Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/az0mb13/frida_setup
One-click installer for Frida and Burp certs for SSL Pinning bypass
https://github.com/az0mb13/frida_setup
adb android bug-bounty bugbounty frida hacking-tools pentesting pentesting-tools reconnaissance
Last synced: 4 days ago
JSON representation
One-click installer for Frida and Burp certs for SSL Pinning bypass
- Host: GitHub
- URL: https://github.com/az0mb13/frida_setup
- Owner: az0mb13
- Created: 2020-10-13T17:37:32.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2023-08-28T13:08:20.000Z (about 1 year ago)
- Last Synced: 2024-08-01T19:55:45.225Z (3 months ago)
- Topics: adb, android, bug-bounty, bugbounty, frida, hacking-tools, pentesting, pentesting-tools, reconnaissance
- Language: JavaScript
- Homepage:
- Size: 27.3 KB
- Stars: 75
- Watchers: 2
- Forks: 14
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Frida Setup
Installer script for Frida and Burp's certificate to help setup bypass SSL Pinning in Android applications.
Works with Genymotion Emulator. Also works with Android studio if the emulator is started with the `-writable-system` flag. Eg:
`./emulator -avd Pixel_3a_API_33_x86_64 -writable-system`Read the blog post for a detailed walkthrough -> One-click SSL-Pinning Bypass Setup
## Installation steps* Make sure you have a device installed in Genymotion and it's up and running so the script can interact with ADB.
* Start and keep Burp running so it can download the certificate.
* Run the `frida_setup.sh` to start the installer.## Workflow
* Installs `frida` and `frida-tools` using pip. (Export the path to frida in your env if it's not already there)
* Fetches the latest released version of Frida server from github.
* Downloads certificate from Burp's proxy.
* Pushes and installs the required files inside the ADB.
* Cleans up the files and a reboot of the android system.## Post-Installation
* Run the frida server from `/data/local/tmp` inside `adb shell`.
* Setup your proxies in Burp and Android's Wifi settings.
* Start the ssl-pinning bypass using `frida -U -f -l frida3.js`#### Note:
* Tested only on Arch Linux. Might have to change the `sed` command accordingly if you're on MacOS.
* Adjust `pip` to `pip3` if needed in the script.
* Highly recommend using `frida3.js` rather than other scripts.