One naive solution would be to change change construction of every Brida-Frida hook. For example:

Interceptor.attach(Module.getExportByName(null, 'read'), {
  onEnter(args) {
    //on enter logic
  },
  onLeave(result) {
    // on leave logic  
  })

could be changed to something like this:

Interceptor.attach(Module.getExportByName(null, 'read'), {
  onEnter(args) {
    if(isActive[hookId]){  // hookId e.g.: 5 
      //on enter logic
    }
  },
  onLeave(result) {
    if(isActive[hookId]){  // hookId e.g.: 5
      //on leave logic
    }
  })

Where hookId would be a constant in a context of one hook.

After that, if user would decide, that they don't want to use one of his hooks, they could just 'disable' it, and internally, Brida would check what is the ID of that hook and change value of isActive[hookId] to false.

Not sure if this is the best way to go about this, but I think this functionality would be a welcome improvement.

mFIND avatar May 15 '21 21:05 mFIND

Hi, I tried adding the functionality by myself, but I ran into a problem. When trying to disable a hook I get an error saying, that Pyro was unable to find my method.

~~I think the problem is because javascript files are not compiled into .jar, that is generated (because I changed log that should be printed to console, but I could not see a difference)~~ [EDIT: No longer the case, but still JavaScript is not updated.. somewhere]

I compiled the jar using: mvn compile && mvn clean compile assembly:single

Compilation itself is successful, without any errors. I also assume, that during the compilation, file bridaGeneratedCompiledOutput.js should be [re]generated.

~~How can I compile this project to include all .js files .jar file?~~

EDIT: I missed wiki, which provides a command which should compile Brida to .jar. After running mvn package -Dmaven.test.skip=true, I had two .jar files in target directory - one with dependencies, and one without them. Opening .jar without dependencies resulted in error, loading the other one worked, however it seems that the new JS file still failed to load. I tried reopening burpsuite, restarting Pyro server, Compiling & Spawning an application, Compiling & reloading JS and restarting frida server.

I also inspected both jars, and as expected, both of them contained modified versions of JavaScript, but new function still couldn't be found. ~~Any idea why that might be the case?~~ EDIT2: Frida JS file folder. Yup, forgot about that :)

mFIND avatar Jun 06 '21 12:06 mFIND