Frida: Connect to frida-server from another machine over TCP

Created on 1 Oct 2015  ·  8Comments  ·  Source: frida/frida

Kindly clarify how to connect frida clients to a frida-server on another machine over TCP.

After a quick look at the sources it seems to be possible, both server and tcp-host-session have a default connection string of "tcp:host=127.0.0.1,port=27042", but an arbitrary one can be supplied.

How I see the steps now:

  1. Make the frida-server listen on arbitrary address and port (undocumented, derived from source, tested, works):
    ./frida-server tcp:host=ADDRESS,port=PORT
  2. Make the frida client connect to the arbitrary address and port
    ??? Tried a couple of parameters without any luck.

Also, forwarding the remote port 27042 on the target (frida-server) machine to port 27042 on the client machine does not seem to help.

Most helpful comment

Well, not quite “soon”, but this is now finally implemented. :-)

# listen on 127.0.0.1:27042 (the default)
$ frida-server

# listen on all interfaces
$ frida-server -l 0.0.0.0

# listen on a specific interface
$ frida-server -l 192.168.1.3

# listen on a specific interface and port
$ frida-server -l 192.168.1.3:1337

# connect to specific IP
$ frida-trace -H 192.168.1.3 -i "open*"

# connect to specific IP/port
$ frida-trace -H 192.168.1.3:1337 -i "open*"

Available in Frida 6.2.6.

All 8 comments

The official way to accomplish this currently is to set up a local SSH tunnel to from localhost:27042 locally to localhost:27042 remotely, and use the -R switch with the CLI tools, and frida.get_remote_device() from Python, and frida.getRemoteDevice() from Node.js.

There isn't yet an API to specify the host/port to connect to, only frida-server supports specifying what to listen on. I implemented support for the first part of this in the backends, but didn't expose this to the API yet. Basically this is a matter of wiring up in src/frida.vala, which serves as the facade API to shield users from the lower level HostSessionService API (which due to the nature of DBus, which we use p2p over a platform-specific transport, is somewhat clunky to use). If you see a nice way to represent it let me know, I put it on the backburner temporarily while thinking about the best way to expose it. Perhaps DeviceManager.add_remote_device(ip, port) which returns a Device and this device magically appears in the list of devices?

Thank you!
Tried with port forwarding a couple of times, it actually works, so there is a workaround (regardless of the type of device -- x86/Android).

I believe something like "add_remote_device" will surely work, as it is easily accessible from scripts and can also be called from existing frida-* cmdline tools if a new parameter with a remote server connection string is specified.

Cool! I'll look into adding that soon.

Well, not quite “soon”, but this is now finally implemented. :-)

# listen on 127.0.0.1:27042 (the default)
$ frida-server

# listen on all interfaces
$ frida-server -l 0.0.0.0

# listen on a specific interface
$ frida-server -l 192.168.1.3

# listen on a specific interface and port
$ frida-server -l 192.168.1.3:1337

# connect to specific IP
$ frida-trace -H 192.168.1.3 -i "open*"

# connect to specific IP/port
$ frida-trace -H 192.168.1.3:1337 -i "open*"

Available in Frida 6.2.6.

@oleavr Can the client configure the connection specified ip in the python code? like "frida.get_remote_device()" or other methods?

@oleavr Can the client configure the connection specified ip in the python code? like "frida.get_remote_device()" or other methods?

You can set the target IP/port in python yes.

frida.get_device_manager().add_remote_device('host:port')

An example implementation is here.

@leonjza if the connect is lost, how to reconnect. retry add_remote_device?

Was this page helpful?
0 / 5 - 0 ratings