Wednesday, 21 June 2017

Pyrasite: A Tool For Injecting Arbitrary Code Into Running Python Processes

Pyrasite: A Tool for injecting arbitrary code into running Python processes.

Python Compatiblity

Pyrasite works with Python 2.4 and newer. Injection works between versions as well, so you can run Pyrasite under Python 3 and inject into 2, and vice versa.


You can download the latest tarballs, RPMs, and debs from PyPi. Installing the package specific to your distribution is recommended. However, you can also install it using pip if you wish

pip install pyrasite pyrasite-gui

Additional installation notes

If you’re using Fedora 17 or later, you’ll need to disable an SELinux boolean to allow ptrace.

sudo setsebool -P deny_ptrace=off

Mac OS X
If you don’t want to override Apple’s default gdb, install the latest version of gdb with a prefix (e.g. gnu)

$ ./configure --program-prefix=gnu
$ pyrasite <PID> payloads/ --gdb-prefix="gnu"

Arch Linux
You can install pyrasite from the Arch User Repository If you want python debugging symbols, you may have to self compile python2.

Since version 10.10, Ubuntu ships with a controversial patch that restricts the scope of ptrace, which can be disabled by running:

echo 0 > /proc/sys/kernel/yama/ptrace_scope

You can make this change permanent by setting ptrace_scope to 0 in /etc/sysctl.d/10-ptrace.conf.

Usage: pyrasite [-h] [--gdb-prefix GDB_PREFIX] [--verbose] [--output OUTPUT_TYPE] pid [filepath|payloadname]
       pyrasite --list-payloads

pyrasite - inject code into a running python process

Positional arguments:

 pid                   The ID of the process to inject code into
filepath|payloadname  The second argument must be a path to a
                        file that will be sent as a payload to the
                        target process or it must be the name of
                        an existing payload (see --list-payloads).

Optional arguments:

  -h, --help                                     show this help message and exit
  --gdb-prefix GDB_PREFIX     GDB prefix (if specified during installation)
  --verbose                                    Verbose mode
  --output OUTPUT_TYPE  This option controls where the output from
                        the executed payload will be printed. If
                        the value is 'procstreams' (the default) then
                        the output is sent to the stdout/stderr of the
                        process. If the value is 'localterm' then the
                        output is piped back and printed on the local
                        terminal where pyrasite is being run.
  --list-payloads       List payloads that are delivered by pyrasite

pyrasite-gui - A graphical interface for Pyrasite
The pyrasite-gui is a graphical interface for Pyrasite that lets you easily monitor, analyze, introspect, and alter running Python programs.


  • Python debuginfo (needed for live object inspection)
  • PyGObject3 Introspection bindings
  • WebKitGTK3
  • meliae (easy_install/pip may not work for this install. If not, use the tarball from the distribution website. You may need to install Cython in order to get meliae to build)
  • pycallgraph
  • psutil

# Fedora
yum --enablerepo=updates-testing install python-psutil python-debuginfo python-pycallgraph pygobject3 webkitgtk3 python-meliae

# Ubuntu
apt-get install python-dbg python-pycallgraph python-gobject-dev gir1.2-webkit-3.0 python-meliae python-psutil

# Arch
pacman -S python2-psutil python2-gobject python2-pycallgraph libwebkit3 python2-meliae



Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer