How to include an arbitrary number of parameters?

federicodotta / Brida

The new bridge between Burp Suite and Frida!

MIT License

1.64k stars 207 forks source link

How to include an arbitrary number of parameters? #75

Closed Bi3g0 closed 3 years ago

Bi3g0 commented 3 years ago

I can’t use multiple parameters in IHttpListener-internal-plugin. I refer to the link below but I don’t know how to set it.

https://github.com/federicodotta/Brida/wiki/IHttpListener-internal-plugin

Parameters: Regex (with parenthesis) - password=(.*) (we can define a regex that can include an arbitrary number of parameters using regex groups. In our plugin we want to pass as parameter to the Frida exported function only the password field and our regex accomplishes this task; Brida offers many different options to pass argument like full request/response, body, headers, dynamic feed with popup, ...)

Can someone give me an example of regex groups？

federicodotta commented 3 years ago

Hi @Bi3g0,

in order to pass multiple parameters it is sufficient to use multiple couples of parentheses. An example is the following one:

username=(.*?)&password=(.*?)

In the JS file you will simply define an exported functions with two (or more depending on the number of regex groups) arguments. The value extracted from the first group will be supplied as first argument to the JS exported function, the second one the same and so on.

Federico

Bi3g0 commented 3 years ago

Thank you for your reply.

I also want to know how to match the \n\r in the request. I used \n in the regex, but it didn't work. For example, I want to match the path and ocs of the request below, how should I match them?

path = /gamesdk/v2/user/login

ocs = LKJLSDFJJJIPSDFSS123

GET /gamesdk/v2/user/login?pkgName=com.test.offlinesdk&token=Tbk1jn1kl1234lkj HTTP/1.1 sign: fafeacec0af0396e12086b838802fd26 clientTime: 1617269423777 rom: V6.0.1 rsq: 18916 sdkversion: 202306 host: isdk.test.com net: wifi ocs: LKJLSDFJJJIPSDFSS123 Accept: application/x-protostuff; charset=UTF-8 ch: 2401 h: 1080 appversion: 2.0.15 mk_mix_id: 456E7C2CFBACC841C632F3E075141C73 ct: 1617269423783 t: 1617269423758 w: 2340 Connection: close Accept-Encoding: gzip, deflate

federicodotta commented 3 years ago

Hi @Bi3g0,

this regex should work for you:

(?s)GET\s(.*?)\?.*ocs:\s(.*?)\R

Where:

Initial (?s) enable Java Pattern.DOTALL regex flag, that allows the dot (.) to match also a new line
\R from Java 8 matches any entire new line (\r, \n, \r\n, etc.)

Pay attention that the regex works only in this particular situation. If you can have for example URLs without parameters and consequently the '?' char you have to tune the regex.

Federico

Bi3g0 commented 3 years ago

Got it！ Thanks for your Help.