我以前尝试过的事情是从SSL_get_wfd获取套接字fd,然后将其传递给getpeername。我也看了BIO对象/功能,但没有任何运气。尝试查看/usr/include/openssl中的openSSL实现,但随后再没有运气。
有人知道如何获取与openSSL套接字连接的远程IP地址(和端口)吗?
某些情况:
socket fd: 64 // the file descriptor doesn't look incorrect (to me)
after getaddress, socklen: 28 // the length of the plausible address also looks correct
sockaddr ptr: 0x7b0b0fcac0, val: 0x0 // the pointer is empty despite being allocated :(
编辑:我基于的文档:https://docs.huihoo.com/doxygen/openssl/1.0.1c/structssl__st.html
Frida具有与Socket相关的出色功能。
var address = Socket.peerAddress(fd);
// Assert address not null
console.log(fd, address.ip + ':' + address.port);
查看套接字活动;
Process
.getModuleByName({ linux: 'libc.so', darwin: 'libSystem.B.dylib', windows: 'ws2_32.dll' }[Process.platform])
.enumerateExports().filter(ex => ex.type === 'function' && ['connect', 'recv', 'send', 'read', 'write'].some(prefix => ex.name.indexOf(prefix) === 0))
.forEach(ex => {
Interceptor.attach(ex.address, {
onEnter: function (args) {
var fd = args[0].toInt32();
if (Socket.type(fd) !== 'tcp')
return;
var address = Socket.peerAddress(fd);
if (address === null)
return;
console.log(fd, ex.name, address.ip + ':' + address.port);
}
})
})
输出示例
$ frida -Uf com.example.app -l script.js --no-pause
[Android Model-X::com.example.app]->
117 write 5.0.2.1:5242
117 read 5.0.2.1:5242
135 write 5.0.2.1:4244
135 read 5.0.2.1:4244
135 read 5.0.2.1:4244