-
Notifications
You must be signed in to change notification settings - Fork 32
/
ios-webinspector-enable.js
51 lines (45 loc) · 1.83 KB
/
ios-webinspector-enable.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
/*
Description: iOS Enable WebInspector
Usage: frida -U -f XXX -l ios-webinspector-enable.js
Credit: leolashkevych
Enable WebView debugging for all iOS apps. Before running the script, enable Web Inspector in Safari settings
(see https://github.com/OWASP/owasp-mastg/blob/master/Document/0x06h-Testing-Platform-Interaction.md#safari-web-inspector).
Jailbreak required.
*/
const CFRelease = new NativeFunction(Module.findExportByName(null, 'CFRelease'), 'void', ['pointer']);
const CFStringGetCStringPtr = new NativeFunction(Module.findExportByName(null, 'CFStringGetCStringPtr'),'pointer', ['pointer', 'uint32']);
const kCFStringEncodingUTF8 = 0x08000100;
const SecTaskCopyValueForEntitlement = Module.findExportByName(null, 'SecTaskCopyValueForEntitlement');
const entitlements = [
'com.apple.security.get-task-allow',
'com.apple.webinspector.allow',
'com.apple.private.webinspector.allow-remote-inspection',
'com.apple.private.webinspector.allow-carrier-remote-inspection'
];
Interceptor.attach(SecTaskCopyValueForEntitlement,
{
onEnter: function(args)
{
const pEntitlement = CFStringGetCStringPtr(args[1], kCFStringEncodingUTF8)
const entitlement = Memory.readUtf8String(pEntitlement)
if (entitlements.indexOf(entitlement) > -1)
{
this.shouldOverride = true
this.entitlement = entitlement
}
},
onLeave: function(retVal)
{
if (this.shouldOverride)
{
console.log('Overriding value for entitlement: ', this.entitlement)
if (!retVal.isNull())
{
console.log('Old value: ', retVal)
CFRelease(retVal)
}
retVal.replace(ObjC.classes.NSNumber.numberWithBool_(1));
console.log('New value: ', retVal)
}
}
});