其实这个东西就是为了上篇文章的内容准备的,传送门。
1:下载安装Qt
http://qt-project.org/downloads
我下载的是Qt 5.0.2 for Mac (404 MB) (Info)
安装起来还挺方便的。不过要记住安装的路径,后面会用到
Android APK installer for Windows/Linux/Mac OSX
其实想写这么个东西是很久之前的想法了,那时候还在厦门,还没有回到山东,很多的东西也不是现在的样子。很多的东西总是充满了变数和无奈,很多的东西也在自然不自然的过程中到了现在的样子。而至于这个东西也只是简单的说几句吧,基于pyqt开发,目标是跨平台运行在Windows ,Linux,Mac OSX下。现在已经能够在windows下正常使用了,另外mac和linux下的pyqt安装略麻烦一点,网络也不咋地所以还没测试。需要完成的代码还有apk关联,另外启动的时候在不同的环境下可能出现黑框,看起来很蛋疼,在找找原因吧,时机合适了开放源码。
mitmproxy
mitmproxy是一款支持SSL的HTTP代理,它可以用于调试HTTP通信,发起中间人攻击等。mitmproxy提供了一个控制台接口用于动态拦 截和编辑HTTP数据包。mitmdump是mitmproxy的命令行版本,功能与其相同。
link:http://www.mitmproxy.org/
mitmproxy的主要特点:
Intercept and modify HTTP traffic on the fly
Save HTTP conversations for later replay and analysis
Replay both HTTP clients and servers
Make scripted changes to HTTP traffic using Python
SSL interception certs generated on the fly
Python tools for VS2012
PTVS is a free/OSS plugin that turns Visual Studio into a Python IDE. PTVS supports CPython, IronPython, Editing, Browsing, Intellisense, Debugging, Profiling, HPC Clusters, Multiple REPL’s, IPython, Django, and Cloud computing with Client Libraries for Windows, Linux and MacOS. This is an officially supported product from Microsoft’s Developer Division.
如果喜欢用vs勊考虑用这个插件来实现在vs中进行代码编写和调试,简单的测试了一下,发现如果新建工程调试的时候断点是有效的,但是如果是单一文件作为脚本调试,断点无法正常中断。当然作为一个alphra版本的软件做到这样已经不错了。
Python加载的文件哪里去了?(2)
其实这个标题并不确切,其实应该是ImmDbg调试器加载的文件哪里去了。加载文件脚本还是下面的样子:
"""
(c) Mars Security. 2009-2012
Institute Of Information Serurity From Mars
Email:root@h4ck.ws
U{By obaby. http: //www.h4ck.org.cn}
"""
#sys.path.append("C:\\Program Files\\Immunity Inc\\Immunity Debugger\\Libs")
DESC="""Load Binary file test!"""
import immlib
import immutils
import os
def main(args):
imm = immlib.Debugger()
imm.log ("--------------------------------------------------------------------------------" )
imm.log ("[*] Start Loading file " )
imm.log ("--------------------------------------------------------------------------------" )
rcFileHandle = open ('C:\\test.bin','rb')
rcFileData = rcFileHandle.read()
rcFileLength = len(rcFileData)
imm.log ("[*] FileLength is 0x%08x and filedata is loaded at address 0x%08x" %(rcFileLength,id(rcFileData)))
imm.log ("[*] Finished Loading " )
imm.log ("--------------------------------------------------------------------------------" )
return "[*] Data has been Loaded!"
Python加载的文件哪里去了?
在上一篇文章中提到一个问题就是加载的文件不知道哪里去了,虽然用id()函数可以看到加载的地址。但是这个地址在访问的时候却是要么地址不可用,要么就是和文件中的数据不同。于是直接用Python测试了一下。测试代码就是上面的样子。
基于ImmDbg的Python内存注射
其实上一篇文章完全是拷贝来的,目的是做个本地备份。 😀 最近开始将一些工作转移到ImmDbg,在此之前是想在OD的脚本中做一些简单的工作来实现一些内存数据的修改以及写入功能,但是事实上由于OD脚本的API函数有限,要实现诸如文件读取之类的工作发现基本没什么可能,当然了也有可能是因为自己孤陋寡闻, :8 如果谁知道相关的APi还望不吝赐教。 
Starting to write Immunity Debugger PyCommands : my cheatsheet 『Rw』
When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to improve my exploit development experience.
Despite the fact that the command line oriented approach in windbg has many advantages, it appeared not the best tool to search for good jump addresses, or to list non-safeseh compiled / non-aslr aware modules, etc…. Ok, looking for a simple “jmp esp” is trivial, but what if you are looking for all pop pop ret combinations in non-safeseh compiled modules… Not an easy task.
It is perfectly possible to build plugins for Windbg, but the ones that I have found (MSEC, byakugan (Metasploit)) don’t always work the way I want them to work, and would still not solve some issues I was having while writing exploits.
OllyDbg and Immunity Debugger are quite different than windbg. Not only the GUI is very much different, the number of plugins for these debuggers is substantially higher. After evaluating both of them (they pretty much have the same look and feel), and evaluating the way plugins can be added, I made the decision to focus on Immunity Debugger.
That does not mean OllyDbg is a bad debugger or is limited in what you can do in terms of writing plugins… I just found it harder to “quickly tweak a plugin” while building an exploit. OllyDbg plugins are compiled into dll’s, so changing a plugin would require me to recompile and test. Immunity Debugger uses python scripts. I can go into the script, make a little change, and see the results right away. Simple.