Awesome
Frida Python Tool
Dependencies
pip3 install frida-tools
Library injection example
Custom library injection
./neomorph.py -p 31337 -m inject -e libcustom.so -x entry_function
Interception example
Function interception
./neomorph.py -p 31337 -m intercept -e 0x13371337
SSL interception
./neomorph.py -p 31337 -m intercept -e SSL_write
./neomorph.py -p 31337 -m intercept -e SSL_read
Remote host SSL interception (package)
./neomorph.py -H 192.168.1.9:2313 -P org.mozilla.firefox -m intercept -e SSL_write -A 1 -s 10240 -O term
Spoofing example
Compile the program
gcc hello.c -o hello
Start the program
./hello
Spoof (string)
./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "hack the planet"
Spoof (hex)
./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "68 61 63 6b 20 74 68 65 20 70 6c 61 6e 65 74 00"
Spoof (mnemonic) - pip3 install capstone keystone
./neomorph.py -p 1337 -m spoof -e "0x7ffff7270eb0" -x "push r12; push r9; push r10; push rax; pop r12; pop rbx; push rax; mov eax, 0" -I asm -O asm
Custom javascript
./neomorph.py -p 1337 -j file.js
Usage
Pattern search
./neomorph.py -p 1337 -m pattern -e "hello world"
Dump on remote host
./neomorph.py -p 1337 -m dump -H 192.168.2.8:9443 -e "0x7f1ea3dbb683"
Dump by pattern
./neomorph.py -p 1337 -m dump -e "hello world" -I pattern
Dump by pattern (hex)
./neomorph.py -p 1337 -m dump -e "68 65 6c 6c 6f 20 77 6f 72 6c 64 21 21 21 21 00"
Searching functions and disasm
./neomorph.py -p 1337 -m resolve -e freestyle
./neomorph.py -p 1337 -m dump -e 0x55fe33c87740 -O asm
Dumping functions
./neomorph.py -p 1337 -m dump -e freestyle -O asm
Export enum
./neomorph.py -p 1337 -m export -e libssl.so
Export enum with filter
./neomorph.py -p 1337 -m export -e libssl.so -x read