Frida API进阶-网络

文章目录

SocketSocketListenerSocketConnection代码示例Nagle algorithmJavaScript判断数据类型 公众号 在 聊天系统开发(1) 的文章中，对TCP/IP相关的网络编程进行了介绍。在 Frida API进阶-文件 对文件描述符、输入输出流进行了介绍。本篇文章集于此介绍Frida中网络相关的API。

Socket

Socket.listen([options]): open a TCP or UNIX listening socket. Returns a Promise that receives a SocketListener. Defaults to listening on both IPv4 and IPv6, if supported, and binding on all interfaces on a randomly selected TCP port.

Socket.connect(options): connect to a TCP or UNIX server. Returns a Promise that receives a SocketConnection.

Socket.type(handle): inspect the OS socket handle and return its type as a string which is either tcp, udp, tcp6, udp6, unix:stream, unix:dgram, or null if invalid or unknown.

Socket.localAddress(handle), Socket.peerAddress(handle): inspect the OS socket handle and return its local or peer address, or null if invalid or unknown. The object returned has the fields:

ip: (IP sockets) IP address as a string.port: (IP sockets) IP port as a number.path: (UNIX sockets) UNIX path as a string.

SocketListener

All methods are fully asynchronous and return Promise objects.

path: (UNIX family) path being listened on.port: (IP family) IP port being listened on.close(): close the listener, releasing resources related to it. Once the listener is closed, all other operations will fail. Closing a listener multiple times is allowed and will not result in an error.accept(): wait for the next client to connect. The returned Promise receives a SocketConnection.

SocketConnection

Inherits from IOStream. All methods are fully asynchronous and return Promise objects.

setNoDelay(noDelay): disable the Nagle algorithm if noDelay is true, otherwise enable it. The Nagle algorithm is enabled by default, so it is only necessary to call this method if you wish to optimize for low delay instead of high throughput.

代码示例

function frida_Java() { Java.perform(function () { var ip_family = new Object(); ip_family.family = "ipv4"; ip_family.host = "47.92.90.25"; ip_family.port = 7000; var socket = Socket.connect(ip_family); socket.then(function(successMessage){ console.log(successMessage instanceof SocketConnection); successMessage.setNoDelay(true); var promise = successMessage.input.read(1000); promise.then(function(result){ console.log(' burning'+hexdump(result,{lenght:1000})); }).catch(function(error){ console.log(' fail:'+error); }); });

运行结果如下，可以看出successMessage的类型是SocketConnection。

Nagle algorithm

在发出去的数据还没有被确认之前，假如又有小数据生成，那么就把小数据收集起来，凑满一个MSS或者等收到确认后再发送。

JavaScript判断数据类型

instanceof 是用来判断 A 是否为 B 的实例，表达式为：A instanceof B，如果 A 是 B 的实例，则返回 true,否则返回 false。 在这里需要特别注意的是：instanceof 检测的是原型。 由上图可以看出[]的原型指向Array.prototype，间接指向Object.prototype, 因此 [] instanceof Array 返回true， [] instanceof Object 也返回true。

其他的判断方式

typeoftoString Object.prototype.toString.call(window) ; //[object global] window 是全局对象 global 的引用constructor

公众号

更多Frida相关内容，欢迎关注我的微信公众号:无情剑客。