frida_setup's Introduction

Frida Setup

Installer script for Frida and Burp's certificate to help setup bypass SSL Pinning in Android applications. Works with Genymotion Emulator. Also works with Android studio if the emulator is started with the -writable-system flag. Eg:
./emulator -avd Pixel_3a_API_33_x86_64 -writable-system

Read the blog post for a detailed walkthrough -> One-click SSL-Pinning Bypass Setup

Installation steps

Make sure you have a device installed in Genymotion and it's up and running so the script can interact with ADB.
Start and keep Burp running so it can download the certificate.
Run the frida_setup.sh to start the installer.

Workflow

Installs frida and frida-tools using pip. (Export the path to frida in your env if it's not already there)
Fetches the latest released version of Frida server from github.
Downloads certificate from Burp's proxy.
Pushes and installs the required files inside the ADB.
Cleans up the files and a reboot of the android system.

Post-Installation

Run the frida server from /data/local/tmp inside adb shell.
Setup your proxies in Burp and Android's Wifi settings.
Start the ssl-pinning bypass using frida -U -f <package_name> -l frida3.js

Note:

Tested only on Arch Linux. Might have to change the sed command accordingly if you're on MacOS.
Adjust pip to pip3 if needed in the script.
Highly recommend using frida3.js rather than other scripts.

frida_setup's People

Contributors

Stargazers

Watchers

frida_setup's Issues

`frida_setup.sh` crashes genymotion when rebooting adb.

on line 31 when executing adb shell reboot it crashes the genymotion virtual machine.

#!/bin/bash

bold=$(tput bold)
normal=$(tput sgr0)

echo -e "${bold}[INSTALLING FRIDA]${normal}\n"

pip install frida-tools
pip install frida

VER=$(curl -s https://github.com/frida/frida | grep releases/tag | sed -nr 's/.*tag\/(.*)".*/\1/p')

echo -e "\n${bold}[DOWNLOADING FRIDA SERVER]${normal}\n"

wget https://github.com/frida/frida/releases/download/${VER}/frida-server-${VER}-android-x86.xz -O frida-server.xz -q --show-progress
xz -d frida-server.xz
adb root
adb remount
curl -s --proxy http://192.168.56.1:8080 -o cacert.der http://burp/cert
adb push frida-server /data/local/tmp/frida-server
adb push cacert.der /data/local/tmp/cert-der.crt
adb shell chmod +x /data/local/tmp/frida-server

openssl x509 -inform DER -in cacert.der -out cacert.pem
OPCOM=$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0

cp cacert.der $OPCOM
adb push $OPCOM /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/$OPCOM

adb shell reboot

rm $OPCOM cacert.der cacert.pem