search

federicodotta / Brida

The new bridge between Burp Suite and Frida!
MIT License
1.65k stars 208 forks source link

Brida makes burp freeze #99

Closed mustafairan closed 8 months ago

mustafairan commented 2 years ago

Hi,

I'm hooking javax.crypto.Cipher.dofinal() function, print the input and output and call it again. However after a couple of seconds, it makes burp hang up. I need to kill burp and restart. What can I do to find the problem/bug?

Best.

federicodotta commented 2 years ago

Hi @mustafairan,

This strange behavior can be caused by many things (crash in frida-server, issues with the application, issues in the JS code, etc.) but I tried to code Brida to catch also this kind of exception.

Every time that a Brida function is called, there is a timer that interrupt the operation if it does not receive a feedback in 30 seconds. When you see that burp hangs up you can try to wait a minute. It should automatically handles the exception and stop the hanging operation.

Beside that, you can try to run your JS code directly from Frida, in order to see if you experience the same strange behavior also directly from Frida.

Federico

mustafairan commented 2 years ago

Hi @federicodotta , Just to eliminate cause of the problem;

As a note, I don't experience problem If I enable the hook after a couple of minutes after running the application. The application makes heavy crypto work especially at the beginning. I think, Brida (or Burp I dont know) cant handle that much of heavy work (or output ) and that is the part to focus on. I didn't know about the timeout you have mentioned. However I can tell that is not working and makes Burp responsive again in my case unfortunately.

Thanks

federicodotta commented 2 years ago

Hi @mustafairan,

Uhmmm... Your JS code produce tons of printed output? Usually what cause issues with Brida is if you print too much output, because the output goes from the device to the python daemon to Brida code. If you are working with code with a lot of Crypto operations and you are dumping all input and output of all of them, it can be the problem.

You can try to remove some debug print and check if it works better.

Please let me know if it works.

Federico

mustafairan commented 2 years ago

Yes, Problem might be it but I m not sure what can I do to solve. I don't print too much other than inputs and output of the crypto function. Inputs and outputs might be big but I don't know what to do to decrease without affecting the functionality of script. I think, another possibility is the raw output interferes with python/java/brida. I will try to encode bytecode output. Also, If I can find a public app trigger the same thing, I will give example.

federicodotta commented 2 years ago

Hi @mustafairan

Yes, you should avoid passing raw binary data from the app to Brida plugin. You should encode it in Base64 or similar and then decode it in Brida.

If you are using Brida custom plugin engine, various encoding/decoding functions are already implemented.

Federico

federicodotta commented 1 year ago

Hi @mustafairan,

The encoding to to the raw data fixed your issue?

Thanks, Federico

mustafairan commented 1 year ago

Hi @federicodotta

no actually. I guess volume of output is the problem. Thanks

federicodotta commented 1 year ago

Hi @mustafairan,

Yes, volume of output can definitely be an issue.

My advice is to execute the analysis step using Frida directly and after that phase switch to Brida using its custom plugin engine to take care of your crypto routines (encrypt/decrypt request and responses, apply signature, etc.).

Thanks, Federico