{"id":13583015,"url":"https://github.com/noobpk/frida-intercept-encrypted-api","last_synced_at":"2025-05-09T01:22:46.794Z","repository":{"id":37702798,"uuid":"396661693","full_name":"noobpk/frida-intercept-encrypted-api","owner":"noobpk","description":"A tool to help you intercept encrypted APIs in iOS or Android apps","archived":false,"fork":false,"pushed_at":"2023-10-22T14:28:26.000Z","size":41,"stargazers_count":180,"open_issues_count":2,"forks_count":22,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-05-14T19:10:00.274Z","etag":null,"topics":["android","android-application","android-encryption","android-intercept","api","banking","burpsuite","encryption-decryption","frida","frida-ios-intercept","intercept","ios","ios-api-intercept","ios-application","ios-intercept","jailbreak-tweak","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/noobpk.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"github":"noobpk","open_collective":"lethanhphuc","custom":["https://paypal.me/noobpk"]}},"created_at":"2021-08-16T06:53:58.000Z","updated_at":"2024-05-14T16:04:32.000Z","dependencies_parsed_at":"2022-08-08T21:16:11.600Z","dependency_job_id":"400e0d53-701b-426a-a99b-d1918c53d6e3","html_url":"https://github.com/noobpk/frida-intercept-encrypted-api","commit_stats":null,"previous_names":["noobpk/frida-ios-intercept-api"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noobpk%2Ffrida-intercept-encrypted-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noobpk%2Ffrida-intercept-encrypted-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noobpk%2Ffrida-intercept-encrypted-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noobpk%2Ffrida-intercept-encrypted-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/noobpk","download_url":"https://codeload.github.com/noobpk/frida-intercept-encrypted-api/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253172154,"owners_count":21865472,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-application","android-encryption","android-intercept","api","banking","burpsuite","encryption-decryption","frida","frida-ios-intercept","intercept","ios","ios-api-intercept","ios-application","ios-intercept","jailbreak-tweak","reverse-engineering"],"created_at":"2024-08-01T15:03:11.612Z","updated_at":"2025-05-09T01:22:46.770Z","avatar_url":"https://github.com/noobpk.png","language":"JavaScript","funding_links":["https://github.com/sponsors/noobpk","https://opencollective.com/lethanhphuc","https://paypal.me/noobpk"],"categories":["JavaScript"],"sub_categories":[],"readme":"# Frida Intercept Encrypted Api \n\n\u003cimg width=\"512\" alt=\"image\" src=\"https://github.com/noobpk/frida-intercept-encrypted-api/assets/31820707/313889af-1111-49f1-bcfb-76e61b5f8a0c\"\u003e\n\n[![CodeQL](https://github.com/noobpk/frida-ios-intercept-api/actions/workflows/codeql-analysis.yml/badge.svg?branch=main)](https://github.com/noobpk/frida-ios-intercept-api/actions/workflows/codeql-analysis.yml)\n![python](https://img.shields.io/badge/python-3.x-blue)\n![frida](https://img.shields.io/badge/frida-15.x-orange)\n![ios](https://img.shields.io/badge/ios-orange)\n![android](https://img.shields.io/badge/android-green)\n\n\n## 📍What does it help?\nBanking applications, e-wallets, .. are increasingly enhanced security to fight hackers. One of them is to encrypt request/response data when sending and receiving. Some weak encryptions can be decrypted easily, but some strong encryptions like RSA are difficult.\nWhen pentesting a normal mobile application, we just need to set it up so that BurpSuite can intercept the request / response of the APIs that the application uses. But when pentesting a banking or e-wallet application with end-to-end encrypted API, with the usual BurpSuite setup we cannot see the content of the API.\nHooking into functions that send request/response and intercept data before it is encrypted is one way we can view and modify data.\n\n## Architecture\n\n\u003cimg width=\"1440\" alt=\"image\" src=\"https://user-images.githubusercontent.com/31820707/156509245-163d4877-3bcd-423f-adbe-0edc9e1bf43a.png\"\u003e\n\n## For IOS\n\n### Configurage ios_handlers.js\n\n1. Add your Request / Response Class \u0026 Method\n```\n/*Request Class \u0026 Method*/\nvar search_request_class  = [''];\nvar search_request_method = [''];\n\n/*Response Class \u0026 Method*/\nvar search_response_class  = [''];\nvar search_response_method = [''];`\n```\n2. Debug ARGS in Class \u0026 Method\n```\n/*DEBUG REQUEST HERE*/\nconsole.log(colors.green,\"[DEBUG-REQUEST] Dump Arugment in method: \",colors.resetColor);\nprint_arguments(args);\n```\n\n## For Android\n\n### Configurage android_handlers.js\n\n1. Add your Request / Response Class \u0026 Method\n```\n/*Request Class \u0026 Method*/\n    var request_class = Java.use('');\n    var request_method = '';\n\n    /*Response Class \u0026 Method*/\n    var response_class = Java.use('');\n    var response_method = '';\n```\n\n## Usage\n 1. Load `burpsuite_configuration_proxy.json` or Set up Burpsuite Proxy by following the steps below\n     - Listen on 127.0.0.1:26080\n     - Redirect to 127.0.0.1:27080 and Check (Support invisible proxying)\n 1. Run echoServer.py\n 1. Config and optimize `_handlers.js`\n 1. Run burpTracer.py -p com.apple.AppStore / [-n 'App Store']\n\n`Note: Different applications will use different libraries. You need to reverse or trace the application to find the correct function.`\n\n## Technical Presentation\n|Title|Link|\n|-----|----|\n|Frida Intercept Encrypted Api|https://medium.com/p/a5c4ef22a093|\n|Frida Intercept Encrypted API \u0026#124; Technical \u0026#124; How to Intercept Encrypted APIs on The Application \u0026#124; Part 1|https://youtu.be/BIB3ma3Tl34|\n|Frida Intercept Encrypted API \u0026#124; Technical \u0026#124; How to Intercept Encrypted APIs on The Application \u0026#124; Part 2|https://youtu.be/IojcakLNtrA|\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoobpk%2Ffrida-intercept-encrypted-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnoobpk%2Ffrida-intercept-encrypted-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoobpk%2Ffrida-intercept-encrypted-api/lists"}