Skip to content
Datajack Proxy allows you to intercept TLS traffic in native x86 applications across platforms
JavaScript Python
Branch: master
Clone or download
Caleb Watt
Caleb Watt Merge branch 'development' into 'master'
Windows TLS intercept support for Schannel EncryptMessage and DecryptMessage

See merge request cwatt/DatajackProxy!6
Latest commit f75f3a3 Jul 20, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
InjectableScripts Added Windows Schannel DecryptMessage intercept, but not modify. Jul 21, 2019
DEPENDENCIES Fixed issues #5 and also closing issue #2. Bytes outside can be sent.… Dec 29, 2018
DJPWindowsFile.txt Added Windows Schannel DecryptMessage intercept, but not modify. Jul 21, 2019
DatajackProxy.py Added Windows Schannel DecryptMessage intercept, but not modify. Jul 21, 2019
LICENSE
README.md Added Windows Schannel DecryptMessage intercept, but not modify. Jul 21, 2019

README.md

Datajack Proxy

Datajack Proxy a tool to intercept non-HTTP traffic between a native application and a server. This would allow for communications interception and modification, even if encryption and certificate pinning were in use. This is done by hooking the application and intercepting calls to common socket and TLS libraries, and reading the data prior to encryption (for outbound) and after decryption (for inbound).

This is accomplished by injecting JavaScript into the native process using the Frida API.

Features

  • Inject into process
    • Linux (Using OpenSSL SSL_Read and SSL_Write)
    • Windows (Using schannel EncryptMessage [DecryptMessage todo])
  • Read/write data prior to outbound encryption on Linux
  • Read/write data after inbound decryption on Linux
  • Read data prior to outbound encryption on Windows (write is todo)

Note: Currently only Linux and Windows are supported. Linux supports the OpenSSL calls SSL_Write and SSL_Read.

Usage

Help

python DatajackProxy.py -h

Attach

Attach to existing process <pid>

python DatajackProxy.py -p <pid>

Attach to existing process with name <processName>

python DatajackProxy.py -n <processName>

Attach to Windows process with name OUTLOOK.EXE

python DatajackProxy.py -n OUTLOOK.EXE -o windows

Requirements and Installation

  • Python 3
  • Frida API
  1. Assuming you have python 3, install Frida with pip pip3 install frida
  2. Clone DataJack Proxy git clone git@gitlab.na.nccgroup.com:cwatt/DatajackProxy.git
You can’t perform that action at this time.