Пример #1
0
def display_SEARCH_METHODS(a, x, classes, package_name, method_name,
                           descriptor):
    print "Search method", package_name, method_name, descriptor
    analysis.show_Paths(
        a,
        x.get_tainted_packages().search_methods(package_name, method_name,
                                                descriptor))
Пример #2
0
    def run_bowser(self):
        """
        Run the bowser toolkit
        """

        # Search for parseUri()
        #
        x = analysis.uVMAnalysis(self.apks.get_vm())

        if x:
            print(
                t.green("[{0}] ".format(datetime.now()) +
                        t.yellow("Searching for parseUri()")))
            analysis.show_Paths(
                self.apks,
                x.get_tainted_packages().search_methods(".", "parseUri", "."))

            print(
                t.green("[{0}] ".format(datetime.now()) +
                        t.yellow("Searching for loadUrl()")))
            analysis.show_Paths(
                self.apks,
                x.get_tainted_packages().search_methods(".", "loadUrl", "."))

            print(
                t.green("[{0}] ".format(datetime.now()) +
                        t.yellow("Searching for addJavascriptInterface()")))
            analysis.show_Paths(
                self.apks,
                x.get_tainted_packages().search_methods(
                    ".", "addJavascriptInterface", "."))
def display_PERMISSION(a, x, classes):

    # get database connection from DBConnectionManager
    db_connection = DBConnectManager().get_connection(analysis_init_default_value.APP_NAME)

    if db_connection is not None:
        cursor = db_connection.cursor()
        # Show methods used by permission
        perms_access = x.get_tainted_packages().get_permissions( [] )
        for perm in perms_access:
            #add perm to table PERMISSIONS
            try:
                # Execute the SQL command
                cursor.execute("""INSERT INTO PERMISSIONS (permission_name, permission_des) VALUES (%s,%s)""",
                               (perm, ''))
                # Commit your changes in the database
                db_connection.commit()
            except MySQLdb.Error, e:
                # Rollback in call
                print "MySQL Error [%d]: %s" % (e.args[0], e.args[1])
                print "MySQL Roll back..."
                db_connection.rollback()
            print "PERM : ", perm
            analysis.show_Paths( a, perms_access[ perm ], analysis_init_default_value.A_PERMISSION, perms_access.keys().index(perm) + 1)
Пример #4
0
    def run_bowser(self):

        """
        Run the bowser toolkit
        """

        # Search for parseUri()
        #
        x = analysis.uVMAnalysis(self.apks.get_vm())

        if x:
            print(t.green("[{0}] ".format(datetime.now()) +
                          t.yellow("Searching for parseUri()")))
            analysis.show_Paths(self.apks, x.get_tainted_packages().search_methods(".", "parseUri", "."))

            print(t.green("[{0}] ".format(datetime.now()) +
                          t.yellow("Searching for loadUrl()")))
            analysis.show_Paths(self.apks, x.get_tainted_packages().search_methods(".", "loadUrl", "."))

            print(t.green("[{0}] ".format(datetime.now()) +
                          t.yellow("Searching for addJavascriptInterface()")))
            analysis.show_Paths(self.apks, x.get_tainted_packages().search_methods(".", "addJavascriptInterface", "."))
Пример #5
0
def print_xref(d, obj):
    for xref in obj.XREFfrom.items:
        print show_Paths(d, xref[1])
def display_OBJECT_CREATED(a, x, class_name):
    print "Search object", class_name
    analysis.show_Paths( a, x.get_tainted_packages().search_objects( class_name ), analysis_init_default_value.A_OBJECT_CREATED )
def display_SEARCH_METHODS(a, x, classes, package_name, method_name, descriptor):
    print "Search method", package_name, method_name, descriptor
    analysis.show_Paths( a, x.get_tainted_packages().search_methods( package_name, method_name, descriptor), analysis_init_default_value.A_SEARCH_METHODS )
def display_SEARCH_PACKAGES(a, x, classes, package_name):
    print "Search package", package_name
    analysis.show_Paths( a, x.get_tainted_packages().search_packages( package_name ), analysis_init_default_value.A_PACKAGES )
Пример #9
0
#more info about a method
for x in d.get_methods():
    break
    x.pretty_show()

"""search for a specific method
@param class_name : a regexp for the class name of the method (the package)
@param name : a regexp for the name of the method
@param descriptor : a regexp for the descriptor of the method
@rtype : a list of called methods' paths
"""
#analysis.show_Paths(d, dx.tainted_packages.search_methods(".", "getInstance", "."))

#show usage of specific package (for example:crypto usage)
analysis.show_Paths(d, dx.get_tainted_packages().search_crypto_packages() )
analysis.show_Paths(d, dx.get_tainted_packages().search_packages("Ljava/security/") )
#this method does the same as one above
#for m, _ in dx.get_tainted_packages().search_packages("Ljavax/crypto/") :
#     m.show()
#for m, _ in dx.get_tainted_packages().search_packages("Ljava/security/") :
#     m.show()


f = open(PATH_OUTPUT, 'w')
#way to get source code
vmx = analysis.VMAnalysis(d)
for method in d.get_methods():
    mx = vmx.get_method(method)
    if method.get_code() == None:
      continue
Пример #10
0
    def run_search_method(apks, x, clz, method):

        analysis.show_Paths(apks, x.get_tainted_packages().search_methods(clz, method, "."))
Пример #11
0
def display_OBJECT_CREATED(a, x, class_name):
    print("Search object", class_name)
    analysis.show_Paths( a, x.get_tainted_packages().search_objects( class_name ) )
Пример #12
0
def display_PERMISSION(a, x, classes):
    # Show methods used by permission
    perms_access = x.get_tainted_packages().get_permissions( [] )
    for perm in perms_access:
        print("PERM : ", perm)
        analysis.show_Paths( a, perms_access[ perm ] )
Пример #13
0
def display_SEARCH_METHODS(a, x, classes, package_name, method_name, descriptor):
    print("Search method", package_name, method_name, descriptor)
    analysis.show_Paths( a, x.get_tainted_packages().search_methods( package_name, method_name, descriptor) )
Пример #14
0
def display_SEARCH_PACKAGES(a, x, classes, package_name):
    print("Search package", package_name)
    analysis.show_Paths( a, x.get_tainted_packages().search_packages( package_name ) )
Пример #15
0
    def run_search_method(apks, x, clz, method):

        analysis.show_Paths(
            apks,
            x.get_tainted_packages().search_methods(clz, method, "."))