Skip to content

noobpk/frida-intercept-encrypted-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits

.github

.github

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

android_handlers.js

android_handlers.js

 
 

burpTracer.py

burpTracer.py

 
 

burpsuite_configuration_proxy.json

burpsuite_configuration_proxy.json

 
 

echoServer.py

echoServer.py

 
 

ios_handlers.js

ios_handlers.js

 
 

log.py

log.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Frida Intercept Encrypted Api

image

CodeQL python frida ios android

📍What does it help?

Banking applications, e-wallets, .. are increasingly enhanced security to fight hackers. One of them is to encrypt request/response data when sending and receiving. Some weak encryptions can be decrypted easily, but some strong encryptions like RSA are difficult. When pentesting a normal mobile application, we just need to set it up so that BurpSuite can intercept the request / response of the APIs that the application uses. But when pentesting a banking or e-wallet application with end-to-end encrypted API, with the usual BurpSuite setup we cannot see the content of the API. Hooking into functions that send request/response and intercept data before it is encrypted is one way we can view and modify data.

Architecture

image

For IOS

Configurage ios_handlers.js

  1. Add your Request / Response Class & Method
/*Request Class & Method*/
var search_request_class  = [''];
var search_request_method = [''];

/*Response Class & Method*/
var search_response_class  = [''];
var search_response_method = [''];`
  1. Debug ARGS in Class & Method
/*DEBUG REQUEST HERE*/
console.log(colors.green,"[DEBUG-REQUEST] Dump Arugment in method: ",colors.resetColor);
print_arguments(args);

For Android

Configurage android_handlers.js

  1. Add your Request / Response Class & Method
/*Request Class & Method*/
    var request_class = Java.use('');
    var request_method = '';

    /*Response Class & Method*/
    var response_class = Java.use('');
    var response_method = '';

Usage

  1. Load burpsuite_configuration_proxy.json or Set up Burpsuite Proxy by following the steps below
    • Listen on 127.0.0.1:26080
    • Redirect to 127.0.0.1:27080 and Check (Support invisible proxying)
  2. Run echoServer.py
  3. Config and optimize _handlers.js
  4. Run burpTracer.py -p com.apple.AppStore / [-n 'App Store']

Note: Different applications will use different libraries. You need to reverse or trace the application to find the correct function.

Technical Presentation

Title Link
Frida Intercept Encrypted Api https://medium.com/p/a5c4ef22a093
Frida Intercept Encrypted API | Technical | How to Intercept Encrypted APIs on The Application | Part 1 https://youtu.be/BIB3ma3Tl34
Frida Intercept Encrypted API | Technical | How to Intercept Encrypted APIs on The Application | Part 2 https://youtu.be/IojcakLNtrA

About

A tool to help you intercept encrypted APIs in iOS or Android apps

Topics

android api ios reverse-engineering android-application banking intercept frida burpsuite android-encryption encryption-decryption ios-application jailbreak-tweak frida-ios-intercept ios-intercept ios-api-intercept android-intercept

Resources

Readme

License

MIT license
Activity

Stars

178 stars

Watchers

6 watching

Forks

22 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages