Post

Frida Server Setup (No Objection)

Frida Server Setup (No Objection)

Problem

  • I recently moved my pentesting distro around and needed to re-setup my mobile pentesting setup.
  • During this, I found the frida versioning mismatch very hard to deal with.
  • After reaching out to some mobile bug bounty folks, they mentioned there is a way to run mobile dynamic analysis with just Frida, no Objection.
  • Here is how I went about it for anyone else in this struggle bus :)

Requirements Before Moving Forward

  • python is installed (recommend venv setup for debugging purposes)
  • Android Studio/Android Emulator installed with a rootable device (I use a Nexus 5X on x86/64 for nostalgia from my network analytics testing days)
  • Android Emulator is proxying to Burp Suite.

Solution

  • After creating a new vritual env for python, I checked the version of frida-tools that was installed. This way I could match the frida-server download from github. frida-version
  • Then I renamed the file to frida-server and dropped it on the android device in /data/local/tmp directory. adb-push-frida
  • After this, we will need to push the crt file exported from Burp Suite to the device in the same location /data/local/tmp.
  • In a separate terminal tab, launch an adb shell then su to become root. After this navigate to /data/local/tmp and launch the frida-server using ./frida-server. It should appear to be stalled out waiting, but it is actually working. frida-server-launch
  • In a new terminal window find out the bundleIdentifier (usually has a pattern of com.foo.bar). The command for this is frida-ps -U and you can pipe to grep for the name of the app to narrow down the names returned. bundle-identifier-find
  • If this does not work, you can also do adb shell. Once in shell, run pm list packages | grep appName. I had this issue with injuredAndroid since the bundle identifier from frida-ps was InjuredAndroid, but the pm list packages gave the correct bundle identifier of b3nac.injuredandroid.
  • Once this is setup and you have the bundle identifier, go ahead and launch the following command frida -U --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f <bundleIdentifier> to launch against Frida Server and get a specific benefit (for example SSL Pinning bypass). ssl-pinning-bypass
  • More commands you can use for Frida can be found at this Link
This post is licensed under CC BY 4.0 by the author.

Trending Tags