-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathweb.py
More file actions
458 lines (391 loc) · 19.8 KB
/
web.py
File metadata and controls
458 lines (391 loc) · 19.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
import streamlit as st
import requests
import json
import os
import time
# Set page config
st.set_page_config(
page_title="Frida Automation Tool",
page_icon="🔍",
layout="wide",
initial_sidebar_state="expanded"
)
# API URL
API_URL = "http://localhost:8000"
# Helper functions
def get_api_response(endpoint, method="GET", data=None):
try:
if method == "GET":
response = requests.get(f"{API_URL}{endpoint}", timeout=10)
elif method == "POST":
response = requests.post(f"{API_URL}{endpoint}", json=data, timeout=10)
return response.json()
except requests.exceptions.ConnectionError:
st.error("❌ Cannot connect to API server. Make sure the API is running.")
return {"status": "error", "message": "Cannot connect to API server"}
except Exception as e:
st.error(f"❌ Error: {str(e)}")
return {"status": "error", "message": str(e)}
# Sidebar navigation
st.sidebar.title("Frida Automation Tool")
st.sidebar.image("https://frida.re/img/logotype.svg", width=200)
page = st.sidebar.radio("Navigation", ["Device Status", "Frida Server", "Applications", "Script Injection", "Scripts"])
# Style
st.markdown("""
<style>
.success-box {
padding: 10px;
background-color: #d4edda;
border-left: 5px solid #28a745;
margin-bottom: 10px;
}
.error-box {
padding: 10px;
background-color: #f8d7da;
border-left: 5px solid #dc3545;
margin-bottom: 10px;
}
.info-box {
padding: 10px;
background-color: #e7f3fe;
border-left: 5px solid #2196F3;
margin-bottom: 10px;
}
.warning-box {
padding: 10px;
background-color: #fff3cd;
border-left: 5px solid #ffc107;
margin-bottom: 10px;
}
</style>
""", unsafe_allow_html=True)
# Device Status Page
if page == "Device Status":
st.title("Device Status")
# Create columns for better layout
col1, col2 = st.columns(2)
with col1:
# Device connection status
with st.container():
st.subheader("Device Connection")
if st.button("Check Device Connection", key="check_device"):
device_result = get_api_response("/device")
if device_result.get("status") == "success":
st.markdown('<div class="success-box">✅ Device connected</div>', unsafe_allow_html=True)
st.json(device_result)
else:
st.markdown('<div class="error-box">❌ No device connected</div>', unsafe_allow_html=True)
st.json(device_result)
# Device architecture
with st.container():
st.subheader("Device Architecture")
if st.button("Get Device Architecture", key="get_arch"):
arch_result = get_api_response("/device/arch")
st.json(arch_result)
# Check if device is emulator
with st.container():
st.subheader("Emulator Check")
if st.button("Check if Emulator", key="check_emulator"):
emulator_result = get_api_response("/device/is-emulator")
if emulator_result.get("is_emulator") == True:
st.markdown('<div class="info-box">📱 Device is an emulator</div>', unsafe_allow_html=True)
else:
st.markdown('<div class="info-box">📱 Device is a physical device</div>', unsafe_allow_html=True)
st.json(emulator_result)
with col2:
# List available Frida devices
with st.container():
st.subheader("Frida Devices")
if st.button("List Frida Devices", key="list_frida_devices"):
devices_result = get_api_response("/frida/devices")
if devices_result.get("status") == "success" and devices_result.get("devices"):
st.write(f"Found {len(devices_result['devices'])} devices")
for device in devices_result["devices"]:
st.markdown(f"**{device.get('name')}** ({device.get('id')})")
else:
st.markdown('<div class="warning-box">⚠️ No Frida devices found</div>', unsafe_allow_html=True)
st.json(devices_result)
# List running processes
with st.container():
st.subheader("Running Processes")
if st.button("List Running Processes", key="list_processes"):
processes_result = get_api_response("/processes")
if processes_result.get("status") == "success" and processes_result.get("processes"):
st.write(f"Found {len(processes_result['processes'])} processes")
st.dataframe(processes_result["processes"])
else:
st.markdown('<div class="warning-box">⚠️ Could not retrieve processes</div>', unsafe_allow_html=True)
st.json(processes_result)
# Full diagnostics
st.subheader("Frida Diagnostics")
if st.button("Run Full Diagnostics", key="diagnostics"):
with st.spinner("Running diagnostics..."):
diagnostics = get_api_response("/frida/diagnostics")
if diagnostics.get("status") == "success":
# Display summary
if "summary" in diagnostics:
if "not installed" in diagnostics["summary"]:
st.markdown(f'<div class="warning-box">⚠️ {diagnostics["summary"]}</div>', unsafe_allow_html=True)
elif "not running" in diagnostics["summary"]:
st.markdown(f'<div class="warning-box">⚠️ {diagnostics["summary"]}</div>', unsafe_allow_html=True)
elif "connectivity issues" in diagnostics["summary"]:
st.markdown(f'<div class="warning-box">⚠️ {diagnostics["summary"]}</div>', unsafe_allow_html=True)
else:
st.markdown(f'<div class="success-box">✅ {diagnostics["summary"]}</div>', unsafe_allow_html=True)
# Create tabs for different sections
tab1, tab2, tab3 = st.tabs(["Device", "Frida Server", "Environment"])
with tab1:
st.json(diagnostics.get("device_connection", {}))
with tab2:
st.json(diagnostics.get("frida_server", {}))
with tab3:
st.json(diagnostics.get("environment", {}))
else:
st.markdown('<div class="error-box">❌ Error running diagnostics</div>', unsafe_allow_html=True)
st.json(diagnostics)
# Frida Server Page
elif page == "Frida Server":
st.title("Frida Server Management")
# Check if Frida server is running
with st.container():
st.subheader("Frida Server Status")
if st.button("Check Frida Server Status", key="check_frida"):
frida_result = get_api_response("/frida/status")
if frida_result.get("running") == True:
st.markdown('<div class="success-box">✅ Frida server is running</div>', unsafe_allow_html=True)
else:
st.markdown('<div class="error-box">❌ Frida server is not running</div>', unsafe_allow_html=True)
st.json(frida_result)
# Start Frida server
with st.container():
st.subheader("Start Frida Server")
col1, col2 = st.columns([3, 1])
with col1:
st.markdown("""
This will automatically:
1. Check if device is connected
2. Download Frida server if needed
3. Start Frida server on the device
""")
with col2:
if st.button("Start Frida Server", key="start_frida"):
with st.spinner("Starting Frida server..."):
start_result = get_api_response("/frida/start")
if start_result.get("status") == "success":
st.markdown('<div class="success-box">✅ Frida server started successfully</div>', unsafe_allow_html=True)
else:
st.markdown('<div class="error-box">❌ Failed to start Frida server</div>', unsafe_allow_html=True)
st.json(start_result)
# Download Frida server
with st.container():
st.subheader("Download Frida Server")
col1, col2 = st.columns([3, 1])
with col1:
version = st.text_input("Frida Version (leave empty for latest)", key="frida_version")
arch = st.text_input("Architecture (leave empty for auto-detection)", key="frida_arch")
with col2:
st.write("Download Options")
if st.button("Download Server", key="download_frida"):
download_data = {}
if version:
download_data["version"] = version
if arch:
download_data["arch"] = arch
with st.spinner("Downloading Frida server..."):
download_result = get_api_response("/frida/download", method="POST", data=download_data)
if download_result.get("status") == "success":
st.markdown('<div class="success-box">✅ Frida server downloaded successfully</div>', unsafe_allow_html=True)
else:
st.markdown('<div class="error-box">❌ Failed to download Frida server</div>', unsafe_allow_html=True)
st.json(download_result)
# Auto setup (download and start)
with st.container():
st.subheader("Auto Setup")
col1, col2 = st.columns([3, 1])
with col1:
st.markdown("""
One-click solution to:
1. Check device connection
2. Download the latest Frida server
3. Start Frida server
""")
with col2:
if st.button("Auto Setup", key="auto_setup"):
with st.spinner("Setting up Frida..."):
setup_result = get_api_response("/frida/auto-setup", method="POST")
if setup_result.get("status") == "success":
st.markdown('<div class="success-box">✅ Frida server setup completed successfully</div>', unsafe_allow_html=True)
else:
st.markdown('<div class="error-box">❌ Failed to setup Frida server</div>', unsafe_allow_html=True)
st.json(setup_result)
# Applications Page
elif page == "Applications":
st.title("Installed Applications")
# Filter section
with st.container():
st.subheader("Filter Applications")
col1, col2 = st.columns([3, 1])
with col1:
filter_keyword = st.text_input("Filter by keyword (e.g., 'com.android', 'google')", key="filter_keyword")
with col2:
if st.button("Apply Filter", key="apply_filter"):
with st.spinner("Fetching applications..."):
if filter_keyword:
packages_result = get_api_response("/packages/filter", method="POST", data={"filter_keyword": filter_keyword})
else:
packages_result = get_api_response("/packages")
if packages_result.get("status") == "success" and packages_result.get("packages"):
st.session_state.packages = packages_result.get("packages")
st.success(f"Found {len(packages_result['packages'])} applications")
else:
st.warning("No applications found or error occurred")
st.session_state.packages = []
# List all applications
with st.container():
st.subheader("All Applications")
if st.button("List All Applications", key="list_all"):
with st.spinner("Fetching all applications..."):
packages_result = get_api_response("/packages")
if packages_result.get("status") == "success" and packages_result.get("packages"):
st.session_state.packages = packages_result.get("packages")
st.success(f"Found {len(packages_result['packages'])} applications")
else:
st.warning("No applications found or error occurred")
st.session_state.packages = []
# Display applications table
if hasattr(st.session_state, 'packages') and st.session_state.packages:
st.dataframe(st.session_state.packages)
# Script Injection Page
elif page == "Script Injection":
st.title("Script Injection")
# Get available scripts
@st.cache_data(ttl=300)
def get_available_scripts():
scripts_result = get_api_response("/scripts")
if scripts_result.get("status") == "success" and scripts_result.get("scripts"):
return scripts_result.get("scripts")
return []
scripts = get_available_scripts()
script_names = [script["name"] for script in scripts] if scripts else []
# Script injection form
with st.container():
st.subheader("Inject Script")
col1, col2 = st.columns(2)
with col1:
package_name = st.text_input("Package Name (e.g., com.android.chrome)", key="inject_package")
script_name = st.selectbox("Select Script", script_names, key="inject_script")
spawn = st.checkbox("Spawn New Process", value=True, key="inject_spawn")
with col2:
st.markdown("""
### Injection Notes:
- Package name must be exact
- Device must be rooted for direct injection
- For non-rooted devices, try Objection
""")
st.markdown('<div class="warning-box">⚠️ Make sure Frida server is running before injection</div>', unsafe_allow_html=True)
if script_names:
selected_script = next((s for s in scripts if s["name"] == script_name), None)
if selected_script:
st.markdown(f"**Description**: {selected_script.get('description', 'No description available')}")
if st.button("Inject Script", key="do_inject"):
with st.spinner("Injecting script..."):
inject_data = {
"package_name": package_name,
"script_path": script_name,
"spawn": spawn
}
inject_result = get_api_response("/inject", method="POST", data=inject_data)
if inject_result.get("status") == "success":
st.markdown('<div class="success-box">✅ Script injected successfully</div>', unsafe_allow_html=True)
else:
st.markdown('<div class="error-box">❌ Script injection failed</div>', unsafe_allow_html=True)
# Special handling for non-rooted device errors
if inject_result.get("details", {}).get("error_type") == "non_rooted_device":
st.markdown("""
<div class="warning-box">
<h3>Non-Rooted Device Detected</h3>
<p>Your device is not rooted. Try these alternatives:</p>
<ol>
<li><strong>Objection:</strong> <code>pip install objection</code><br>
<code>objection --gadget package_name explore</code><br>
<code>android sslpinning disable</code></li>
<li><strong>Repackage the app:</strong> <code>objection patchapk -s <path-to-apk></code></li>
<li><strong>Use a rooted emulator</strong> like Genymotion or modified AVD</li>
</ol>
</div>
""", unsafe_allow_html=True)
st.json(inject_result)
else:
st.warning("No scripts available. Add scripts in the Scripts section.")
# Scripts Management Page
elif page == "Scripts":
st.title("Script Management")
# Get available scripts
@st.cache_data(ttl=300)
def get_available_scripts():
scripts_result = get_api_response("/scripts")
if scripts_result.get("status") == "success" and scripts_result.get("scripts"):
return scripts_result.get("scripts"), scripts_result.get("directory")
return [], ""
scripts, scripts_dir = get_available_scripts()
# Show available scripts
with st.container():
st.subheader("Available Scripts")
if scripts:
for script in scripts:
with st.expander(f"{script['name']} - {script.get('description', 'No description')}"):
st.markdown(f"**Path**: `{script['path']}`")
st.markdown(f"**Description**: {script.get('description', 'No description available')}")
else:
st.info("No scripts available. Upload a script below.")
# Upload new script
with st.container():
st.subheader("Upload New Script")
with st.form("upload_form"):
uploaded_file = st.file_uploader("Choose a JavaScript file", type="js")
script_name = st.text_input("Script Name (optional)")
script_description = st.text_area("Script Description")
submit_button = st.form_submit_button("Upload Script")
if submit_button and uploaded_file is not None:
# Create form data
files = {"file": uploaded_file}
data = {}
if script_name:
data["name"] = script_name
if script_description:
data["description"] = script_description
# Make the upload request
try:
response = requests.post(f"{API_URL}/upload/script", files=files, data=data)
result = response.json()
if result.get("status") == "success":
st.success("Script uploaded successfully")
st.experimental_rerun() # Refresh the page to show the new script
else:
st.error(f"Failed to upload script: {result.get('message', 'Unknown error')}")
except Exception as e:
st.error(f"Error uploading script: {str(e)}")
# Script directory information
with st.container():
st.subheader("Script Directory")
st.info(f"Scripts are stored in: {scripts_dir}")
st.markdown("""
### Creating Custom Scripts
Scripts should follow this format:
```javascript
// Description: Your script description here
Java.perform(function() {
console.log("Script loaded");
// Your code here
// Example: Bypass SSL pinning
var SSLContext = Java.use('javax.net.ssl.SSLContext');
SSLContext.init.implementation = function(keyManagers, trustManagers, secureRandom) {
console.log('[+] Bypassing SSL Pinning');
this.init(keyManagers, null, secureRandom);
};
});
```
""")
# Run the Streamlit app
if __name__ == "__main__":
st.write("Streamlit app is running!")