fracker: PHP function tracker

Fracker

Fracker

Fracker is a suite of tools that allows to easily trace and analyze PHP function calls, its goal is to assist the researcher during manual security assessments of PHP applications.

It consists of:

  • PHP extension that needs to be installed in the environment of the target web application that sends tracing information to the listener;
  • listener application that is in charge of receiving the tracing information and performing some analysis in order to show some meaningful data to the user.

Architecture

Every PHP request or command line invocation triggers a TCP connection with the listener. The protocol is merely a stream of newline-terminated JSON objects from the PHP extension to the listener, such objects contain information about the current request, the calls performed and the return values.

This decoupling allows the users to implement their own tools. Raw JSON objects can be inspected by dumping the stream content to standard output, for example:

$ socat tcp-listen:6666,fork,reuseaddr ‘exec:jq .,fdout=0’

Install && Use

Copyright (c) 2019 Andrea Cardaci <cyrus.and@gmail.com>