Frida Python Tool

Dependencies

pip3 install frida-tools

Library injection example

Custom library injection

./neomorph.py -p 31337 -m inject -e libcustom.so -x entry_function
`

Interception example

Function interception

./neomorph.py -p 31337 -m intercept -e 0x13371337
`

SSL interception

./neomorph.py -p 31337 -m intercept -e SSL_write
./neomorph.py -p 31337 -m intercept -e SSL_read

Remote host SSL interception (package)

./neomorph.py -H 192.168.1.9:2313 -P org.mozilla.firefox -m intercept -e SSL_write -A 1 -s 10240 -O term

Spoofing example

Compile the program

gcc hello.c -o hello

Start the program

./hello

Spoof (string)

./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "hack the planet"

Spoof (hex)

./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "68 61 63 6b 20 74 68 65  20 70 6c 61 6e 65 74 00"

Spoof (mnemonic) - pip3 install capstone keystone

./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "push r12; push r9; push r10; push rax; pop r12; pop rbx; push rax; mov eax, 0" -I asm -O asm

Custom javascript

./neomorph.py -p 1337 -j file.js

Usage

Pattern search

./neomorph.py -p 1337 -m pattern -e "hello world"

Dump on remote host

./neomorph.py -p 1337 -m dump -H 192.168.2.8:9443 -e "0x7f1ea3dbb683"

Dump by pattern

./neomorph.py -p 1337 -m dump -e "hello world" -I pattern

Dump by pattern (hex)

./neomorph.py -p 1337 -m dump -e "68 65 6c 6c 6f 20 77 6f  72 6c 64 21 21 21 21 00"

Searching functions and disasm

./neomorph.py -p 1337 -m resolve -e freestyle
./neomorph.py -p 1337 -m dump -e 0x55fe33c87740 -O asm

Dumping functions

./neomorph.py -p 1337 -m dump -e freestyle -O asm

Export enum

./neomorph.py -p 1337 -m export -e libssl.so

Export enum with filter

./neomorph.py -p 1337 -m export -e libssl.so -x read