Deluder is a multiplatform tool for intercepting traffic of proxy unaware applications written in Python using Frida library. Deluder works in a similar fashion as EchoMirage and hooks into target process in order to intercept exported functions of encryption/networking libraries.
In PETEP you can simply add Deluder proxy or use Deluder preset, which already has Deluder proxy configured. After that you can run Deluder using the following commands:
deluder run -i petep "C:/Application.exe"
deluder attach -i petep 12501
deluder attach -i petep "Application.exe"
Deluder will use a special protocol in order to intercept the data in PETEP. (By default, port 8008 will be used as PETEP server port for Deluder integration.)
Deluder supports the following libraries:
You can also use Frida Server in order to hook processes on remote machine.
In PETEP, you can simply add Deluder Proxy module and setup host and port, which will be used by Deluder.
Example minimal config for Deluder:
{
"ignoreChildProcesses": false,
"interceptors": [
{
"type": "petep",
"config": {
"petepHost": "127.0.0.1",
"petepPort": 8008,
"autoCloseConnections": true,
"multipleConnections": true
}
}
],
"scripts": [
{
"type": "winsock",
"config": {}
},
{
"type": "openssl",
"config": {}
},
{
"type": "gnutls",
"config": {}
},
{
"type": "libc",
"config": {}
},
{
"type": "schannel",
"config": {}
}
]
}