Skip to content
/ frida-intercept-encrypted-api Public

A tool to help you intercept encrypted APIs in iOS or Android apps

License

MIT license
245 stars 35 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

noobpk/frida-intercept-encrypted-api

BranchesTags

Repository files navigation

Frida Intercept Encrypted Api

image

CodeQL python frida ios android

📍What does it help?

Banking applications, e-wallets, .. are increasingly enhanced security to fight hackers. One of them is to encrypt request/response data when sending and receiving. Some weak encryptions can be decrypted easily, but some strong encryptions like RSA are difficult. When pentesting a normal mobile application, we just need to set it up so that BurpSuite can intercept the request / response of the APIs that the application uses. But when pentesting a banking or e-wallet application with end-to-end encrypted API, with the usual BurpSuite setup we cannot see the content of the API. Hooking into functions that send request/response and intercept data before it is encrypted is one way we can view and modify data.

Architecture

image

For IOS

Configurage ios_handlers.js

  1. Add your Request / Response Class & Method
/*Request Class & Method*/
var search_request_class  = [''];
var search_request_method = [''];

/*Response Class & Method*/
var search_response_class  = [''];
var search_response_method = [''];`
  1. Debug ARGS in Class & Method
/*DEBUG REQUEST HERE*/
console.log(colors.green,"[DEBUG-REQUEST] Dump Arugment in method: ",colors.resetColor);
print_arguments(args);

For Android

Configurage android_handlers.js

  1. Add your Request / Response Class & Method
/*Request Class & Method*/
    var request_class = Java.use('');
    var request_method = '';

    /*Response Class & Method*/
    var response_class = Java.use('');
    var response_method = '';

Usage

  1. Load burpsuite_configuration_proxy.json or Set up Burpsuite Proxy by following the steps below
    • Listen on 127.0.0.1:26080
    • Redirect to 127.0.0.1:27080 and Check (Support invisible proxying)
  2. Run echoServer.py
  3. Config and optimize _handlers.js
  4. Run burpTracer.py -p com.apple.AppStore / [-n 'App Store']

Note: Different applications will use different libraries. You need to reverse or trace the application to find the correct function.

Technical Presentation

Title Link
Frida Intercept Encrypted Api https://medium.com/p/a5c4ef22a093
Frida Intercept Encrypted API | Technical | How to Intercept Encrypted APIs on The Application | Part 1 https://youtu.be/BIB3ma3Tl34
Frida Intercept Encrypted API | Technical | How to Intercept Encrypted APIs on The Application | Part 2 https://youtu.be/IojcakLNtrA

About

A tool to help you intercept encrypted APIs in iOS or Android apps

Topics

android api ios reverse-engineering android-application banking intercept frida burpsuite android-encryption encryption-decryption ios-application jailbreak-tweak frida-ios-intercept ios-intercept ios-api-intercept android-intercept

Resources

Readme

License

MIT license
Activity

Stars

245 stars

Watchers

6 watching

Forks

35 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages