/
blindbrowse.py
234 lines (228 loc) · 7.82 KB
/
blindbrowse.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#!/usr/bin/python
from selenium import webdriver
from string import Template
import urllib
import urllib2
import os
import os.path
import sys
import time
import subprocess
global x, y, user, password, ip, driver
print '''
###########################################################################
# #
# Android BlindBrowse #
# MADE BY ATHANASIOS TSERPELIS AKA TRICKSTER0 #
# #
# #
###########################################################################\n
'''
if len(sys.argv)<1 or len(sys.argv)>2:
print "[+] Usage: python blindbrowser\n"
sys.exit()
if os.path.isfile("/usr/bin/adb"):
print "[+] ADB found."
else:
print "[X] ADB not found. Please install ADB! \n"
sys.exit()
if os.path.isfile("/usr/bin/sshpass"):
print "[+] SSHPASS found."
else:
print "[X] SSHPASS not found. Please install SSHPASS! \n"
sys.exit()
def generatehtml():
f = open('index.html','w')
file = """<html>
<title>BlindBrowse</title>
<h1>Welcome to BlindBrowse "LiveStreaming"</h1>
<head>
<script language="JavaScript">
function point_it(event){
pos_x = event.offsetX?(event.offsetX):event.pageX-document.getElementById("pointer_div").offsetLeft;
pos_y = event.offsetY?(event.offsetY):event.pageY-document.getElementById("pointer_div").offsetTop;
document.getElementById("cross").style.left = (pos_x-1) ;
document.getElementById("cross").style.top = (pos_y-15) ;
document.getElementById("cross").style.visibility = "visible" ;
document.pointform.form_x.value = pos_x;
document.pointform.form_y.value = pos_y;
}
</script>
</head>
<body>
<form name="pointform" method="post">
<div id="pointer_div" onclick="point_it(event)" style = "background-image:url('screen.png');width:%spx;height:%spx;">
<img src="point.gif" id="cross" style="position:relative;visibility:hidden;z-index:2;"></div>
x = <input type="label" name="form_x" size="4" /> y = <input type="label" name="form_y" size="4" />
</form>
</body>
</html>
""" % (x,y.rstrip())
f.write(file)
f.close()
def initialize():
global driver
os.system("chmod +x geckodriver")
os.system("python -m SimpleHTTPServer 8080 2>/dev/null &")
print "\n"
driver = webdriver.Firefox(executable_path=r'./geckodriver')
driver.get("http://localhost:8080")
def updatescreen(prefix):
command="screencap -p /data/local/tmp/screen.png"
callcommand=prefix + " " + command
os.system(callcommand)
if prefix=="adb shell":
secondary="adb pull /data/local/tmp/screen.png . 1>/dev/null"
os.system(secondary)
time.sleep(1)
driver.refresh()
else:
secondary="sshpass -p " + password + " scp -r " + user + "@" + ip + ":/data/local/tmp/screen.png ."
os.system(secondary)
driver.refresh()
def CC(prefix):
global x,y
print '''
MENU
up - scroll up
down - scroll down
back - go back
home - goes to homescreen
menu - gets to the menu
customscroll x1 y1 x2 y2 - scrolls up or down with set values
customkey x - it will send a keyevent like unlocking the screen
text string - write text
tap x y - tap to coordinates according to resolution
update - it will refresh the browser if you feel like the connection is slow and the new screen is not the preper one
packages - shows all packages on the device
start Package/.activity - start will open to foreground the named activity of thepackage
search_package package - it will search packages with the given package name
search_activity package - it will search activities from the given package name
exit - exits BlindBrowser
'''
command=raw_input("Command: ")
if command=="exit":
print "Exiting & Socket Closed \nBye!\n"
exitcmd="ps -ef |grep SimpleHTTPServer |awk '{print $2}'"
p=subprocess.Popen(exitcmd, stdout=subprocess.PIPE, stderr=None, shell=True)
output = p.communicate()[0]
pid=output.split("\n")
final="kill -9 " + pid[0]
os.system(final)
driver.quit()
sys.exit()
elif command=="home":
cmdh="'input keyevent 3'"
callh=prefix+ " " + cmdh
os.system(callh)
updatescreen(prefix)
elif command=="menu":
cmdm="'input keyevent 1'"
callm=prefix + " " + cmdm
os.system(callm)
updatescreen(prefix)
elif command=="back":
cmdb="'input keyevent 4'"
callb=prefix + " " + cmdb
os.system(callb)
updatescreen(prefix)
elif "search_package" in command:
pre,pack=command.split(" ")
cmdsp="'pm list packages -f | grep '" + pack
callsp=prefix + " " + cmdsp
p=subprocess.Popen(callsp, stdout=subprocess.PIPE, stderr=None, shell=True)
output = p.communicate()[0]
print output
elif command=="packages":
cmdp="'pm list packages -f'"
callp=prefix + " " + cmdp
p=subprocess.Popen(callp, stdout=subprocess.PIPE, stderr=None, shell=True)
output = p.communicate()[0]
print output
elif "start" in command:
cmdstart,pack=command.split(" ")
cmdst="'am start --activity-single-top '" + pack
callst=prefix + " " + cmdst
os.system(callst)
updatescreen(prefix)
elif "search_activity" in command:
pre,act=command.split(" ")
cmdsa="'dumpsys package | grep '" + act
callsa=prefix+ " " + cmdsa
p=subprocess.Popen(callsa, stdout=subprocess.PIPE, stderr=None, shell=True)
output = p.communicate()[0]
print output
elif command=="up":
y1=int(y)/2
scup=int(y)-int(y1)
hor=int(x)/2
cmdup="'input swipe '" + str(hor) + "' '" + str(scup) + "' '" + str(hor) + "' '" + str(y).rstrip() + "''"
callup=prefix + " " + cmdup
os.system(callup)
updatescreen(prefix)
elif command=="down":
y1=int(y)/2
hor=int(x)/2
cmddown="'input swipe '" + str(hor) + "' '" + str(y1) +"' '" + str(hor) + "' '0''"
calldown=prefix + " " + cmddown
os.system(calldown)
updatescreen(prefix)
elif "text" in command:
pre,string=command.split(" ")
cmdtext="'input text'" + string
calltext=prefix + " " + cmdtext
os.system(calltext)
updatescreen(prefix)
elif "tap" in command:
pre,newx,newy=command.split(" ")
cmdtap="'input tap '" + newx + "' '" + newy + "''"
calltap=prefix + " " + cmdtap
os.system(calltap)
updatescreen(prefix)
elif "customscroll" in command:
pre,newx1,newy1,newx2,newy2=command.split(" ")
cmdcustom="'input swipe '" + newx1 + "' '" + newy1 + "' '" + newx2 + "' '" + newy2 + "''"
callcustom=prefix + " " + cmdcustom
os.sytem(callcustom)
updatescreen(prefix)
elif "customkey" in command:
pre,newkey=command.split(" ")
cmdkey="'input keyevent '" + newkey
callkey=prefix + " " + cmdkey
os.system(callkey)
updatescreen(prefix)
elif command=="update":
updatescreen(prefix)
else:
print "Command does not exist"
initialize()
print "Insert Connection Protocol. Either SSH or ADB\n"
dbornotdb=raw_input("adb or ssh: ")
if dbornotdb=="ssh":
user=raw_input("username of the device: ")
ip=raw_input("IP or hostname of the device: ")
password=raw_input("Password of the device: ")
prefix="sshpass -p " + password + " " + user + "@" + ip
cmdres=prefix + " " + "\"dumpsys display | grep DisplayDeviceInfo | cut -d ',' -f 2\""
p=subprocess.Popen(cmdres, stdout=subprocess.PIPE, stderr=None, shell=True)
output = p.communicate()[0].replace(" ","")
x,y = output.split("x")
print "Resolution Detected: %s" %output
generatehtml()
driver.refresh()
while True:
CC(prefix)
elif dbornotdb=="adb":
cmdres= "adb shell \"dumpsys display | grep DisplayDeviceInfo | cut -d ',' -f 2\""
p=subprocess.Popen(cmdres, stdout=subprocess.PIPE, stderr=None, shell=True)
output = p.communicate()[0].replace(" ","")
x,y = output.split("x")
print "Resolution Detected: %s" %output
generatehtml()
driver.refresh()
prefix="adb shell"
while True:
CC(prefix)
print "Resolution Detected: %s" %output
else:
print "Wrong Protocol.\n"