-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathfritap_all.py
47 lines (40 loc) · 1.18 KB
/
fritap_all.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# fritap_all.py: attach fritap to all subprocesses of a specific executable on windows
# make sure to install pywin32, psutil, frida, fritap first
import psutil
import subprocess
import atexit
import win32api
import win32con
PROCNAME = "CiscoJabber.exe"
processes = []
for proc in psutil.process_iter():
if proc.name() == PROCNAME:
print("Jabber PID:", proc.pid)
p = subprocess.Popen([
"friTap.exe",
"--pcap", f"{proc.pid}.pcap",
f"{proc.pid}"
# "-k", f"{proc.pid}.keys" - logging keys is only supported on linux
])
processes.append(p)
print("Frida PID:", p.pid)
print()
def win_kill(pid):
hProc = None
try:
hProc = win32api.OpenProcess(win32con.PROCESS_TERMINATE, 0, pid)
win32api.TerminateProcess(hProc, 0)
except Exception:
return False
finally:
if hProc != None:
hProc.Close()
return True
def cleanup():
for p in processes:
print("KILL", p, win_kill(p.pid))
# kill frida instances before exiting the script
atexit.register(cleanup)
# wait for CTRL+C until everything of interest was captured
input("wait...")
exit()