Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/az0mb13/frida_setup

One-click installer for Frida and Burp certs for SSL Pinning bypass
https://github.com/az0mb13/frida_setup

adb android bug-bounty bugbounty frida hacking-tools pentesting pentesting-tools reconnaissance

Last synced: 4 days ago
JSON representation

One-click installer for Frida and Burp certs for SSL Pinning bypass

Awesome Lists containing this project

README

        

# Frida Setup

Installer script for Frida and Burp's certificate to help setup bypass SSL Pinning in Android applications.
Works with Genymotion Emulator. Also works with Android studio if the emulator is started with the `-writable-system` flag. Eg:

`./emulator -avd Pixel_3a_API_33_x86_64 -writable-system`

Read the blog post for a detailed walkthrough -> One-click SSL-Pinning Bypass Setup
## Installation steps

* Make sure you have a device installed in Genymotion and it's up and running so the script can interact with ADB.
* Start and keep Burp running so it can download the certificate.
* Run the `frida_setup.sh` to start the installer.

## Workflow

* Installs `frida` and `frida-tools` using pip. (Export the path to frida in your env if it's not already there)
* Fetches the latest released version of Frida server from github.
* Downloads certificate from Burp's proxy.
* Pushes and installs the required files inside the ADB.
* Cleans up the files and a reboot of the android system.

## Post-Installation

* Run the frida server from `/data/local/tmp` inside `adb shell`.
* Setup your proxies in Burp and Android's Wifi settings.
* Start the ssl-pinning bypass using `frida -U -f -l frida3.js`

#### Note:

* Tested only on Arch Linux. Might have to change the `sed` command accordingly if you're on MacOS.
* Adjust `pip` to `pip3` if needed in the script.
* Highly recommend using `frida3.js` rather than other scripts.