Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mac capture fail #35

Open
lilili87222 opened this issue Dec 15, 2024 · 5 comments
Open

mac capture fail #35

lilili87222 opened this issue Dec 15, 2024 · 5 comments
Assignees
@monkeywave
Labels
bug Something isn't working

Comments

@lilili87222
Copy link

[*] Ctrl+C detected. Cleaning up...

[-] Unknown error: 'int' object has no attribute 'poll'
Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/friTap.py", line 122, in main
while ssl_log.running:
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/ssl_logger.py", line 615, in signal_handler
self.pcap_cleanup(self.full_capture, self.mobile, self.pcap_name)
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/ssl_logger.py", line 545, in pcap_cleanup
self.pcap_obj.full_capture_thread.join(2.0)
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/pcap.py", line 132, in join
if self.android_capture_process and self.android_capture_process.poll() is None:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'int' object has no attribute 'poll'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/friTap.py", line 160, in main
ssl_log.pcap_cleanup(parsed.full_capture,parsed.mobile,parsed.pcap)
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/ssl_logger.py", line 545, in pcap_cleanup
self.pcap_obj.full_capture_thread.join(2.0)
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/pcap.py", line 132, in join
if self.android_capture_process and self.android_capture_process.poll() is None:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'int' object has no attribute 'poll'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.11.10/bin/fritap", line 8, in
sys.exit(main())
^^^^^^
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/friTap.py", line 164, in main
ssl_log.pcap_cleanup(parsed.full_capture,parsed.mobile,parsed.pcap)
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/ssl_logger.py", line 545, in pcap_cleanup
self.pcap_obj.full_capture_thread.join(2.0)
File "/Users/admin/.pyenv/versions/3.11.10/lib/python3.11/site-packages/friTap/pcap.py", line 132, in join
if self.android_capture_process and self.android_capture_process.poll() is None:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'int' object has no attribute 'poll'
@monkeywave
Copy link
Collaborator

Hi,

thx for reporting this issue. This should be resolved in the latest version of friTap (version 1.2.6.4)

@monkeywave monkeywave added the bug Something isn't working label Dec 16, 2024
@monkeywave monkeywave self-assigned this Dec 16, 2024
@lilili87222
Copy link
Author

I tried the latest version,but get nothing.
sudo python3 fritap.py -v -p log.pcap -k keys.log --enable_spawn_gating Instruments

@monkeywave
Copy link
Collaborator

Hi,

Thank you for your feedback.

It seems that the original issue related to the error message:

"AttributeError: 'int' object has no attribute 'poll'"

may now be resolved. Could you please confirm if that specific issue is indeed fixed?

Regarding your current concern, it’s not entirely clear what exactly isn’t working as expected. Are you not seeing any output, are keys not being logged, or is the PCAP file empty? Understanding the exact nature of the problem will help in diagnosing it more effectively.

If the original issue is resolved but you’re encountering a new, unrelated issue (for example, missing logs or an empty PCAP), I kindly ask that you create a new issue for better tracking and organization. In this new issue, please provide as much detail as possible, including:

  • A clear description of the problem (e.g., "no keys are being logged" or "the PCAP is empty").
  • The target application you are trying to hook (as it may be using a TLS implementation that friTap does not yet support).
  • Any relevant logs, error messages, or output that might help in troubleshooting.

For guidance on how to create a helpful issue, please refer to the instructions available here:
How to seek further assistance

Looking forward to your response so we can assist you more effectively.

All the best

Daniel

@lilili87222
Copy link
Author

both log.pcap file and keys.log are empty.

fritap -v -p log.pcap -k keys.log --debug Instruments
Start logging
Press Ctrl+C to stop logging

[*] capturing only plaintext data

[!] running in debug mode
[!] Chrome Inspector server listening on port 1337
[!] Open Chrome with chrome://inspect for debugging

[] Running Script on MacOS
[] MacOS dynamic loader hooked.
[] Logging TLS plaintext as pcap to log.pcap
[] Logging keylog file to keys.log
^C
[] Ctrl+C detected. Cleaning up...
[] Attempting to detach from Frida process...
[*] Successfully detached from Frida process.

Thx for using friTap
Have a great day

@monkeywave
Copy link
Collaborator

Hi,

thank you for your update and for providing the logs. It’s great to hear that the initial issue is resolved :-)

Regarding the current challenge with extracting the TLS key material, I’d like to offer some guidance and gather a bit more information so we can move forward effectively.

1️⃣ Operating System Details
I see that you're running macOS, but to better understand your environment, could you please share the macOS version you're using? This information helps ensure compatibility, as certain system libraries may differ between macOS versions. Also the CPU architecture is helpful as well.

2️⃣ Target Application
Since friTap hooks into the TLS library used by the target application, it's essential to know which application you’re targeting. Different apps may use different libraries (like OpenSSL, BoringSSL, etc.), and this affects how friTap can hook into them.
If possible, it would be helpful to know which app you’re analyzing, as this could allow us to fine-tune support for that specific library. Are you trying to extract the TLS key material of the application Instruments? Are you sure that this application is doing some sort of TLS communication?

3️⃣ TLS Library
From the logs, it appears that no TLS libraries were detected, which explains why no key material was captured. This could happen if the library being used is currently unsupported or if it wasn't properly detected.
If you have any insights into which TLS library the target app is using (like OpenSSL, BoringSSL, etc.), that would be valuable information to help improve friTap's support for macOS/iOS.

Once I have this information, I’ll do my best to assist you further. Our goal is to continually improve friTap’s coverage and library support, so your input here is incredibly valuable. Looking forward to your response

All the best

Daniel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monkeywave monkeywave

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lilili87222 @monkeywave