Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tracer: Bind UI to a random port #170

Merged
merged 2 commits into from
Oct 19, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 18 additions & 17 deletions frida_tools/tracer.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
import binascii
import codecs
import email.utils
import errno
import gzip
import http
import mimetypes
Expand Down Expand Up @@ -43,7 +42,7 @@ class TracerApplication(ConsoleApplication, UI):
def __init__(self) -> None:
super().__init__(await_ctrl_c)
self._handlers = OrderedDict()
self._ui_port = 1337
self._ui_port = 0
self._ui_zip = ZipFile(Path(__file__).parent / "tracer_ui.zip", "r")
self._ui_socket_handlers: Set[UISocketHandler] = set()
self._ui_worker = None
Expand Down Expand Up @@ -306,21 +305,13 @@ def _run_ui_server(self):

async def _handle_ui_requests(self):
self._asyncio_loop = asyncio.get_running_loop()
while True:
try:
async with websockets.asyncio.server.serve(
self._handle_websocket_connection,
"localhost",
self._ui_port,
process_request=self._handle_asset_request,
):
await asyncio.get_running_loop().create_future()
return
except OSError as e:
if e.errno == errno.EADDRINUSE:
self._ui_port += 1
else:
raise
async with websockets.asyncio.server.serve(
self._handle_websocket_connection,
"localhost",
process_request=self._handle_asset_request,
) as server:
self._ui_port = server.sockets[0].getsockname()[1]
await asyncio.get_running_loop().create_future()

async def _handle_websocket_connection(self, websocket: websockets.asyncio.server.ServerConnection):
if self._tracer is None:
Expand Down Expand Up @@ -349,6 +340,16 @@ def _handle_asset_request(
self, connection: websockets.asyncio.server.ServerConnection, request: websockets.asyncio.server.Request
):
if request.headers.get("Connection") == "Upgrade":
origin = request.headers.get("Origin")
if origin != f"http://localhost:{self._ui_port}":
self._print(
Fore.RED
+ Style.BRIGHT
+ "Warning"
+ Style.RESET_ALL
+ f": Cross-origin request from {origin} denied"
)
return connection.respond(http.HTTPStatus.FORBIDDEN, "Cross-origin request denied\n")
return

raw_path = request.path.split("?", maxsplit=1)[0]
Expand Down
Loading