I want to bypass the SSL pinning of an Android app using the Frida Server method.
I have followed the whole process described in this (https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/) tutorial.
Below are the steps which I have followed/performed:
Installed the Frida library and Frida-tools
Rooted my Android Device
Installed the target app
Downloaded the Frida server for my Device architecture
Sent the Frida Server to its path in Device
Granted the Frida server the necessary permissions
Have started the Frida Server
Got the Frida Script File ready
Now when I try to spawn an app it is raising the process is terminating as shown below:
I am trying this from my Windows Laptop with a Real and rooted Android Device running Android lollipop 5.0.
I have tried it on other apps as well but it causes issues on them as well.
In my opinion, the issue is with the code within my Frida Script file.
If my Frida Script file is empty it is causing no issue but whenever I add the below line in the file it is causing the process to be terminated.
This is the line that is causing the issue.
Java.perform(function (){ });
The app is the device is getting started and immediately the console is showing the process as terminated. I am using frida-server-12.7.22-android-arm.xz as the server. I am pretty sure that the setup is fully right but the only issue is occurring while adding the above code to the Frida Script file.
Also Java.IsAvailable returns false.
Related
I'm really new to android traffic intercepting. I just wanted to intercept a 3rd party app's API requests for some research. I started from official frida docs and reached up to the step unpinning the SSL certificate using this guide.
I managed to successfully setup frida server on android device and it's running fine.
But whenever I try to bypass any app's certificate pinning I'm getting the same error below. I have tried many different apps having certificate pinning and all results the same error.
I'm using the following command for unpinning.
frida -U -l ./frida-script.js -f tech.httptoolkit.pinning_demo
I'm using this script to bypass certificate pinning and getting the following results.
Spawned `com.snapchat.android`. Use %resume to let the main thread start executing!
Error: getPackageInfoNoCheck(): has more than one overload, use .overload(<signature>) to choose from:
.overload('android.content.pm.ApplicationInfo', 'android.content.res.CompatibilityInfo')
.overload('android.content.pm.ApplicationInfo', 'android.content.res.CompatibilityInfo', 'boolean')
at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:569)
at K (frida/node_modules/frida-java-bridge/lib/class-factory.js:564)
at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:932)
at <anonymous> (frida/node_modules/frida-java-bridge/index.js:224)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)
at perform (frida/node_modules/frida-java-bridge/index.js:204)
at <anonymous> (/frida/repl-2.js:520)
at apply (native)
at <anonymous> (frida/runtime/core.js:51)
[Android Emulator 5554::tech.httptoolkit.pinning_demo]->
Using the %resume doesn't do anything and I still get error certificate rejected from the app server it's sending the requests to.
The error is same for even the demo app linked in the frida certificate unpinning guide.
Sorry if the explanation isn't enough and I'll be really thankful if someone is up to help.
Thank you.
Not 100% confirmed, but this appears to be a bug in Frida, either in the latest version of Frida (15.2.2) or Android (13).
See https://github.com/frida/frida/issues/2218 for more info.
Tim is correct, this is a bug, probably on a13 devices. The trick is to run %reload in the frida shell after the error, this will cause the script to run and magically no error
https://github.com/frida/frida/issues/2218#issuecomment-1239983236
Good day,
I am currently developing an android mobile app in my local, with mfp8 server.
I can launch the app in my android phone, and successful fire a call to the mfp server.
I try to edit something on an HTML file in the angular project (mobile app front end). I run some command to deploy the web resource to mfp server:
npm run android
mfpdev app register
mfpdev app webupdate
From the mfp console, I can see that the application and web resources last updated date is matched with the time I run those command.
I am expected after I stop and run the app in my mobile, the app will be able to detect something changes and prompt for update. However, it didn't happen, and my app still nothing changes.
Anyone know what mistake on this? Changes in HTML file should be a correct way to test the direct update right?
Edit **
I just found that in MFP log, there is a line as follow:
[AUDIT ] CWWKS1100A: Authentication did not succeed for user ID ibs_mobile. An invalid user ID or password was specified.
However, I am still able to log in to my app. I am not sure of is this related to my direct update or not.
Use cordova command to prepare the app instead of npm run
Try the following steps
a. cordova prepare android
b. mfpdev app webupdate
i have implemented UIAutomator with my android app. i am able to run
test cases using "connectedAndroidTest" in verification option in
gradle task and find reports on path
"app\build\reports\androidTests\connected"
all are working fine, in this scenario my phone is connected to PC.
My requirement is that i want to make an apk "androidTest.apk" for
instrumentaion(UiAutomator) test and copy it to android phone and install. after
that i can run testcase using this apk and want to find reports also.
in this scenario phone is disconnected from PC
Is it possible?. if possible then how i can achieve it or if not possible
then reason for it.
You need adb to start the Instrumentation. If you are planning to start it from an Activity it will fail.
I built a react-meteor android app, which I signed with Android Studio for a release.
The app is loading with a splash screen and then stuck in den loading screen of my React Komposer ( I guess the subscription does not get ready ).
However running the app via:
meteor run android-device --mobile-server https://fuldacity.de
runs the app successful, as well as running from signed debug apk.
I really do not now where to start to debug this problem. I guess there is a possiblity to get some error logs out of Android Studio? I would be really glad on any inspiration on how to tackle this problem!
Furthermore I have the feeling it is connected to my setup. I have a domain hosted by domainfactory, where I also get my https certificate from. The domain is then redirected to Heroku, where my App is hosted. I furthermore redirect all http:// accesses to https:// via the Meteor package force-ssl.
`
Try like this:
meteor add-platform android
After
meteor install-sdk android
After
meteor run android-device --mobile-server https://fuldacity.de
Long story short the error was on domainfactory where I have choosen the IP instead of the domainname as A configuration for the nameserver.
Domainfactory does not allow a the correct settings for usage of heroku. Now I use the nameservers of Route 53 which could setup the right CNAME settings to heroku.
For the debugging I also learned that you can
meteor run android-device --server https://fuldacity
then go to your chrome browser (on your pc) open the developer tools and there you can find remote devices which gives you all the error outputs from the client side!
This let me to the network error, which only appeared on the mobile devices.
I'm making a todo list app, using meteor and cordova full code is at: github.
I've added an Android app version. Login is via accounts-password.
The server is running via nodejs with an nginx frontend.
The problem:
If I build the server with the android-platform then connect an android device to it the login buttons appear briefly but then the screen refreshes and they're gone and will not return unless the app cache is cleared.
If I build the server without the android-platform then it works fine. This happens with meteor run android (emulated). meteor run android-device and via loading an APK from the play store.
I assume what is happening is building the server with android platform results in a different version of the code being put on the server which then gets pushed to the phone when it connects.
But I have no clue how to debug this.