firerpa / lamda Goto Github PK

经过测试发现关闭lamda后 其他APP无障碍正常
红米note7pro 安卓10 miui12
红米5plus 安卓8.1 miui11
都是magisk刷入的lamda:3.95

Describe the bug
execute command python3 -u startmitm.py localhost --serial 8B5Y0TT88, returns an error, details are:

status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses; last error: UNKNOWN: Ssl handshake failed"
debug_error_string = "UNKNOWN:Failed to pick subchannel {created_time:"2023-03-15T03:52:53.218732177-07:00", children:[UNKNOWN:failed to connect to all addresses; last error: UNKNOWN: Ssl handshake failed {created_time:"2023-03-15T03:52:53.218730966-07:00", grpc_status:14}]}"

OS
Ubuntu under Vmware with python 3.8 installed.

当我执行 pip3 install -U --force-reinstall 'lamda[frida]' 报错
错误内容如下：
ERROR: Invalid requirement: "'lamda[frida]'"

我在 https://pypi.org/search/?q=lamda%5Bfrida%5D&o= 上搜索 lamda[frida]也没有搜索到

现在，从 release 页面 rev1si0n/lamda/releases 下载对应架构的安装文件。假设你已经从上文得知你的手机/设备架构为 arm64-v8a，那么在此页面点击 arm64-v8a.tar.gz-install.sh 以及 arm64-v8a.tar.gz 两个文件的链接来下载到本地。

releases 页没有文件，另外很好奇如何直接使用 adb 打开 Android ssh 的？

祝好！

sh launch.sh
CRITICAL failed (unsupported sdk)

电脑是window10，启动mitmproxy时报以下错误，请问这是什么原因呢

这样或许会更专业、更好
建议而已

在mitmproxy页面，点击file-save，保存下来的只有一个flows文件，打开有很多乱码，无法导入charles或者fiddler进行进一步的分析

Where I run frida script that use Java, it gives the same issue as this.
Can anyone help me update the version?

Any plan to upgrade Frida-server to latest version?
Since frida-tools use latest version of Frida-server, even if i manually downgrade the frida but jnitrace/frida scripts fails to run on Android 13 devices. Thanks

Describe the bug
Error running /data/local/tmp/arm64-v8a/bin/python3.9: Unable to get realpath of python3.9255

Generate statistics

wget https://raw.githubusercontent.com/rev1si0n/lamda/master/tools/statistics.sh
adb push statistics.sh /data/local/tmp
# su to root (change launch.sh to LAMDA's launch.sh path)
sh /data/local/tmp/statistics.sh /data/local/tmp/arm64-v8a/bin/launch.sh
# then attach report file /sdcard/statistics.txt

rt; 我使用frida -H 192.168.0.114:65000 -f uni.UNIB6233DD
提示:
Failed to spawn: unable to determine ClassLinker field offsets
不知道什么原因- 我的需求是手机开机自动运行frida,然后我在电脑上直接使用就行了-
我使用的手机是pixel5

我用真机测试，浏览器上会报证书错误，打开其他app正常抓到包，这正常吗？

运行环境：
华为真机
android 8.0.0
EMUI 8.0.0
magisk v26.1

magisk模块装的，刷了面具直接装的模块，换了好几个版本的系统都是这样。
删除服务就正常了，不知是何原因？

安装成功后使用discover.py检测不到设备，Android Studio Virtual Device只能通过10.0.0.2访问电脑网络，我不知道怎么通过电脑访问Android Studio Virtual Device设备，感谢万分

from lamda.client import *

d = Device("xxxxxx")
d.beep()

报下面错误什么意思
\lamda\client.py", line 282, in raise_remote_exception
raise self.remote_exception(exception)
lamda.exceptions.ServiceUnavailable: unavaliable

lamda 3.108 + redroid 12.0.0-latest

docker run -itd --rm --privileged --pull always -v /lib/modules:/lib/modules:ro -v ~/redroid:/data -p 5555:5555 redroid/redroid:12.0.0-latest androidboot.redroid_gpu_mode=guest

POST http://localhost:65000/jsonrpc/0
('{"jsonrpc": "2.0", "id": "6f6113181156a2f539b2544cfebd4273", "method": "deviceInfo", "params": {}}', 500, '500 Internal Server Error', 'HTTP Return code is not 200', '500 Internal Server Error')

Client TLS handshake failed. The client does not trust the proxy's certificate for xxx.xxx.xx (OpenSSL Error([('SSL routines', '', 'sslv3 alert certificate unknown')]))

我试着在WSL中运行lamda，lamda启动后，android突然崩溃了。
在Android WSL上用Magisk（x86_64）和lamda x86_64 v3.80进行了测试。

抱歉中文不好，我在用翻译器。

之后跑到bin目录下sh launch.sh也无效，使用的root权限

环境
红米5P 安卓8.1 miui11
红米note7pro 安卓10 miui12
都已开启不锁定屏幕
都是magisk刷入的lamda:3.98

crontab -e

py脚本

重启lamda没有效果 都是看README.md操作的 不知道是哪里的问题

有没有一个完整的配置文件样例？
因为我是magisk用户，为了图方便，我会先配置好文件，放入zip里，再去面具中安装，关于面具版，我遇到了一些不方便的问题：
1.无法指定端口号启动。
如果想要指定端口号启动的话，只能手动结束服务端，去面具包里带参启动，如果可以在properties.local中配置个port=65000就很方便了。
2.配置文件位置问题。
用面具的话，每次更改配置文件都需要把properties.local放入zip中然后重新安装吗？还是只需要按文档那样，放入指定的三个文件夹当中的其中一个就好？
希望可以给面具用户带来一些方便，尤其是在properties.local中配好port后就按着配好的端口号启动，还有就是一份完整的properties.local参考文档，麻烦大佬了

用frida-dexdump, 但本地frida版本和frida-server不一致,尝试把 {abi}.tar.gz里面的frida-server升级到最新, 再用magisk的插件方式安装, frida-server未正常启动, 查了代码,是要求frida的版本在16.0.0以下才可用么. 请教自行升级frida-server的方法

Describe the bug
A clear and concise description of what the bug is.

Generate statistics

wget https://raw.githubusercontent.com/rev1si0n/lamda/master/tools/statistics.sh
adb push statistics.sh /data/local/tmp
# su to root (change launch.sh to LAMDA's launch.sh path)
sh /data/local/tmp/statistics.sh /data/local/tmp/arm64-v8a/bin/launch.sh
# then attach report file /sdcard/statistics.txt

前置条件：lamda已经开启
按照tools的文档，使用命令python3 -u startmitm.py 192.168.1.2:com.some.package开启中间人分析流量，但是打开app，卡住。命令开启的web页面也没有流量日志

大佬 抓包 这个问题Client TLS handshake failed. The client does not trust the proxy's certificate for beacons.gvt2.com (OpenSSL Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown')])) 一般是操作不当吗

启动lamda服务后 不管是真机还是模拟器，触屏点击无法打开任何应用

既然自带python3.9了，为什么不把mitmproxy集成到python里面呢？

直接一个命令启动：d.mitm_proxy_start()

然后将web端口放到65000后面的路径里，如127.0.0.1:65000/mitmproxy/

翻墙的话，就将mitmproxy的socket端口参数配置为翻墙软件(如：V2rayNG)的socket端口或http端口

如：d.mitm_proxy_start(socket=18080)

此时不就是可以翻墙本地抓包了嘛？
我是看到https://blog.palug.cn/2673.html才有的想法，希望大佬可以加上，也省了额外配置翻墙抓包

我的显示器分辨率是3440*1440,手机屏幕被拉的很长很窄,没找到你的布局文件放在哪了,每次用还要手动修改布局,一刷新又得改,UI上能不能加个选项可以手动设置屏幕宽度,或者算一下比例把宽度增加一下

text/description 没有，resourceID重复的情况下如何选择element？

aircv电脑端跑起来没问题，如果android加入opencv库，那图像识别脚本就可以脱离电脑运行了

Describe the bug
我使用magisk刷入的模块，在使用frps端口转发时,在frp面板发现好像没有转发成功，我如何查看到相关frp是否转发成功的日志

Generate statistics

WARNING: linker: ./python3.9: unused DT entry: type 0x6ffffffe arg 0x1e9b0
WARNING: linker: ./python3.9: unused DT entry: type 0x6fffffff arg 0x3
CANNOT LINK EXECUTABLE: cannot locate symbol "forkpty" referenced by "./python3.9"...

adb devices
List of devices attached
127.0.0.1:5555 offline
emulator-5554 device

adb -s emulator-5554 shell getprop ro.product.cpu.abi
x86

adb -s emulator-5554 push x86.tar.gz-install.sh /data/local/tmp
x86.tar.gz-install.sh: 1 file pushed, 0 skipped. 3.1 MB/s (151382906 bytes in 46.851s)

adb -s emulator-5554 shell
root@aosp:/ # su
root@aosp:/ # cd /data/local/tmp
root@aosp:/data/local/tmp # chmod 777 x86.tar.gz-install.sh
root@aosp:/data/local/tmp # sh x86.tar.gz-install.sh
Sun Jun 11 22:25:27 CST 2023 unpacking
Sun Jun 11 22:25:33 CST 2023 remove x86.tar.gz-install.sh
Sun Jun 11 22:25:33 CST 2023 starting server
CANNOT LINK EXECUTABLE: cannot locate symbol "__register_atfork" referenced by "python3.9"...
1|root@aosp:/data/local/tmp #

手机安装vmos加上termux？套娃＋套娃？
这样就不用root了

前置条件：我手机的lamda服务端已经开启了，也能打开web端 65000那个页面

我用pc的python连接，报错：

pip3 freeze完整输出
adbutils==0.16.2
alembic==1.8.0
amqp==5.1.1
aniso8601==9.0.1
apkutils2==1.0.0
asgiref==3.3.4
asn1crypto==1.5.1
attrs==21.4.0
bcrypt==3.2.2
beautifulsoup4==4.9.3
blinker==1.4
Brotli==1.0.9
bs4==0.0.1
cached-property==1.5.2
cachetools==5.2.0
capstone==4.0.2
certifi==2020.12.5
cffi==1.15.0
chardet==4.0.0
charset-normalizer==2.0.12
cigam==0.0.3
cli-helpers==2.2.1
click==7.1.2
colorama==0.4.4
commonmark==0.9.1
configobj==5.0.6
cryptography==3.2.1
debtcollector==2.5.0
decorator==5.1.1
defusedxml==0.7.1
delegator.py==0.1.1
Deprecated==1.2.13
deprecation==2.1.0
diff-match-patch==20181111
Django==3.2.15
django-crispy-forms==1.7.2
django-extensions==3.2.0
django-formtools==2.1
django-import-export==1.1.0
django-js-asset==2.0.0
django-mdeditor==0.1.20
django-mptt==0.13.4
django-shortuuidfield==0.1.3
django-simpleui==2022.7.29
django-utils-six==2.0
dnspython==2.1.0
docutils==0.19
docx2txt==0.8
dogpile.cache==1.1.7
elementpath==2.5.3
et-xmlfile==1.0.1
eventlet==0.33.1
exrex==0.10.5
extras==1.0.0
fasteners==0.17.3
filelock==3.7.0
fire==0.4.0
fixtures==4.0.1
Flask==1.1.4
Flask-RESTful==0.3.9
frida==15.1.9
frida-tools==10.5.4
future==0.15.2
futurist==2.4.1
greenlet==1.1.2
grpc-interceptor==0.14.1
grpcio==1.47.2
grpcio-tools==1.47.2
h11==0.14.0
h2==4.1.0
hexdump==3.3
hpack==4.0.0
httplib2==0.9.2
hyperframe==6.0.1
idna==2.10
importlib-metadata==4.11.3
importlib-resources==5.8.0
iso8601==1.0.2
itsdangerous==1.1.0
jdcal==1.4
Jinja2==2.11.3
jsonschema==4.6.1
kaitaistruct==0.9
keystone==19.0.0
keystoneauth1==4.6.0
keystonemiddleware==9.5.0
kombu==5.2.4
lamda==3.0.35
ldap3==2.8.1
litecli==1.9.0
loguru==0.5.3
logzero==1.7.0
lxml==4.8.0
Mako==1.2.1
Markdown==3.4.1
MarkupPy==1.14
MarkupSafe==2.1.1
mitmproxy==5.3.0
msgpack==1.0.4
netaddr==0.8.0
netifaces==0.11.0
numpy==1.21.6
oauthlib==3.2.0
objection==1.11.0
odfpy==1.3.6
openpyxl==2.5.10
os-service-types==1.7.0
oslo.cache==2.11.0
oslo.concurrency==4.5.1
oslo.config==8.8.0
oslo.context==4.1.0
oslo.db==11.3.0
oslo.i18n==5.1.0
oslo.log==4.8.0
oslo.messaging==12.14.0
oslo.metrics==0.4.0
oslo.middleware==4.5.1
oslo.policy==3.12.1
oslo.serialization==4.3.0
oslo.service==2.8.0
oslo.upgradecheck==1.5.0
oslo.utils==4.13.0
osprofiler==3.4.3
packaging==20.9
pandas==1.3.5
paramiko==2.11.0
passlib==1.7.4
Paste==3.5.1
PasteDeploy==2.1.1
pbr==5.9.0
pexpect==4.8.0
Pillow==5.3.0
prettytable==3.3.0
progress==1.6
prometheus-client==0.14.1
prompt-toolkit==3.0.28
protobuf==3.13.0
psutil==5.9.1
ptyprocess==0.7.0
publicsuffix2==2.20191221
py==1.11.0
pyasn1==0.4.8
pycadf==3.1.1
pycparser==2.21
pydivert==2.1.0
pyelftools==0.28
Pygments==2.11.2
PyJWT==2.4.0
PyNaCl==1.5.0
pyOpenSSL==19.1.0
pyparsing==2.4.7
pyperclip==1.8.2
PyQt5==5.15.7
pyqt5-plugins==5.15.4.2.2
PyQt5-Qt5==5.15.2
PyQt5-sip==12.11.0
PyQt5-stubs==5.15.6.0
pyreadline==2.1
Pyro4==4.82
pyrsistent==0.18.1
pysaml2==7.1.2
PySocks==1.7.1
python-dateutil==2.8.2
python-dotenv==0.20.0
python-keystoneclient==4.5.0
pytz==2018.7
PyYAML==3.13
qt5-applications==5.15.2.2.2
qt5-tools==5.15.2.1.2
repoze.lru==0.7
requests==2.25.1
retry==0.9.2
rfc3986==2.0.0
rich==11.2.0
rick==0.1.2
Routes==2.5.1
rsa==4.9
ruamel.yaml==0.16.13
ruamel.yaml.clib==0.2.7
scapy==2.4.5
scrypt==0.8.20
semver==2.13.0
serpent==1.40
shortuuid==0.5.0
simplepro==5.2.3
six==1.10.0
sortedcontainers==2.2.2
soupsieve==2.2.1
SQLAlchemy==1.4.39
sqlalchemy-migrate==0.13.0
sqlparse==0.4.2
statsd==3.3.0
stevedore==3.5.0
tablib==0.12.1
tabulate==0.8.10
Tempita==0.5.2
tenacity==7.0.0
termcolor==1.1.0
testresources==2.0.1
testscenarios==0.5.0
testtools==2.5.0
tornado==6.2
tqdm==4.59.0
treelib==1.6.1
typing_extensions==4.1.1
uiautomator2==2.16.14
unicodecsv==0.14.1
urllib3==1.26.4
urwid==2.1.2
vine==5.0.0
wcwidth==0.2.5
WebOb==1.8.7
Werkzeug==1.0.1
whichcraft==0.6.1
win-inet-pton==1.1.0
win32-setctime==1.0.3
wrapt==1.14.1
wsproto==0.15.0
xlrd==1.1.0
xlutils==2.0.0
xlwt==1.3.0
xmlschema==1.11.3
xmltodict==0.13.0
yappi
yara==1.7.7
zipp==3.7.0
zstandard==0.14.1

redroid_x86_64:/data/local/tmp # sh x86_64/bin/launch.sh
.____ ________ _____
| | _____ _____ ______ \ / _
| | __ \ / \ | | \ / /\
| |__ / __ _| Y Y \ | | / |
|_______ (____ /||| / /______ /_|_ /
/ / / / /
v3.152#mainline
https://github.com/rev1si0n/lamda
2023-05-05 09:03:37,413 CRITICAL failed (1)

How can i fix this issue ?

作者你好， 我拥有一台工作机部署了Lamda， 其连接WIFI后，通过访问分配的IP:65000即可访问到Lamda控制页面。
但是这儿存在一个问题，由于这个WIFI可能会有其他人员，例如其他同事的接入，导致可能在内网端口扫描进而发现，存在未授权访问的安全隐患。

基于此，目前的方案是在不使用时断开WIFI连接。
但这其实非常的不方便，能否为Lamda web页提供前置认证的功能，或是提供简易的stop按钮，以便增强在不操作时间段的安全性。
致谢。

请问 d(className="xxx")获取多个元素后，如何遍历这些元素操作，比如：

element = d(className="xxx")
print(element.count()) # 输出15
for i in range(element.count()):
    element_i =  element # ???? 这里怎么填？
    element_i.screenshot(quality=60).save(str(i)+".png")

请问，如何根据条件只查找当前元素的直接子节点？当前我们使用的最新的3.155版本，测试发现child方法和sibling都是从当前元素的所有子节点里查找符合条件的元素

Tue Jan 3 05:32:37 2023 install cacert: C:\Users\xp4h/.mitmproxy\mitmproxy-ca-cert.pem
Traceback (most recent call last):
File "C:\Users\xp4h\Desktop\Python\Tisting\frida\lamda\tools\startmitm.py", line 144, in
d.install_ca_certificate(ca)
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\lamda\client.py", line 1655, in install_ca_certificate
return self.stub("Util").install_ca_certificate(certfile)
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\lamda\client.py", line 1020, in install_ca_certificate
r = self.stub.installCACertificate(req)
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 216, in call
response, ignored_call = self._with_call(request,
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 257, in _with_call
return call.result(), call
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_channel.py", line 343, in result
raise self
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 241, in continuation
response, call = self._thunk(new_method).with_call(
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 266, in with_call
return self._with_call(request,
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 257, in _with_call
return call.result(), call
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_channel.py", line 343, in result
raise self
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 241, in continuation
response, call = self._thunk(new_method).with_call(
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 266, in with_call
return self._with_call(request,
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 257, in _with_call
return call.result(), call
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_channel.py", line 343, in result
raise self
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_interceptor.py", line 241, in continuation
response, call = self._thunk(new_method).with_call(
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_channel.py", line 957, in with_call
return _end_unary_response_blocking(state, call, True, None)
File "C:\Users\xp4h\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\grpc_channel.py", line 849, in _end_unary_response_blocking
raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1672713159.729000000","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3261,"referenced_errors":[{"created":"@1672713159.729000000","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":167,"grpc_status":14}]}"

中间人流量分析（MITM）的原理是什么，可以看到https包的数据内容吗？
看readme还是不知道如何配置

情况是可以抓到浏览器的包，但是打开App就SSL加载失败

网络是桥接模式，不知道为什么会出现这个情况