All Projects → cyrus-and → Fracker

cyrus-and / Fracker

PHP function tracker

Projects that are alternatives of or similar to Fracker

Tslog
📝 tslog - Expressive TypeScript Logger for Node.js.
Stars: ✭ 321 (+37.18%)
Mutual labels:  json, stacktrace
napari-hub
Discover, install, and share napari plugins
Stars: ✭ 44 (-81.2%)
Mutual labels:  tracking, analysis
Hackvault
A container repository for my public web hacks!
Stars: ✭ 1,364 (+482.91%)
Mutual labels:  tracking, pentesting
VIAN
No description or website provided.
Stars: ✭ 18 (-92.31%)
Mutual labels:  tracking, analysis
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+3510.68%)
Mutual labels:  pentesting, analysis
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-59.83%)
Mutual labels:  json, pentesting
Application Insights Workbooks
Templates for Azure Monitor Workbooks
Stars: ✭ 180 (-23.08%)
Mutual labels:  analysis, json
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+1085.9%)
Mutual labels:  pentesting
Tracker
Laravel Stats Tracker
Stars: ✭ 2,638 (+1027.35%)
Mutual labels:  tracking
Scalatra
Tiny Scala high-performance, async web framework, inspired by Sinatra
Stars: ✭ 2,529 (+980.77%)
Mutual labels:  json
Flask Restplus
Fully featured framework for fast, easy and documented API development with Flask
Stars: ✭ 2,585 (+1004.7%)
Mutual labels:  json
Opentracks
OpenTracks is a sport tracking application that completely respects your privacy.
Stars: ✭ 225 (-3.85%)
Mutual labels:  tracking
Core
Elm's core libraries
Stars: ✭ 2,634 (+1025.64%)
Mutual labels:  json
Sync
JSON to Core Data and back. Swift Core Data Sync.
Stars: ✭ 2,538 (+984.62%)
Mutual labels:  json
Storagetapper
StorageTapper is a scalable realtime MySQL change data streaming, logical backup and logical replication service
Stars: ✭ 232 (-0.85%)
Mutual labels:  json
Streamalert
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
Stars: ✭ 2,634 (+1025.64%)
Mutual labels:  analysis
Algeria Cities
The list of all Algerian provinces and cities according to the official division in different formats: csv, xlsx, php, json, etc.
Stars: ✭ 232 (-0.85%)
Mutual labels:  json
Elfparser
Cross Platform ELF analysis
Stars: ✭ 228 (-2.56%)
Mutual labels:  analysis
Zipson
JSON parse and stringify with compression
Stars: ✭ 229 (-2.14%)
Mutual labels:  json
Leakscraper
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Stars: ✭ 227 (-2.99%)
Mutual labels:  pentesting

Fracker Build Status

Fracker is a suite of tools that allows to easily trace and analyze PHP function calls, its goal is to assist the researcher during manual security assessments of PHP applications.

It consists of:

  • a PHP extension that needs to be installed in the environment of the target web application that sends tracing information to the listener;

  • a listener application that is in charge of receiving the tracing information and performing some analysis in order to show some meaningful data to the user.

Screenshot

Demo

  1. Clone or download this repository then move into the root directory.

  2. Spin a new Docker container running Apache with PHP support:

    $ docker run --rm -d -p 80:80 --name hello-fracker php:apache
    
  3. Create some dummy PHP script as index:

    $ docker exec -i hello-fracker tee /var/www/html/index.php <<\EOF
    <?php
        function foo($cmd) {
            system('echo ' . preg_replace('/[^a-z]/i', '', $cmd));
        }
    
        $a = explode(' ', $_GET['x']);
        var_dump($a);
        foreach ($a as $cmd) {
            foo($cmd);
        }
    EOF
    
  4. Test that the PHP file is properly served:

    $ curl 'http://localhost/?x=Hello+Fracker!'
    
  5. Deploy Fracker to the container:

    $ scripts/deploy.sh hello-fracker
    
  6. Install the dependencies locally (this just needs to be performed once):

    $ npm install -C app
    
  7. Start Fracker with:

    $ app/bin/fracker.js
    
  8. Run the above curl command again. (The output should be similar to the above screenshot.)

  9. Run Fracker again with --help and experiment with other options too.

  10. Stop and remove the container:

    $ docker stop hello-fracker
    

Architecture

Every PHP request or command line invocation triggers a TCP connection with the listener. The protocol is merely a stream of newline-terminated JSON objects from the PHP extension to the listener, such objects contain information about the current request, the calls performed and the return values.

This decoupling allows the users to implement their own tools. Raw JSON objects can be inspected by dumping the stream content to standard output, for example:

$ socat tcp-listen:6666,fork,reuseaddr 'exec:jq .,fdout=0'

PHP extension

The PHP extension is forked from Xdebug hence the installation process is fairly the same so is the troubleshooting.

The most convenient way to use Fracker is probably to deploy it to the Docker container where the web server resides using the provided script. Use the manual approach for a more versatile solution.

Deploy script

This script should work out-of-the-box with Debian-like distributions:

$ scripts/deploy.sh <container> [<port> [<host>]]

It configures the PHP module to connect to specified host on the specified port (defaults to the host running Docker and port 6666).

Manual setup

Install the PHP development files and other dependencies. For example, on a Debian-like distribution:

$ apt-get install php7.0-dev libjson-c-dev pkg-config

The following operations need to be performed in the ext directory.

Build the PHP extension with:

$ phpize
$ ./configure
$ make

(To rebuild after nontrivial code changes just rerun make.)

To check that everything is working fine, start the listener application then run PHP like this:

$ php -d "zend_extension=$PWD/.libs/xdebug.so" -r 'var_dump("Hello Fracker!");'

Finally, install the PHP extension in the usual way, briefly:

  1. make install;
  2. place zend_extension=xdebug.so in a INI file parsed by PHP along with any other custom settings if needed.

Clean the source directory with:

$ make distclean
$ phpize --clean

Settings

The default INI settings should work just fine in most cases. The following serves as a template for some common ways to override the default values:

; trace only those requests with XDEBUG_TRACE=FRACKER in GET, POST or cookie
xdebug.auto_trace = 0
xdebug.trace_enable_trigger = 1
xdebug.trace_enable_trigger_value = FRACKER

; do not collect function arguments
xdebug.collect_params = 0

; do not collect return values
xdebug.collect_return = 0

; custom listener application address (instead of 127.0.0.1:6666)
xdebug.trace_fracker_host = 10.10.10.10
xdebug.trace_fracker_port = 1234

Listener application

The provided listener application is a Node.js package. Install the dependencies with:

$ npm install -C app

Optionally install the executable globally by creating a symlink to this folder:

$ npm install -g app

Then just run fracker, or run it locally with app/bin/fracker.js.

Configuration

Command line options in long format can be written in YAML files (camel case) and passed as command line arguments. Multiple files with increasing priority can be specified, but command line options will have the highest priority.

For convenience some configuration files listing some classes of interesting PHP functions are provided along with this repo. Use them like:

$ fracker app/configs/file-* # ...

License

This product includes Xdebug, freely available from https://xdebug.org/. Unless explicitly stated otherwise, for the PHP extension itself, the copyright is retained by the original authors.

The listener application instead is released under a different license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].